Merge pull request #235 from cartsnitch/betty/car-749-remove-auth-ci

fix(ci): remove auth image build from monorepo CI
fix(ci): remove auth image build — now handled by cartsnitch/auth repo
2026-04-20 18:01:07 +00:00 · 2026-04-20 16:07:43 +00:00 · 2026-04-19 16:45:39 +00:00 · 2026-04-19 16:15:31 +00:00 · 2026-04-19 16:15:10 +00:00 · 2026-04-19 02:40:14 +00:00
1 changed files with 4 additions and 128 deletions
@@ -18,7 +18,6 @@ permissions:
 env:
  REGISTRY: ghcr.io
  IMAGE_NAME: cartsnitch/cartsnitch
-  AUTH_IMAGE_NAME: cartsnitch/auth
  RECEIPTWITNESS_IMAGE_NAME: cartsnitch/receiptwitness
  API_IMAGE_NAME: cartsnitch/api

@@ -198,99 +197,6 @@ jobs:
          git tag "v${{ steps.calver.outputs.version }}"
          git push origin "v${{ steps.calver.outputs.version }}"

-  build-and-push-auth:
-    runs-on: runners-cartsnitch
-    if: github.event_name == 'push'
-    needs: [lint, test, e2e]
-    outputs:
-      calver_tag: ${{ steps.calver.outputs.version }}
-      sha_tag: sha-${{ github.sha }}
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Generate CalVer tag
-        id: calver
-        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        run: |
-          DATE_TAG=$(date -u +%Y.%m.%d)
-          EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
-          if [ -z "$EXISTING" ]; then
-            VERSION="$DATE_TAG"
-          elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
-            VERSION="${DATE_TAG}.2"
-          else
-            BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//")
-            VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"
-          fi
-          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
-
-      - name: Log in to Docker Hub
-        if: github.event_name == 'push'
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Log in to GHCR
-        if: github.event_name == 'push'
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Extract metadata (auth)
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: ${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}
-          tags: |
-            type=sha,prefix=sha-,format=long
-            type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
-            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
-
-      - name: Build Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: ./auth
-          file: ./auth/Dockerfile
-          load: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan auth image for vulnerabilities
-        uses: anchore/scan-action@v5
-        id: scan
-        env:
-          GRYPE_CONFIG: .grype.yaml
-        with:
-          image: "${{ env.REGISTRY }}/${{ env.AUTH_IMAGE_NAME }}:sha-${{ github.sha }}"
-          fail-build: true
-          severity-cutoff: high
-          only-fixed: "true"
-          output-format: sarif
-
-      - name: Upload auth scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
-
-      - name: Push Docker image
-        if: github.event_name == 'push'
-        uses: docker/build-push-action@v6
-        with:
-          context: ./auth
-          file: ./auth/Dockerfile
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-
  build-and-push-receiptwitness:
    runs-on: runners-cartsnitch
    if: github.event_name == 'push'
@@ -477,7 +383,7 @@ jobs:

  deploy-dev:
    runs-on: runners-cartsnitch
-    needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
+    needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
    if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
    steps:
      - name: Generate GitHub App token
@@ -518,21 +424,6 @@ jobs:
          cd infra/apps/overlays/dev
          kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}

-      - name: Determine image tag for auth
-        id: auth_tag
-        run: |
-          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
-            echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
-          else
-            echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Update auth image tag
-        if: needs.build-and-push-auth.result == 'success'
-        run: |
-          cd infra/apps/overlays/dev
-          kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
-
      - name: Determine image tag for receiptwitness
        id: receiptwitness_tag
        run: |
@@ -570,13 +461,13 @@ jobs:
          git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
          git add apps/overlays/dev/kustomization.yaml
          git diff --cached --quiet && echo "No image changes to deploy" && exit 0
-          git commit -m "ci(dev): update cartsnitch, auth, receiptwitness, and api images"
+          git commit -m "ci(dev): update cartsnitch, receiptwitness, and api images"
          git pull --rebase origin main
          git push origin main

  deploy-uat:
    runs-on: runners-cartsnitch
-    needs: [build-and-push, build-and-push-auth, build-and-push-receiptwitness, build-and-push-api]
+    needs: [build-and-push, build-and-push-receiptwitness, build-and-push-api]
    if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
    steps:
      - name: Generate GitHub App token
@@ -617,21 +508,6 @@ jobs:
          cd infra/apps/overlays/uat
          kustomize edit set image ghcr.io/cartsnitch/cartsnitch:${{ steps.frontend_tag.outputs.tag }}

-      - name: Determine image tag for auth
-        id: auth_tag
-        run: |
-          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
-            echo "tag=${{ needs.build-and-push-auth.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
-          else
-            echo "tag=${{ needs.build-and-push-auth.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Update auth image tag
-        if: needs.build-and-push-auth.result == 'success'
-        run: |
-          cd infra/apps/overlays/uat
-          kustomize edit set image ghcr.io/cartsnitch/auth:${{ steps.auth_tag.outputs.tag }}
-
      - name: Determine image tag for receiptwitness
        id: receiptwitness_tag
        run: |
@@ -669,6 +545,6 @@ jobs:
          git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
          git add apps/overlays/uat/kustomization.yaml
          git diff --cached --quiet && echo "No image changes to deploy" && exit 0
-          git commit -m "ci(uat): update cartsnitch, auth, receiptwitness, and api images"
+          git commit -m "ci(uat): update cartsnitch, receiptwitness, and api images"
          git pull --rebase origin main
          git push origin main
Author	SHA1	Message	Date
savannah-savings-cto[bot]	f96daceb0f	Merge pull request #235 from cartsnitch/betty/car-749-remove-auth-ci fix(ci): remove auth image build from monorepo CI	2026-04-20 18:01:07 +00:00
Test User	0c5cce2adc	fix(ci): remove auth image build — now handled by cartsnitch/auth repo Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-20 16:07:43 +00:00
savannah-savings-cto[bot]	e3a0d94236	release: sign-in redirect fix (CAR-741/CAR-743) release: sign-in redirect fix (CAR-741/CAR-743)	2026-04-19 16:45:39 +00:00
savannah-savings-cto[bot]	3f03d46ff5	promote: dev → uat (sign-in redirect fix, CAR-741) promote: dev → uat (sign-in redirect fix, CAR-741)	2026-04-19 16:15:31 +00:00
savannah-savings-cto[bot]	c0c4acb73f	fix: resolve sign-in redirect race condition in Login.tsx (CAR-741) fix: resolve sign-in redirect race condition in Login.tsx (CAR-741)	2026-04-19 16:15:10 +00:00
cartsnitch-ceo[bot]	63752fe5cb	release: fix HIGH-severity CVEs in receiptwitness image (UAT+Security PASS) release: fix HIGH-severity CVEs in receiptwitness image (UAT+Security PASS)	2026-04-19 02:40:14 +00:00
cartsnitch-cto[bot]	9ab585f336	Merge pull request #228 from cartsnitch/dev chore: promote dev to UAT — receiptwitness CVE fixes	2026-04-19 02:19:20 +00:00
cartsnitch-ceo[bot]	a66583b883	release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS) release: bcrypt cost factor 10→12, Grype CVE ignores, Dockerfile cache-bust (UAT+Security PASS)	2026-04-19 00:24:10 +00:00
cartsnitch-cto[bot]	4a7d5131fc	Merge pull request #225 from cartsnitch/dev Promote dev to UAT: bcrypt cost factor fix	2026-04-19 00:04:07 +00:00
cartsnitch-ceo[bot]	af713f422b	chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust) chore: promote UAT to production (CAR-690, Grype CVE ignores + cache-bust)	2026-04-18 23:59:42 +00:00
cartsnitch-cto[bot]	55ab0b7ceb	Merge pull request #223 from cartsnitch/dev chore: promote dev to UAT (Grype ignores + cache-bust)	2026-04-18 03:55:23 +00:00
cartsnitch-ceo[bot]	f023480100	chore: promote UAT to production (CAR-662, audit logging middleware) chore: promote UAT to production (CAR-662, audit logging middleware)	2026-04-15 04:29:39 +00:00
cartsnitch-ceo[bot]	9acaf5e83a	Merge branch 'main' into uat	2026-04-15 04:17:24 +00:00
cartsnitch-cto[bot]	4e10c75fd0	Merge pull request #217 from cartsnitch/dev Promote to UAT: ESLint lint fix (PR #216)	2026-04-15 04:04:25 +00:00
cartsnitch-cto[bot]	88ac74e94c	Merge pull request #213 from cartsnitch/dev Promote to UAT: vite, mock-auth, Redis rate-limit, Redis cache, email verification	2026-04-15 03:33:42 +00:00
cartsnitch-cto[bot]	53ffef0ed1	Merge pull request #212 from cartsnitch/dev Promote to UAT: input validation + audit logging (PR #171, #183)	2026-04-15 03:30:04 +00:00
cartsnitch-cto[bot]	cfad4eab37	Merge pull request #211 from cartsnitch/dev Promote to UAT: bcrypt upgrade + Grype only-fixed filter (CAR-622)	2026-04-15 03:22:50 +00:00
cartsnitch-ceo[bot]	d8e7a416d2	chore: promote UAT to production (CAR-630) Promotes UAT to main including PR #209 (N+1 UPC query fix with SQL containment). UAT regression: passed (Deal Dottie) Security review: passed (Stockboy Steve) CI required checks: all green Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 02:16:12 +00:00
cartsnitch-cto[bot]	f051e4b4af	chore: promote dev to UAT chore: promote dev to UAT	2026-04-15 02:00:15 +00:00
cartsnitch-ceo[bot]	c715c0e47a	chore: promote uat to production (Grype image vulnerability scanning) Merges Grype-based container image vulnerability scanning and Docker CVE remediation to production. - CI workflow: build→scan→push pattern with only-fixed flag for all 4 Docker images - Dockerfile hardening: apt-get/apk upgrade in all build and prod stages - UAT: PASS (Deal Dottie), Security: PASS (Stockboy Steve) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-04-15 01:14:35 +00:00
cartsnitch-cto[bot]	c968088a3f	Merge pull request #208 from cartsnitch/dev promote: dev → uat (Grype only-fixed flag)	2026-04-15 00:46:24 +00:00
cartsnitch-cto[bot]	2b32bfdfe1	chore: promote dev to UAT (CAR-616 Docker CVE remediation) (#205 ) chore: promote dev to UAT (CAR-616 Docker CVE remediation)	2026-04-14 23:57:52 +00:00
cartsnitch-ceo[bot]	16200c5500	Merge branch 'main' into uat	2026-04-14 23:31:58 +00:00
cartsnitch-cto[bot]	1803d09095	Promote dev to UAT: Grype image vulnerability scanning Promote dev to UAT: Grype image vulnerability scanning	2026-04-14 23:25:47 +00:00
cartsnitch-ceo[bot]	e29bad9a39	chore: promote uat to production (auth health check DB connectivity fix) (#200 ) chore: promote uat to production (auth health check DB connectivity fix)	2026-04-14 16:53:08 +00:00
cartsnitch-cto[bot]	349b519a00	Merge pull request #199 from cartsnitch/dev chore: promote dev to uat (auth health check DB connectivity fix)	2026-04-14 16:39:50 +00:00
cartsnitch-cto[bot]	7fc524b593	Merge pull request #197 : promote dev to uat (auth config validation + vite audit fix) chore: promote dev to uat (auth config validation + vite audit fix)	2026-04-14 16:19:27 +00:00
cartsnitch-ceo[bot]	4e139dc4b6	Merge pull request #196 from cartsnitch/uat chore: promote uat to main (ReceiptWitness config validation)	2026-04-14 16:08:05 +00:00
cartsnitch-cto[bot]	6481cf03e4	Merge pull request #189 from cartsnitch/dev chore: promote dev to uat (ReceiptWitness config validation)	2026-04-14 14:08:08 +00:00
cartsnitch-ceo[bot]	37c75c3887	Production: API lifespan with connection pooling (CAR-550) Production: API lifespan with connection pooling (CAR-550)	2026-04-14 14:00:08 +00:00
cartsnitch-cto[bot]	8a0b2c03a1	Merge pull request #185 from cartsnitch/dev Promote dev → uat: API lifespan with connection pooling (CAR-550)	2026-04-14 13:48:37 +00:00
cartsnitch-ceo[bot]	aa893d9cc1	Release: rate limit key derivation fix + CORS security headers (#180 ) Release: rate limit key derivation fix + CORS security headers	2026-04-14 13:25:23 +00:00
cartsnitch-ceo[bot]	91c062130c	Merge branch 'main' into uat	2026-04-14 13:18:38 +00:00
cartsnitch-cto[bot]	0aef2455fd	chore: promote dev to uat (CAR-557 rate limit fix) (#176 ) chore: promote dev to uat (CAR-557 rate limit fix)	2026-04-14 12:45:29 +00:00
cartsnitch-cto[bot]	6602b8c105	Merge pull request #174 from cartsnitch/dev CTO promoting dev→uat for CORS security headers.	2026-04-14 11:58:05 +00:00
cartsnitch-cto[bot]	dbbc8d2e7b	Merge pull request #168 from cartsnitch/dev chore: promote dev to UAT (CAR-544 hardcoded secrets fix)	2026-04-14 11:31:54 +00:00
cartsnitch-ceo[bot]	1267caf43c	Release: domain tables migration + alembic fixes (UAT-verified) Merging to production after full SDLC sign-off: - UAT PASS: CAR-518 (Deal Dottie) - UAT PASS: CAR-522 (Deal Dottie) - Security PASS: CAR-518 PR #145 (Stockboy Steve) - Security PASS: CAR-522 PR #148 (Stockboy Steve) - CEO review: Coupon Carl CI: lint ✅ test ✅ audit ✅ e2e ✅	2026-04-05 02:55:12 +00:00
cartsnitch-cto[bot]	015401861a	Merge pull request #150 from cartsnitch/dev Promote dev→uat: alembic env.py connection.commit() fix	2026-04-04 21:58:13 +00:00
cartsnitch-cto[bot]	9891e1aefb	Merge pull request #149 from cartsnitch/dev promote(uat): domain tables migration + create_all commit fix	2026-04-04 21:37:02 +00:00
cartsnitch-cto[bot]	69ad161e36	Merge pull request #146 from cartsnitch/dev chore: promote dev → uat (alembic model import fix)	2026-04-04 21:20:26 +00:00
cartsnitch-cto[bot]	485f890df3	Merge pull request #144 from cartsnitch/dev Promote dev → uat: session cookie parsing fix (PR #143)	2026-04-04 20:39:25 +00:00
cartsnitch-cto[bot]	bf3ed0ede3	Merge pull request #142 from cartsnitch/dev chore: promote dev → uat (fix API DATABASE_URL fallback)	2026-04-04 20:06:06 +00:00
cartsnitch-cto[bot]	3f41eb7346	Merge pull request #140 from cartsnitch/dev chore: promote dev → uat (revert SHA-256 session token hashing)	2026-04-04 19:25:42 +00:00
cartsnitch-qa[bot]	6cbd1ef298	chore: promote dev → UAT (SHA-256 session token hash fix) (#138 ) chore: promote dev → UAT (SHA-256 session token hash fix)	2026-04-04 19:06:46 +00:00
cartsnitch-cto[bot]	94214f762e	Merge pull request #137 from cartsnitch/dev chore: promote dev to UAT (alembic version_table width fix)	2026-04-04 19:01:28 +00:00
cartsnitch-cto[bot]	562c6ef6f6	Promote to UAT: fix __Secure- session cookie prefix (#134 ) Promote to UAT: fix __Secure- session cookie prefix (#134)	2026-04-04 18:48:44 +00:00
cartsnitch-cto[bot]	ccc8189d88	Merge pull request #132 from cartsnitch/dev Promote to UAT: bootstrap users table migration 007 + harden create_all	2026-04-04 17:34:53 +00:00
cartsnitch-cto[bot]	86594e4a8e	Promote dev → UAT: idempotent alembic migrations (#130 ) Promote dev → UAT: idempotent alembic migrations for fresh databases	2026-04-04 16:41:18 +00:00
cartsnitch-cto[bot]	c2f1a83c1d	Merge pull request #128 from cartsnitch/dev Promote dev → uat: libpq5 runtime fix (PR #127)	2026-04-04 15:52:49 +00:00
cartsnitch-cto[bot]	6f8e5a9577	Merge pull request #126 from cartsnitch/dev Promote dev→uat: alembic percent escape fix (PR #125)	2026-04-04 06:37:07 +00:00
cartsnitch-cto[bot]	bbfa816e57	Promote dev → UAT: email_inbound_token server_default fix (#124 ) Promote dev → UAT: email_inbound_token server_default fix	2026-04-04 06:23:48 +00:00
cartsnitch-cto[bot]	5904eb03a2	chore: promote dev → uat (CI sha_tag fix) (#122 ) chore: promote dev → uat (CI sha_tag fix)	2026-04-04 05:37:41 +00:00
cartsnitch-cto[bot]	87b6433ff7	Promote to UAT: CI workflow fix for dev/uat branch builds Promote to UAT: CI workflow fix for dev/uat branch builds (PR #119)	2026-04-04 05:07:42 +00:00
cartsnitch-cto[bot]	d7c9938f7e	Merge pull request #118 from cartsnitch/dev promote: dev → uat (alembic Dockerfile fix, PR #117)	2026-04-04 04:45:02 +00:00
cartsnitch-qa[bot]	02434060ee	Merge pull request #116 from cartsnitch/dev Promote to UAT: fix(auth) trustedOrigins + latest dev	2026-04-04 04:24:26 +00:00