Merge pull request 'Promote uat→main: CAR-994 Docker login fix + CAR-1423 REGISTRY_TOKEN fix' (#43 ) from uat into main

Merge uat into main: CAR-994 Docker login fix + CAR-1423 two-stage build + CAR-1270 CI_GITEA_TOKEN fix
Merge remote-tracking branch 'origin/main' into uat-fresh
2026-06-23 00:19:02 +00:00 · 2026-06-23 00:16:40 +00:00 · 2026-06-23 00:14:25 +00:00 · 2026-06-22 23:40:03 +00:00 · 2026-06-22 23:26:26 +00:00 · 2026-06-22 23:25:50 +00:00
3 changed files with 23 additions and 9 deletions
@@ -0,0 +1 @@
+# CI trigger 20260525231507 - post-DinD verification (CAR-1042)
@@ -37,17 +37,17 @@ jobs:
        run: |
          DATE_TAG=$(date -u +%Y.%m.%d)
          EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
-          if [ -z "$EXISTING" ]; then VERSION="$DATE_TAG"
-          elif [ "$EXISTING" = "v${DATE_TAG}" ]; then VERSION="${DATE_TAG}.2"
-          else BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"; fi
+          if [ -z "$EXISTING" ]; then
+            VERSION="$DATE_TAG"
+          elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
+            VERSION="${DATE_TAG}.2"
+          else
+            BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//"); VERSION="${DATE_TAG}.$((BUILD_NUM + 1))";
+          fi
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"

      - name: Log in to Gitea Container Registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.REGISTRY_TOKEN }}
+        run: echo "${{ secrets.REGISTRY_TOKEN }}" | docker login ${{ env.REGISTRY }} -u "${{ github.actor }}" --password-stdin

      - name: Extract metadata
        id: meta
@@ -59,11 +59,21 @@ jobs:
            type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}

-      - name: Build and push Docker image
+      - name: Build Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          load: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+      - name: Push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          push: true
+          provenance: false
+          sbom: false
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

@@ -115,6 +115,9 @@ export const auth = betterAuth({
  trustedOrigins: [
    "http://localhost:3000",
    "http://localhost:5173",
+    "https://cartsnitch.farh.net",
+    "https://cartsnitch.dev.farh.net",
+    "https://cartsnitch.uat.farh.net",
    "https://cartsnitch.com",
    "https://dev.cartsnitch.com",
    "https://uat.cartsnitch.com",
Author	SHA1	Message	Date
Barcode Betty	3a6190a805	Merge pull request 'Promote uat→main: CAR-994 Docker login fix + CAR-1423 REGISTRY_TOKEN fix' (#43 ) from uat into main CI / build-and-push (push) Successful in 11m44s Details CI / deploy-dev (push) Failing after 6s Details CI / deploy-uat (push) Failing after 7s Details Merge uat into main: CAR-994 Docker login fix + CAR-1423 two-stage build + CAR-1270 CI_GITEA_TOKEN fix	2026-06-23 00:19:02 +00:00
Barcode Betty	a2d18c18d8	Merge remote-tracking branch 'origin/main' into uat-fresh CI / build-and-push (push) Successful in 14s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 5s Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details	2026-06-23 00:16:40 +00:00
Barcode Betty	b5151db0ac	fix: resolve ci.yml merge conflict (CAR-994+CAR-1423+CAR-1270) CI / deploy-dev (push) Has been cancelled Details CI / deploy-uat (push) Has been cancelled Details CI / build-and-push (push) Has been cancelled Details CI / deploy-dev (pull_request) Has been cancelled Details CI / deploy-uat (pull_request) Has been cancelled Details CI / build-and-push (pull_request) Has been cancelled Details	2026-06-23 00:14:25 +00:00
Barcode Betty	5cd46571f2	Merge pull request 'ci(CAR-1423): promote two-stage load->push fix to uat' (#42 ) from dev into uat CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 3s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / build-and-push (push) Successful in 9s Details ci(CAR-1423): promote two-stage load->push fix to uat (#42)	2026-06-22 23:40:03 +00:00
Barcode Betty	9c4f9b95a9	Merge pull request 'ci(CAR-1423): two-stage load->push to fix auth manifest push (unknown)' (#41 ) from betty/car-1423-two-stage-build into dev CI / build-and-push (push) Successful in 11s Details CI / deploy-uat (push) Has been skipped Details CI / deploy-dev (push) Failing after 3s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details ci(CAR-1423): two-stage load->push to fix auth manifest push (#41)	2026-06-22 23:26:26 +00:00
Barcode Betty	e22010a907	ci(CAR-1423): two-stage load->push to fix auth manifest push (unknown) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details	2026-06-22 23:25:50 +00:00
Barcode Betty	5cdb4c63b8	Merge pull request 'ci(CAR-1423): disable provenance/sbom attestations on auth build-push' (#40 ) from betty/car-1423-disable-provenance into dev CI / build-and-push (push) Failing after 19s Details CI / deploy-uat (push) Has been skipped Details CI / deploy-dev (push) Successful in 2s Details ci(CAR-1423): disable provenance/sbom attestations on auth build-push (#40)	2026-06-22 22:25:35 +00:00
Barcode Betty	4819d9c7ac	ci(CAR-1423): disable provenance/sbom attestations on auth build-push CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details	2026-06-22 22:24:15 +00:00
Barcode Betty	1233d80c8f	Merge pull request 'ci(CAR-1373): apply dev's deploy-job restoration to uat (dev → uat promotion, 3-way resolved)' (#38 ) from car-1373-uat-merge-resolved into uat CI / build-and-push (push) Failing after 10s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Successful in 2s Details	2026-06-12 02:09:22 +00:00
Barcode Betty	89fb02cdea	ci(CAR-1373): apply dev's deploy-job restoration to uat (resolve 3-way) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details The dev→uat 3-way merge of ci.yml conflicts on: - CalVer logic (dev is the multi-line readable form) - ref: main vs parameterized expression (dev wins, per CAR-1374) - PR body base/head: dev wins (per CAR-1371 + acceptance criteria) - CAR-1216 comment: dev added, uat didn't have it Resolution: take dev's version of ci.yml (the corrected form per CAR-1373). cc @cpfarhood	2026-06-10 22:47:36 +00:00
Barcode Betty	76254d0dbb	Merge pull request 'ci(CAR-1373): re-add deploy-dev/deploy-uat with PR-based base=dev/uat' (#36 ) from betty/car-1373-add-pr-deploy-jobs into dev CI / deploy-uat (push) Has been skipped Details CI / build-and-push (push) Successful in 20s Details CI / deploy-dev (push) Failing after 4s Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details	2026-06-10 22:44:40 +00:00
Barcode Betty	c4536afa5f	ci(CAR-1373): re-add deploy-dev/deploy-uat with PR-based base=dev/uat CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Add deploy-dev and deploy-uat jobs to cartsnitch/auth:dev. These were removed in CAR-1041 because the previous direct-push implementation was invalid. Re-add them in the post-CAR-1371+1374 frontend pattern: - base=dev / base=uat (was base=main in main, direct-push in uat) - parameterized ref matches PR base (CAR-1374 sibling) - head=cartsnitch:${BRANCH} (cross-repo PR head, matches frontend) - never-fail on merge outcome (CAR-1216) - request cs_savannah review per GitOps gate cc @cpfarhood	2026-06-10 22:43:33 +00:00
Savannah Savings	8a49fc57f1	Merge pull request 'fix(ci): use CI_GITEA_TOKEN for cross-repo infra access in deploy jobs (CAR-1270)' (#34 ) from betty/car-1270-ci-gitea-token-uat into uat CI / build-and-push (push) Successful in 9s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 7s Details	2026-06-05 05:12:38 +00:00
Barcode Betty	d5c5d2b6ba	fix(ci): use CI_GITEA_TOKEN for cross-repo infra access in deploy jobs (CAR-1270) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-05 00:53:13 +00:00
Barcode Betty	3198b21683	revert: undo CAR-1270 direct commit (will land via PR instead) CI / build-and-push (push) Failing after 12m22s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 27s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-05 00:52:22 +00:00
Barcode Betty	ca1a732033	fix(ci): use CI_GITEA_TOKEN for cross-repo infra access in deploy jobs (CAR-1270) CI / build-and-push (push) Successful in 7s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 5s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-05 00:51:07 +00:00
Savannah Savings	eb436e2c31	Merge pull request 'ci(auth): migrate deploy-dev/deploy-uat to PR-bump mechanism (CAR-1263)' (#32 ) from cs_betty/car-1263-auth-pr-bump-uat into uat CI / build-and-push (push) Failing after 6s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 25s Details	2026-06-05 00:34:47 +00:00
Barcode Betty	70398efeea	ci(auth): migrate deploy-dev/deploy-uat to PR-bump mechanism (CAR-1263) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Migrates auth .gitea/workflows/ci.yml deploy-dev and deploy-uat jobs from direct 'git push origin main' to cartsnitch/infra to the CAR-1195 PR-bump pattern (open + (attempt) auto-merge an infra PR; never hard-fail on approval gate, per CAR-1216). Brings auth in line with cartsnitch/cartsnitch and stops the red deploy-uat job on every uat push. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-05 00:23:05 +00:00
Savannah Savings	806843b9c7	Merge pull request 'ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237)' (#30 ) from betty/car-1237-fix-uat-ci into uat CI / build-and-push (push) Successful in 15s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Failing after 37s Details ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237) Reviewed and merged by Savannah (CTO). Byte-identical to proven main except the spec-mandated REGISTRY_TOKEN registry-login (CAR-1009 standard). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-04 20:41:13 +00:00
Barcode Betty	91ab376f38	ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details - Change A: replace build-and-push with runner-native Docker (no DinD service container) - Change B: deploy-dev/deploy-uat use secrets.GITEA_TOKEN for infra checkout Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-04 20:33:08 +00:00
Savannah Savings	3496653d33	Merge dev into uat: use direct docker login for Gitea registry (CAR-994) CI / build-and-push (push) Successful in 6s Details	2026-06-04 18:52:32 +00:00
Barcode Betty	02b732e24c	chore(ci): re-trigger auth UAT build after act-runner DinD fix (CAR-973) CI / build-and-push (push) Failing after 15s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-06-04 11:46:31 +00:00
Barcode Betty	b4420b3f87	fix(ci): use direct docker login for Gitea registry (CAR-994) CI / build-and-push (pull_request) Has been cancelled Details CI / build-and-push (push) Successful in 11s Details docker/login-action@v3 exits 1 against git.farh.net. Replace with a direct docker login shell command using secrets.REGISTRY_TOKEN via --password-stdin. cc @cpfarhood	2026-06-02 14:16:15 +00:00
Flea Flicker	1099037db1	fix(ci): use REGISTRY_TOKEN for cross-repo infra checkout CI / build-and-push (push) Failing after 8s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details Replaces CI_GITEA_TOKEN (which lacks cross-repo access) with REGISTRY_TOKEN for checkout of cartsnitch/infra in deploy-uat/deploy-dev jobs. Fixes CAR-1147	2026-06-02 10:07:31 +00:00
Flea Flicker	8c37c764e9	fix(ci): add DinD service to enable image builds (CAR-1042) CI / build-and-push (push) Failing after 15s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-30 08:56:47 +00:00
Savannah Savings	6c71a2a1f8	Merge pull request 'ci(CAR-1041): remove invalid deploy-dev/deploy-uat jobs' (#28 ) from betty/remove-deploy-jobs into dev CI / build-and-push (push) Failing after 19s Details	2026-05-28 19:56:05 +00:00
Flea Flicker	e308b15255	ci(CAR-1041): remove invalid deploy-dev/deploy-uat jobs CI / build-and-push (pull_request) Has been skipped Details Remove deploy-dev and deploy-uat CI jobs. CartSnitch uses Flux GitOps — CI builds images, Flux deploys. These Actions-based deployment jobs were added incorrectly in CAR-987. Co-Authored-By: Barcode Betty <betty@cartsnitch>	2026-05-28 19:47:39 +00:00
Flea Flicker	6f392bbbed	test(ci): trigger CI after DinD fix (CAR-1042) CI / build-and-push (push) Failing after 5s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-25 23:15:07 +00:00
Barcode Betty	4a63bc1da8	fix(ci): apply CAR-985 and CAR-986 fixes to uat CI / build-and-push (push) Failing after 5s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-25 22:53:44 +00:00
Savannah Savings	ca423073f1	Merge pull request 'Promote dev to uat (CAR-1034 - auth *.farh.net trustedOrigins fix)' (#27 ) from dev into uat CI / build-and-push (push) Failing after 7s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-25 21:28:19 +00:00
Savannah Savings	d066c14d4b	Merge pull request 'Add *.farh.net origins to trustedOrigins (CAR-1034)' (#26 ) from betty/car-1034-trustedorigins-fix into dev CI / build-and-push (push) Failing after 8s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details CI / build-and-push (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details	2026-05-25 21:27:53 +00:00
Barcode Betty	23ab939d2f	Add .farh.net origins back to trustedOrigins CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Fixes 403 errors on UAT auth endpoints (cartsnitch.uat.farh.net). The previous change removed .farh.net origins causing Better Auth to reject requests from UAT environment. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-25 09:43:43 +00:00
Savannah Savings	8bf80a9890	fix(ci): use REGISTRY_TOKEN for container registry auth (CAR-973) CI / build-and-push (push) Failing after 7s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details The REGISTRY_TOKEN secret has write:package scope for git.farh.net. This fixes the unauthorized error at docker login. Related: CAR-1023 (REGISTRY_TOKEN setup), CAR-1009 (CI registry token standardization) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-25 00:04:25 +00:00
Savannah Savings	359d108fee	Merge pull request 'ci: use REGISTRY_TOKEN for docker login (CAR-1024)' (#24 ) from car-1023-use-registry-token into dev CI / build-and-push (push) Failing after 6s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-24 20:52:35 +00:00
Barcode Betty	f0291e8827	ci: use REGISTRY_TOKEN instead of GITEA_TOKEN for docker login (CAR-1024) CI / build-and-push (pull_request) Has been skipped Details CI / deploy-dev (pull_request) Has been skipped Details CI / deploy-uat (pull_request) Has been skipped Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-24 20:46:48 +00:00
Savannah Savings	a520a65f1b	fix(ci): use GITEA_TOKEN secret for docker login CI / build-and-push (push) Failing after 4s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details The github.token (automatic workflow token) in Gitea Actions doesn't inherit packages:write permission for container registry. Use the GITEA_TOKEN secret instead with direct docker login. Ref: CAR-973, CAR-1009	2026-05-24 20:38:35 +00:00
Savannah Savings	bb8d7f159c	fix(ci): use direct docker login with github.token for registry auth (CAR-973) CI / build-and-push (push) Failing after 6s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details docker/login-action@v3 fails with Gitea's automatic token. Use direct docker login with github.token instead, which has the necessary write:package scope for the container registry. Related: CAR-1009 (CI registry token standardization)	2026-05-24 20:37:22 +00:00
Barcode Betty	a92f578dcf	chore: re-trigger CI after DNS fix (CAR-968) CI / build-and-push (push) Failing after 5s Details CI / deploy-dev (push) Has been skipped Details CI / deploy-uat (push) Has been skipped Details	2026-05-24 20:34:39 +00:00
				`@@ -0,0 +1 @@`
				`# CI trigger 20260525231507 - post-DinD verification (CAR-1042)`