cartsnitch/app
12
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Promote dev → uat: CI pipeline fix + cumulative dev changes [CAR-987] #10

Merged
Savannah Savings merged 12 commits from dev into uat 2026-05-23 19:36:21 +00:00
Conversation 0 Commits 12 Files Changed 4
+900 -954
Savannah Savings commented 2026-05-21 19:42:50 +00:00
Member
Copy Link
Copy Source

Summary

Promotes accumulated dev changes to uat, including:

  • CAR-987: Fix CI pipeline — consolidated build/push (no DinD socket), switched infra checkout to secrets.GITEA_DEPLOY_KEY
  • E2E test improvements (server startup retry loop)
  • Package updates
  • VerifyEmail page updates

Source PRs: #19 (CAR-987) and prior dev merges

## Summary Promotes accumulated dev changes to uat, including: - **CAR-987**: Fix CI pipeline — consolidated build/push (no DinD socket), switched infra checkout to secrets.GITEA_DEPLOY_KEY - E2E test improvements (server startup retry loop) - Package updates - VerifyEmail page updates Source PRs: #19 (CAR-987) and prior dev merges
Savannah Savings added 9 commits 2026-05-22 10:43:20 +00:00
fix: update better-auth to 1.6.11 to resolve GHSA-wxw3-q3m9-c3jr
CI / audit (pull_request) Failing after 11s
Details
CI / test (pull_request) Successful in 12s
Details
CI / lint (pull_request) Successful in 14s
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / e2e (pull_request) Successful in 42s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 1m15s
Details
a65bb0ef19 
Resolves moderate severity OAuth state mismatch vulnerability in better-auth.
Updated package-lock.json to reflect patched transitive dependencies.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
chore: trigger CI re-run after rebase [CAR-937]
CI / lint (pull_request) Successful in 14s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 1m15s
Details
CI / audit (pull_request) Failing after 11s
Details
CI / test (pull_request) Successful in 12s
Details
CI / e2e (pull_request) Successful in 43s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
f78b9a4cc1
fix: add overrides for remaining audit vulnerabilities [CAR-937]
CI / e2e (pull_request) Successful in 39s
Details
CI / lighthouse (pull_request) Failing after 1m14s
Details
CI / lint (pull_request) Failing after 13s
Details
CI / test (pull_request) Successful in 12s
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / audit (pull_request) Successful in 10s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
aed8d58a94 
- Add @babel/plugin-transform-modules-systemjs >=7.29.4 for GHSA-fv7c-fp4j-7gwp
- Add fast-uri >=3.1.2 for GHSA-q3j6-qgpj-74h6 and GHSA-v39h-62p7-jpjc
- Raise brace-expansion to >=1.1.15 for GHSA-jxxr-4gwj-5jf2

Co-Authored-By: Paperclip <noreply@paperclip.ing>
chore: trigger CI re-run
CI / audit (pull_request) Successful in 11s
Details
CI / test (pull_request) Successful in 14s
Details
CI / lighthouse (pull_request) Failing after 1m14s
Details
CI / lint (pull_request) Failing after 14s
Details
CI / e2e (pull_request) Successful in 39s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
92edcc716d
fix: use queueMicrotask before setState in VerifyEmail effect [CAR-937]
CI / lint (pull_request) Successful in 12s
Details
CI / e2e (pull_request) Successful in 42s
Details
CI / audit (pull_request) Successful in 11s
Details
CI / test (pull_request) Successful in 13s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 1m15s
Details
4d5a5545e6 
Avoids lint error 'Avoid calling setState() directly within an effect'.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: add sleep before wait-on to ensure preview server is ready [CAR-937]
CI / audit (pull_request) Successful in 12s
Details
CI / test (pull_request) Successful in 12s
Details
CI / lint (pull_request) Successful in 14s
Details
CI / e2e (pull_request) Successful in 41s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 1m20s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
a729b7e21a 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: increase timeout for preview server in lighthouse CI [CAR-937]
CI / audit (pull_request) Successful in 10s
Details
CI / test (pull_request) Successful in 13s
Details
CI / lint (pull_request) Successful in 14s
Details
CI / e2e (pull_request) Successful in 43s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 1m53s
Details
75700fbb5e 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: improve preview server startup detection in lighthouse CI [CAR-937]
CI / lint (pull_request) Successful in 13s
Details
CI / test (pull_request) Successful in 14s
Details
CI / audit (pull_request) Successful in 10s
Details
CI / e2e (pull_request) Successful in 39s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 42s
Details
a9a7db63b8 
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Merge pull request 'fix: resolve npm audit vulnerabilities (CAR-937)' (#11) from betty/car-935-fix-setup-node into dev
CI / lint (push) Successful in 1m2s
Details
CI / test (push) Successful in 1m3s
Details
CI / audit (push) Successful in 1m14s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / lighthouse (push) Failing after 50s
Details
CI / deploy-dev (push) Failing after 38s
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 47s
Details
CI / lint (pull_request) Successful in 14s
Details
CI / test (pull_request) Successful in 13s
Details
CI / audit (pull_request) Successful in 11s
Details
CI / e2e (pull_request) Successful in 41s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / build-and-push (push) Failing after 2m4s
Details
CI / e2e (push) Successful in 1m48s
Details
CI / deploy-uat (push) Has been skipped
Details
43e0fae823 
fix: resolve npm audit vulnerabilities (CAR-937)

Fixes npm audit high-severity vulnerabilities.
Savannah Savings added 3 commits 2026-05-23 19:35:16 +00:00
fix: remove DinD/GHCR scan split, use single push step
CI / audit (pull_request) Successful in 35s
Details
CI / lint (pull_request) Successful in 43s
Details
CI / test (pull_request) Successful in 42s
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / e2e (pull_request) Successful in 1m3s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 45s
Details
84571473a3 
CAR-987: Docker socket missing was caused by load:true requiring
a local Docker daemon (DinD sidecar). Using push:true with registry
authentication removes the need for local Docker daemon access.
Also removed anchore scan step which required the loaded image.

For infra repo access: changed secrets.GITEA_TOKEN to
vars.GITEA_DEPLOY_KEY since Gitea Actions auto-token only has
repo-scoped permissions and cannot access cross-repo resources
like cartsnitch/infra (which is private).

Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: change vars.GITEA_DEPLOY_KEY to secrets.GITEA_DEPLOY_KEY per CTO review
CI / e2e (pull_request) Successful in 37s
Details
CI / audit (pull_request) Successful in 10s
Details
CI / test (pull_request) Successful in 15s
Details
CI / lint (pull_request) Successful in 15s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / lighthouse (pull_request) Failing after 45s
Details
ddf2b4fda5
Merge pull request 'fix: remove DinD/GHCR split to fix Docker socket and infra 403 [CAR-987]' (#19) from betty/car-987-fix-ci-docker-socket-and-infra-403 into dev
CI / lint (push) Successful in 13s
Details
CI / audit (push) Successful in 12s
Details
CI / audit (pull_request) Successful in 12s
Details
CI / deploy-uat (pull_request) Has been skipped
Details
CI / test (pull_request) Successful in 11s
Details
CI / e2e (pull_request) Failing after 3s
Details
CI / build-and-push (push) Failing after 8s
Details
CI / lighthouse (push) Failing after 45s
Details
CI / lighthouse (pull_request) Failing after 43s
Details
CI / test (push) Successful in 11s
Details
CI / lint (pull_request) Successful in 12s
Details
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / e2e (push) Successful in 43s
Details
CI / deploy-uat (push) Has been skipped
Details
CI / deploy-dev (push) Failing after 2s
Details
af50b940c1 
fix: remove DinD/GHCR split to fix Docker socket and infra 403 [CAR-987]

Consolidates build+push into single step (no DinD socket needed).
Switches infra checkout to secrets.GITEA_DEPLOY_KEY for cross-repo access.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Savannah Savings changed title from Promote dev → uat: sync .github/workflows deletion [CAR-934] to Promote dev → uat: CI pipeline fix + cumulative dev changes [CAR-987] 2026-05-23 19:36:13 +00:00
Savannah Savings merged commit 048c62ed4d into uat 2026-05-23 19:36:21 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) cs_betty (Barcode Betty) cs_charlie (Checkout Charlie) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) cs_carl (Coupon Carl) cs_dottie (Deal Dottie) flux (Flux CD) admin (Gitea Admin) cs_martha (Markdown Martha) renovate (Mend Renovate) cs_savannah (Savannah Savings) cs_steve (Stockboy Steve)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cartsnitch/app#10
Delete Branch "dev"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?