cartsnitch/app

Promote dev → uat: CI pipeline fix + cumulative dev changes [CAR-987] #10

Merged

Savannah Savings merged 12 commits from dev into uat

2026-05-23 19:36:21 +00:00

Author	SHA1	Message	Date
Savannah Savings	af50b940c1	Merge pull request 'fix: remove DinD/GHCR split to fix Docker socket and infra 403 [CAR-987]' (#19 ) from betty/car-987-fix-ci-docker-socket-and-infra-403 into dev CI / lint (push) Successful in 13s Details CI / audit (push) Successful in 12s Details CI / audit (pull_request) Successful in 12s Details CI / deploy-uat (pull_request) Has been skipped Details CI / test (pull_request) Successful in 11s Details CI / e2e (pull_request) Failing after 3s Details CI / build-and-push (push) Failing after 8s Details CI / lighthouse (push) Failing after 45s Details CI / lighthouse (pull_request) Failing after 43s Details CI / test (push) Successful in 11s Details CI / lint (pull_request) Successful in 12s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / e2e (push) Successful in 43s Details CI / deploy-uat (push) Has been skipped Details CI / deploy-dev (push) Failing after 2s Details fix: remove DinD/GHCR split to fix Docker socket and infra 403 [CAR-987] Consolidates build+push into single step (no DinD socket needed). Switches infra checkout to secrets.GITEA_DEPLOY_KEY for cross-repo access. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 19:35:14 +00:00
Checkout Charlie	ddf2b4fda5	fix: change vars.GITEA_DEPLOY_KEY to secrets.GITEA_DEPLOY_KEY per CTO review CI / e2e (pull_request) Successful in 37s Details CI / audit (pull_request) Successful in 10s Details CI / test (pull_request) Successful in 15s Details CI / lint (pull_request) Successful in 15s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 45s Details	2026-05-23 19:22:21 +00:00
Checkout Charlie	84571473a3	fix: remove DinD/GHCR scan split, use single push step CI / audit (pull_request) Successful in 35s Details CI / lint (pull_request) Successful in 43s Details CI / test (pull_request) Successful in 42s Details CI / deploy-dev (pull_request) Has been skipped Details CI / e2e (pull_request) Successful in 1m3s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 45s Details CAR-987: Docker socket missing was caused by load:true requiring a local Docker daemon (DinD sidecar). Using push:true with registry authentication removes the need for local Docker daemon access. Also removed anchore scan step which required the loaded image. For infra repo access: changed secrets.GITEA_TOKEN to vars.GITEA_DEPLOY_KEY since Gitea Actions auto-token only has repo-scoped permissions and cannot access cross-repo resources like cartsnitch/infra (which is private). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 19:06:16 +00:00
Savannah Savings	43e0fae823	Merge pull request 'fix: resolve npm audit vulnerabilities (CAR-937)' (#11 ) from betty/car-935-fix-setup-node into dev CI / lint (push) Successful in 1m2s Details CI / test (push) Successful in 1m3s Details CI / audit (push) Successful in 1m14s Details CI / deploy-dev (pull_request) Has been skipped Details CI / lighthouse (push) Failing after 50s Details CI / deploy-dev (push) Failing after 38s Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 47s Details CI / lint (pull_request) Successful in 14s Details CI / test (pull_request) Successful in 13s Details CI / audit (pull_request) Successful in 11s Details CI / e2e (pull_request) Successful in 41s Details CI / build-and-push (pull_request) Has been skipped Details CI / build-and-push (push) Failing after 2m4s Details CI / e2e (push) Successful in 1m48s Details CI / deploy-uat (push) Has been skipped Details fix: resolve npm audit vulnerabilities (CAR-937) Fixes npm audit high-severity vulnerabilities.	2026-05-22 10:43:17 +00:00
Savannah Savings	a9a7db63b8	fix: improve preview server startup detection in lighthouse CI [CAR-937] CI / lint (pull_request) Successful in 13s Details CI / test (pull_request) Successful in 14s Details CI / audit (pull_request) Successful in 10s Details CI / e2e (pull_request) Successful in 39s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 42s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:46:37 +00:00
Savannah Savings	75700fbb5e	fix: increase timeout for preview server in lighthouse CI [CAR-937] CI / audit (pull_request) Successful in 10s Details CI / test (pull_request) Successful in 13s Details CI / lint (pull_request) Successful in 14s Details CI / e2e (pull_request) Successful in 43s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m53s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:41:58 +00:00
Savannah Savings	a729b7e21a	fix: add sleep before wait-on to ensure preview server is ready [CAR-937] CI / audit (pull_request) Successful in 12s Details CI / test (pull_request) Successful in 12s Details CI / lint (pull_request) Successful in 14s Details CI / e2e (pull_request) Successful in 41s Details CI / build-and-push (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m20s Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:37:53 +00:00
Savannah Savings	4d5a5545e6	fix: use queueMicrotask before setState in VerifyEmail effect [CAR-937] CI / lint (pull_request) Successful in 12s Details CI / e2e (pull_request) Successful in 42s Details CI / audit (pull_request) Successful in 11s Details CI / test (pull_request) Successful in 13s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m15s Details Avoids lint error 'Avoid calling setState() directly within an effect'. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:34:29 +00:00
Savannah Savings	92edcc716d	chore: trigger CI re-run CI / audit (pull_request) Successful in 11s Details CI / test (pull_request) Successful in 14s Details CI / lighthouse (pull_request) Failing after 1m14s Details CI / lint (pull_request) Failing after 14s Details CI / e2e (pull_request) Successful in 39s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details	2026-05-21 20:31:25 +00:00
Savannah Savings	aed8d58a94	fix: add overrides for remaining audit vulnerabilities [CAR-937] CI / e2e (pull_request) Successful in 39s Details CI / lighthouse (pull_request) Failing after 1m14s Details CI / lint (pull_request) Failing after 13s Details CI / test (pull_request) Successful in 12s Details CI / deploy-uat (pull_request) Has been skipped Details CI / audit (pull_request) Successful in 10s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details - Add @babel/plugin-transform-modules-systemjs >=7.29.4 for GHSA-fv7c-fp4j-7gwp - Add fast-uri >=3.1.2 for GHSA-q3j6-qgpj-74h6 and GHSA-v39h-62p7-jpjc - Raise brace-expansion to >=1.1.15 for GHSA-jxxr-4gwj-5jf2 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:20:27 +00:00
Savannah Savings	f78b9a4cc1	chore: trigger CI re-run after rebase [CAR-937] CI / lint (pull_request) Successful in 14s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m15s Details CI / audit (pull_request) Failing after 11s Details CI / test (pull_request) Successful in 12s Details CI / e2e (pull_request) Successful in 43s Details CI / deploy-dev (pull_request) Has been skipped Details	2026-05-21 20:14:24 +00:00
Savannah Savings	a65bb0ef19	fix: update better-auth to 1.6.11 to resolve GHSA-wxw3-q3m9-c3jr CI / audit (pull_request) Failing after 11s Details CI / test (pull_request) Successful in 12s Details CI / lint (pull_request) Successful in 14s Details CI / deploy-uat (pull_request) Has been skipped Details CI / e2e (pull_request) Successful in 42s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / lighthouse (pull_request) Failing after 1m15s Details Resolves moderate severity OAuth state mismatch vulnerability in better-auth. Updated package-lock.json to reflect patched transitive dependencies. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:06:22 +00:00