Compare commits

..

5 Commits

Author SHA1 Message Date
Coupon Carl a0088acb1a Merge pull request 'Promote to Production: CAR-1215 react-router audit-gate fix' (#282) from uat into main
CI / lint (push) Successful in 11s
CI / audit (push) Successful in 11s
CI / test (push) Successful in 13s
CI / e2e (push) Successful in 42s
CI / build-and-push-receiptwitness (push) Failing after 55s
CI / build-and-push-auth (push) Failing after 21s
CI / lighthouse (push) Failing after 1m14s
CI / build-and-push (push) Successful in 30s
CI / build-and-push-api (push) Successful in 1m19s
CI / deploy-dev (push) Failing after 12s
CI / deploy-uat (push) Failing after 13s
Promote to Production: CAR-1215 react-router audit-gate fix

UAT PASS: Deal Dottie — all 5 regression steps green
Security PASS: Stockboy Steve — lockfile-only, 3 high advisories cleared

ref: CAR-1215, CAR-1217
2026-06-04 01:53:08 +00:00
Savannah Savings eff1098289 Promote to UAT: CAR-1215 react-router audit-gate fix (#280)
CI / audit (push) Successful in 10s
CI / lint (push) Successful in 11s
CI / test (push) Successful in 14s
CI / e2e (push) Successful in 58s
CI / lighthouse (push) Failing after 1m25s
CI / build-and-push-api (push) Successful in 1m26s
CI / build-and-push-auth (push) Successful in 43s
CI / build-and-push-receiptwitness (push) Successful in 1m59s
CI / build-and-push (push) Successful in 1m6s
CI / deploy-dev (push) Has been skipped
CI / deploy-uat (push) Failing after 7s
CI / build-and-push-api (pull_request) Has been skipped
CI / build-and-push-auth (pull_request) Has been skipped
CI / build-and-push (pull_request) Has been skipped
CI / test (pull_request) Successful in 12s
CI / build-and-push-receiptwitness (pull_request) Has been skipped
CI / e2e (pull_request) Successful in 45s
CI / audit (pull_request) Successful in 10s
CI / lint (pull_request) Successful in 14s
CI / deploy-uat (pull_request) Has been skipped
CI / deploy-dev (pull_request) Has been skipped
CI / lighthouse (pull_request) Failing after 1m17s
Promotes CAR-1215 to uat. audit gate green; lighthouse pre-existing red (tracked separately).
2026-06-03 22:14:58 +00:00
Savannah Savings 009aa92777 Merge pull request 'Promote to UAT: deploy-dev/deploy-uat approval-gate success (CAR-1212)' (#277) from dev into uat
CI / lint (push) Successful in 13s
CI / test (push) Successful in 13s
CI / audit (push) Failing after 11s
CI / e2e (push) Successful in 50s
CI / lighthouse (push) Failing after 1m19s
CI / build-and-push-auth (push) Successful in 31s
CI / build-and-push-api (push) Successful in 1m3s
CI / build-and-push-receiptwitness (push) Successful in 2m29s
CI / build-and-push (push) Successful in 1m40s
CI / deploy-dev (push) Has been skipped
CI / deploy-uat (push) Failing after 6s
2026-06-03 21:49:34 +00:00
Savannah Savings b3a452be50 Merge pull request 'promote(dev→uat): CI deploy PR-based image bump (CAR-1195, CAR-1194)' (#275) from dev into uat
CI / lint (push) Successful in 11s
CI / audit (push) Successful in 11s
CI / test (push) Successful in 12s
CI / e2e (push) Successful in 45s
CI / build-and-push-api (push) Successful in 1m7s
CI / build-and-push-auth (push) Successful in 36s
CI / lighthouse (push) Failing after 1m20s
CI / build-and-push (push) Successful in 33s
CI / build-and-push-receiptwitness (push) Successful in 2m10s
CI / deploy-dev (push) Has been skipped
CI / deploy-uat (push) Failing after 7s
2026-06-03 21:13:44 +00:00
Coupon Carl 80786b9f1f fix(ci): use CI_GITEA_TOKEN for cross-repo checkout
CI / audit (push) Failing after 16s
CI / e2e (push) Successful in 52s
CI / lint (push) Successful in 1m14s
CI / test (push) Successful in 1m16s
CI / build-and-push (push) Failing after 14s
CI / build-and-push-api (push) Failing after 17s
CI / build-and-push-auth (push) Failing after 12s
CI / lighthouse (push) Failing after 1m5s
CI / build-and-push-receiptwitness (push) Failing after 3m23s
CI / deploy-dev (push) Has been skipped
CI / deploy-uat (push) Failing after 10s
Update deploy-dev and deploy-uat jobs to use CI_GITEA_TOKEN for
checking out the cartsnitch/infra repository instead of REGISTRY_TOKEN.

CI_GITEA_TOKEN is the org-level Actions secret configured for cross-repo
access, while REGISTRY_TOKEN continues to be used for Docker registry login.

This resolves CAR-986 by enabling CI to commit image tag updates to
the private infra repository.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-25 22:47:40 +00:00
3 changed files with 8 additions and 37 deletions
+2 -2
View File
@@ -1,4 +1,4 @@
FROM node:22-alpine@sha256:8ea2348b068a9544dae7317b4f3aafcdc032df1647bb7d768a05a5cad1a7683f AS builder
FROM node:22-alpine AS builder
RUN apk update && apk upgrade --no-cache
WORKDIR /app
COPY package.json package-lock.json* ./
@@ -7,7 +7,7 @@ COPY tsconfig.json ./
COPY src/ src/
RUN npm run build
FROM node:22-alpine@sha256:8ea2348b068a9544dae7317b4f3aafcdc032df1647bb7d768a05a5cad1a7683f
FROM node:22-alpine
RUN apk update && apk upgrade --no-cache
WORKDIR /app
ENV NODE_ENV=production
+4 -23
View File
@@ -19,18 +19,9 @@ describe('Auth health endpoint', () => {
}
res.writeHead(200, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({ status: 'ok', db: 'reachable' }));
} catch (err) {
// Mirror src/index.ts: log the error and include the message in the
// response body so /health 503s are diagnosable from pod logs.
console.error(
'[auth /health] DB probe failed:',
err instanceof Error ? `${err.name}: ${err.message}` : err,
);
const detail = err instanceof Error ? err.message : 'unknown error';
} catch {
res.writeHead(503, { 'Content-Type': 'application/json' });
res.end(
JSON.stringify({ status: 'error', db: 'unreachable', error: detail }),
);
res.end(JSON.stringify({ status: 'error', db: 'unreachable' }));
}
return;
}
@@ -85,10 +76,7 @@ describe('Auth health endpoint', () => {
close();
equal(status, 503);
const parsed = JSON.parse(body);
equal(parsed.status, 'error');
equal(parsed.db, 'unreachable');
equal(parsed.error, 'connection refused');
equal(body, '{"status":"error","db":"unreachable"}');
});
it('returns 503 with db=unreachable when query times out', async () => {
@@ -107,14 +95,7 @@ describe('Auth health endpoint', () => {
close();
equal(status, 503);
const parsed = JSON.parse(body);
equal(parsed.status, 'error');
equal(parsed.db, 'unreachable');
// The query promise rejects with a synthetic 'timeout' error; the
// Promise.race wrapper also rejects with 'DB timeout'. The body should
// surface whichever error was thrown — accept either to stay robust.
equal(typeof parsed.error, 'string');
equal(parsed.error.length > 0, true);
equal(body, '{"status":"error","db":"unreachable"}');
});
it('returns a terminal response for unknown paths (no hang)', async () => {
+2 -12
View File
@@ -21,19 +21,9 @@ const server = createServer(async (req, res) => {
}
res.writeHead(200, { "Content-Type": "application/json" });
res.end(JSON.stringify({ status: "ok", db: "reachable" }));
} catch (err) {
// Log the actual error so /health 503s are diagnosable from pod logs
// (CAR-1276: UAT auth was crashlooping with no log output beyond the
// initial "listening on port 3001" line because this catch was empty).
console.error(
"[auth /health] DB probe failed:",
err instanceof Error ? `${err.name}: ${err.message}` : err,
);
const detail = err instanceof Error ? err.message : "unknown error";
} catch {
res.writeHead(503, { "Content-Type": "application/json" });
res.end(
JSON.stringify({ status: "error", db: "unreachable", error: detail }),
);
res.end(JSON.stringify({ status: "error", db: "unreachable" }));
}
return;
}