cartsnitch/app
12
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: cartsnitch/app:05427e8859c282550fd09c69d99fdd9de2965f7c
Branches Tags
cartsnitch/app:main cartsnitch/app:dev cartsnitch/app:betty/car-1147-fix-infra-403 cartsnitch/app:uat cartsnitch/app:betty/car-1022-direct-test cartsnitch/app:betty/car-1009-ghcr-gitea-migration cartsnitch/app:barcode-betty/ghcr-to-gitea-registry cartsnitch/app:betty/delete-stale-ci-yml cartsnitch/app:betty/car-987-fix-ci-docker-socket-and-infra-403 cartsnitch/app:barcode-betty/car-964-full cartsnitch/app:barcode-betty/car-964-gitea-registry-v2 cartsnitch/app:betty/car-964-gitea-registry-v2 cartsnitch/app:barcode-betty/gitea-registry cartsnitch/app:disable-lighthouse-ci-v2 cartsnitch/app:disable-lighthouse-ci cartsnitch/app:betty/car-935-fix-setup-node cartsnitch/app:barcode-betty/move-workflows-to-gitea cartsnitch/app:betty/car-869-gitea-actions-app
cartsnitch/app:v2026.04.19
..
compare: cartsnitch/app:dev
Branches Tags
cartsnitch/app:dev cartsnitch/app:betty/car-1147-fix-infra-403 cartsnitch/app:main cartsnitch/app:uat cartsnitch/app:betty/car-1022-direct-test cartsnitch/app:betty/car-1009-ghcr-gitea-migration cartsnitch/app:barcode-betty/ghcr-to-gitea-registry cartsnitch/app:betty/delete-stale-ci-yml cartsnitch/app:betty/car-987-fix-ci-docker-socket-and-infra-403 cartsnitch/app:barcode-betty/car-964-full cartsnitch/app:barcode-betty/car-964-gitea-registry-v2 cartsnitch/app:betty/car-964-gitea-registry-v2 cartsnitch/app:barcode-betty/gitea-registry cartsnitch/app:disable-lighthouse-ci-v2 cartsnitch/app:disable-lighthouse-ci cartsnitch/app:betty/car-935-fix-setup-node cartsnitch/app:barcode-betty/move-workflows-to-gitea cartsnitch/app:betty/car-869-gitea-actions-app
cartsnitch/app:v2026.04.19

9 Commits
05427e8859 .. dev

Author SHA1 Message Date
Savannah Savings 54088a07f2 Merge pull request 'fix(ci): use REGISTRY_TOKEN for cross-repo infra checkout (CAR-1147)' (#28) from betty/car-1147-fix-infra-403 into dev
CI / test (push) Successful in 14s
Details
CI / lint (push) Successful in 14s
Details
CI / audit (push) Successful in 11s
Details
CI / e2e (push) Successful in 48s
Details
CI / build-and-push (push) Failing after 37s
Details
CI / deploy-dev (push) Failing after 51s
Details
CI / deploy-uat (push) Has been skipped
Details
2026-06-10 04:16:12 +00:00
Barcode Betty 428eff26a0 chore: retrigger CI (CAR-1335)
CI / lint (pull_request) Successful in 12s
Details
CI / e2e (pull_request) Successful in 46s
Details
CI / test (pull_request) Successful in 12s
Details
CI / audit (pull_request) Successful in 10s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
Previous run 3303 had a stuck runner — lint job hung on 'Fetching the
repository' for 5+ minutes before being killed. Force a fresh CI run.

Refs CAR-1335.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-09 05:54:13 +00:00
Barcode Betty 1bce947cb7 fix(app): bump vitest to 3.2.6 to clear npm audit gate (CAR-1335)
CI / test (pull_request) Successful in 11s
Details
CI / audit (pull_request) Successful in 11s
Details
CI / e2e (pull_request) Has been cancelled
Details
CI / lint (pull_request) Has been cancelled
Details
CI / deploy-dev (pull_request) Has been cancelled
Details
CI / deploy-uat (pull_request) Has been cancelled
Details
CI / build-and-push (pull_request) Has been cancelled
Details 
The audit job runs `npm audit --audit-level=high` after `npm ci`. Vitest
3.0.0-3.2.4 carries a critical CVE (GHSA-5xrq-8626-4rwp, CVSS 9.8) in the
UI server that allows arbitrary file read and execute. The fix ships in
3.2.6 and is a patch release (no breaking changes), so the existing
vitest API surface (vi.mock, vi.useFakeTimers, vi.setSystemTime) is
unchanged.

The audit failure is unrelated to the REGISTRY_TOKEN fix in this PR
(CAR-1147) but the audit gate runs on every PR and blocks this one. The
vitest bump is the smallest possible fix.

Refs CAR-1335, CAR-1147.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-09 05:29:53 +00:00
Barcode Betty 4035e7d3c0 fix(ci): use REGISTRY_TOKEN for cross-repo infra checkout (CAR-1147)
CI / lint (pull_request) Successful in 22s
Details
CI / e2e (pull_request) Successful in 58s
Details
CI / test (pull_request) Successful in 1m5s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / audit (pull_request) Failing after 1m4s
Details 
The deploy-dev and deploy-uat jobs were using secrets.GITEA_DEPLOY_KEY,
which is a deploy key scoped only to cartsnitch/app and never had its
public counterpart added to cartsnitch/infra. The empty secret resolved
to an empty token, causing actions/checkout to fail with
'Input required and not supplied: token' and the job to surface as a
403 Forbidden on the cross-repo clone.

Switch both jobs to use secrets.REGISTRY_TOKEN, the existing Gitea PAT
already used in this workflow for the container registry login. As a
Gitea PAT it carries the broader scope (write:repository, write:package)
required for both the cross-repo checkout and the subsequent push back
to cartsnitch/infra on main.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-06-02 07:21:21 +00:00
Savannah Savings d442c79f34 {{.PullRequestTitle}}
CI / deploy-dev (push) Failing after 2s
Details
CI / audit (push) Successful in 10s
Details
CI / lint (push) Successful in 25s
Details
CI / test (push) Successful in 23s
Details
CI / e2e (push) Successful in 39s
Details
CI / build-and-push (push) Failing after 6s
Details
CI / deploy-uat (push) Has been skipped
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / test (pull_request) Failing after 3s
Details
CI / audit (pull_request) Successful in 19s
Details
CI / lint (pull_request) Successful in 23s
Details
CI / e2e (pull_request) Successful in 37s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
2026-05-24 18:48:27 +00:00
Barcode Betty 43d3a0d235 ci: remove Docker Hub login, use REGISTRY_TOKEN for Gitea auth
CI / audit (pull_request) Successful in 17s
Details
CI / test (pull_request) Successful in 12s
Details
CI / lint (pull_request) Successful in 13s
Details
CI / e2e (pull_request) Successful in 38s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
Fixes CAR-1009.

- Remove Docker Hub login step (not needed)
- Rename 'Log in to GHCR' → 'Log in to Gitea Container Registry'
- Use REGISTRY_TOKEN instead of GITEA_TOKEN for Gitea auth

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-24 18:40:48 +00:00
Savannah Savings ca84de3e8a Merge pull request 'fix(ci): push Docker images to git.farh.net registry (CAR-964)' (#18) from barcode-betty/car-964-gitea-registry-v2 into dev
CI / audit (push) Successful in 10s
Details
CI / test (push) Successful in 23s
Details
CI / lint (push) Successful in 25s
Details
CI / e2e (push) Successful in 40s
Details
CI / build-and-push (push) Failing after 12s
Details
CI / deploy-uat (push) Has been skipped
Details
CI / deploy-dev (push) Failing after 2s
Details
2026-05-24 18:08:53 +00:00
Savannah Savings e9397e5a2e Merge pull request 'fix: disable lighthouse CI job to unblock PR #11 merge [CAR-938]' (#20) from betty/car-938-disable-lighthouse into dev
CI / test (push) Successful in 42s
Details
CI / lint (pull_request) Successful in 12s
Details
CI / audit (push) Successful in 42s
Details
CI / test (pull_request) Successful in 21s
Details
CI / deploy-dev (push) Failing after 2s
Details
CI / audit (pull_request) Successful in 9s
Details
CI / lint (push) Successful in 1m23s
Details
CI / e2e (push) Successful in 45s
Details
CI / e2e (pull_request) Successful in 44s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / build-and-push (push) Failing after 3m10s
Details
CI / deploy-uat (push) Has been skipped
Details 
Merge PR #20: fix: disable lighthouse CI job [CAR-938]

Remove lighthouse job from .gitea/workflows/ci.yml to unblock dev→uat promotion.
QA approved, CTO reviewed.
 2026-05-23 21:26:37 +00:00
Flea Flicker 0c02962b98 fix(ci): push Docker images to git.farh.net registry (CAR-964)
CI / e2e (pull_request) Failing after 1m40s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / lint (pull_request) Failing after 1m24s
Details
CI / test (pull_request) Failing after 1m42s
Details
CI / audit (pull_request) Failing after 1m38s
Details
CI / lighthouse (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-23 16:07:50 +00:00
3 changed files with 48 additions and 55 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yml
+7 -14
View File
@@ -16,7 +16,7 @@ permissions:
security-events: write
env:
REGISTRY: ghcr.io
REGISTRY: git.farh.net
IMAGE_NAME: cartsnitch/app
jobs:
@@ -99,20 +99,13 @@ jobs:
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
echo "CalVer tag: $VERSION"
- name: Log in to Docker Hub
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Log in to GHCR
- name: Log in to Gitea Container Registry
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Extract metadata
id: meta
@@ -150,7 +143,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: cartsnitch/infra
token: ${{ secrets.GITEA_DEPLOY_KEY }}
token: ${{ secrets.REGISTRY_TOKEN }}
ref: main
path: infra
@@ -173,7 +166,7 @@ jobs:
if: needs.build-and-push.result == 'success'
run: |
cd infra/apps/overlays/dev
kustomize edit set image ghcr.io/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }}
kustomize edit set image git.farh.net/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }}
- name: Commit and push to infra
run: |
@@ -194,7 +187,7 @@ jobs:
uses: actions/checkout@v4
with:
repository: cartsnitch/infra
token: ${{ secrets.GITEA_DEPLOY_KEY }}
token: ${{ secrets.REGISTRY_TOKEN }}
ref: main
path: infra
@@ -217,7 +210,7 @@ jobs:
if: needs.build-and-push.result == 'success'
run: |
cd infra/apps/overlays/uat
kustomize edit set image ghcr.io/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }}
kustomize edit set image git.farh.net/cartsnitch/app:${{ steps.frontend_tag.outputs.tag }}
- name: Commit and push to infra
run: |
package-lock.json
Generated
+40 -40
View File
@@ -40,7 +40,7 @@
"typescript-eslint": "^8.56.1",
"vite": "^6.4.2",
"vite-plugin-pwa": "^0.21.2",
"vitest": "^3.2.4"
"vitest": "^3.2.6"
}
},
"node_modules/@adobe/css-tools": {
@@ -4234,15 +4234,15 @@
}
},
"node_modules/@vitest/expect": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-3.2.4.tgz",
"integrity": "sha512-Io0yyORnB6sikFlt8QW5K7slY4OjqNX9jmJQ02QDda8lyM6B5oNgVWoSoKPac8/kgnCUzuHQKrSLtu/uOqqrig==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-3.2.6.tgz",
"integrity": "sha512-1+7q9BtaKzEmO+fmNT3kYvoNn5Y71XWAx2Q5HRim4tTVRQVRv4uJFAQ5FbK0OPUeNP/WmVCpxYxoJdvuHVjzBQ==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"@types/chai": "^5.2.2",
"@vitest/spy": "3.2.4",
"@vitest/utils": "3.2.4",
"@vitest/spy": "3.2.6",
"@vitest/utils": "3.2.6",
"chai": "^5.2.0",
"tinyrainbow": "^2.0.0"
},
@@ -4251,13 +4251,13 @@
}
},
"node_modules/@vitest/mocker": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.4.tgz",
"integrity": "sha512-46ryTE9RZO/rfDd7pEqFl7etuyzekzEhUbTW3BvmeO/BcCMEgq59BKhek3dXDWgAj4oMK6OZi+vRr1wPW6qjEQ==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/mocker/-/mocker-3.2.6.tgz",
"integrity": "sha512-EZOrpDbkKotFAP7wPAQV1UIyoGOk4oX7ynWhBhLB7v+meMHbQhU16oPpIYGTTe4oFlhpryGpgpcZP/sin3hYuw==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"@vitest/spy": "3.2.4",
"@vitest/spy": "3.2.6",
"estree-walker": "^3.0.3",
"magic-string": "^0.30.17"
},
@@ -4278,9 +4278,9 @@
}
},
"node_modules/@vitest/pretty-format": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.4.tgz",
"integrity": "sha512-IVNZik8IVRJRTr9fxlitMKeJeXFFFN0JaB9PHPGQ8NKQbGpfjlTx9zO4RefN8gp7eqjNy8nyK3NZmBzOPeIxtA==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/pretty-format/-/pretty-format-3.2.6.tgz",
"integrity": "sha512-lb7XXXzmm2h2ASzFnRvQpDo6onT1NmMJA3tkGTWiBFtRJ9lxGY3d3mm/Apt36gej2bkkOVLL/yTOtufDaFa/jA==",
"devOptional": true,
"license": "MIT",
"dependencies": {
@@ -4291,13 +4291,13 @@
}
},
"node_modules/@vitest/runner": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-3.2.4.tgz",
"integrity": "sha512-oukfKT9Mk41LreEW09vt45f8wx7DordoWUZMYdY/cyAk7w5TWkTRCNZYF7sX7n2wB7jyGAl74OxgwhPgKaqDMQ==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/runner/-/runner-3.2.6.tgz",
"integrity": "sha512-HYcoSj1w5tcgUnzoF0HcyaAQjpA1gj9ftUJ7iSJSuipc02jW9gKkigwZbjFldAfYHA1fa8UZVRftdMY5msWM9Q==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"@vitest/utils": "3.2.4",
"@vitest/utils": "3.2.6",
"pathe": "^2.0.3",
"strip-literal": "^3.0.0"
},
@@ -4306,13 +4306,13 @@
}
},
"node_modules/@vitest/snapshot": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-3.2.4.tgz",
"integrity": "sha512-dEYtS7qQP2CjU27QBC5oUOxLE/v5eLkGqPE0ZKEIDGMs4vKWe7IjgLOeauHsR0D5YuuycGRO5oSRXnwnmA78fQ==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/snapshot/-/snapshot-3.2.6.tgz",
"integrity": "sha512-H+ZjNTWGpObenh0YnlBctAPnJSI20P81PL8BPzWpx54YXLLTm8hEsWawtcYLMrwvpK48hGxLLbCS+1KRXhsKhw==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"@vitest/pretty-format": "3.2.4",
"@vitest/pretty-format": "3.2.6",
"magic-string": "^0.30.17",
"pathe": "^2.0.3"
},
@@ -4321,9 +4321,9 @@
}
},
"node_modules/@vitest/spy": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-3.2.4.tgz",
"integrity": "sha512-vAfasCOe6AIK70iP5UD11Ac4siNUNJ9i/9PZ3NKx07sG6sUxeag1LWdNrMWeKKYBLlzuK+Gn65Yd5nyL6ds+nw==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/spy/-/spy-3.2.6.tgz",
"integrity": "sha512-oq6BbH68WzcWmwtBrU9nqLeaXTR4XwJF7FSLkKEZo4i6eoXcrxjcwSuTvWBIRUTC6VC72nXYunzqgZA+IKdtxg==",
"devOptional": true,
"license": "MIT",
"dependencies": {
@@ -4334,13 +4334,13 @@
}
},
"node_modules/@vitest/utils": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-3.2.4.tgz",
"integrity": "sha512-fB2V0JFrQSMsCo9HiSq3Ezpdv4iYaXRG1Sx8edX3MwxfyNn83mKiGzOcH+Fkxt4MHxr3y42fQi1oeAInqgX2QA==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/@vitest/utils/-/utils-3.2.6.tgz",
"integrity": "sha512-lI23nIs4bnT3T8NIoh+vFaz5s2/DdP0Jgt2jxwgWljvwn82cLJtyi/If+fjFyoLMGIOz0U/fKvWE0d4jsNQEfg==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"@vitest/pretty-format": "3.2.4",
"@vitest/pretty-format": "3.2.6",
"loupe": "^3.1.4",
"tinyrainbow": "^2.0.0"
},
@@ -10054,20 +10054,20 @@
}
},
"node_modules/vitest": {
"version": "3.2.4",
"resolved": "https://registry.npmjs.org/vitest/-/vitest-3.2.4.tgz",
"integrity": "sha512-LUCP5ev3GURDysTWiP47wRRUpLKMOfPh+yKTx3kVIEiu5KOMeqzpnYNsKyOoVrULivR8tLcks4+lga33Whn90A==",
"version": "3.2.6",
"resolved": "https://registry.npmjs.org/vitest/-/vitest-3.2.6.tgz",
"integrity": "sha512-xejya+bT/j/+R/AGa1XOfRxLmNUlLtlwjRsFUILF+xHfzElmGcmFydy2gqqIrd62ptIEfwVMofd19uNWD9L7Nw==",
"devOptional": true,
"license": "MIT",
"dependencies": {
"@types/chai": "^5.2.2",
"@vitest/expect": "3.2.4",
"@vitest/mocker": "3.2.4",
"@vitest/pretty-format": "^3.2.4",
"@vitest/runner": "3.2.4",
"@vitest/snapshot": "3.2.4",
"@vitest/spy": "3.2.4",
"@vitest/utils": "3.2.4",
"@vitest/expect": "3.2.6",
"@vitest/mocker": "3.2.6",
"@vitest/pretty-format": "^3.2.6",
"@vitest/runner": "3.2.6",
"@vitest/snapshot": "3.2.6",
"@vitest/spy": "3.2.6",
"@vitest/utils": "3.2.6",
"chai": "^5.2.0",
"debug": "^4.4.1",
"expect-type": "^1.2.1",
@@ -10097,8 +10097,8 @@
"@edge-runtime/vm": "*",
"@types/debug": "^4.1.12",
"@types/node": "^18.0.0 || ^20.0.0 || >=22.0.0",
"@vitest/browser": "3.2.4",
"@vitest/ui": "3.2.4",
"@vitest/browser": "3.2.6",
"@vitest/ui": "3.2.6",
"happy-dom": "*",
"jsdom": "*"
},
package.json
+1 -1
View File
@@ -45,7 +45,7 @@
"typescript-eslint": "^8.56.1",
"vite": "^6.4.2",
"vite-plugin-pwa": "^0.21.2",
"vitest": "^3.2.4"
"vitest": "^3.2.6"
},
"overrides": {
"@babel/plugin-transform-modules-systemjs": ">=7.29.4",