Remove deploy-dev and deploy-uat CI jobs (CAR-1069)

Add .mcp.json
Merge pull request 'Promote to Production: CAR-894 Gitea workflows migration' (#36 ) from uat into main
2026-05-27 01:43:44 +00:00 · 2026-05-25 21:46:58 +00:00 · 2026-05-24 18:51:43 +00:00 · 2026-05-23 23:43:08 +00:00 · 2026-05-23 23:25:03 +00:00 · 2026-05-23 23:12:10 +00:00
22 changed files with 1813 additions and 370 deletions
@@ -0,0 +1,177 @@
 name: CI
 on:
  push:
    branches: [main, dev, uat]
  pull_request:
    branches: [main, dev, uat]
 concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true
 permissions:
  contents: write
  packages: write
 env:
  REGISTRY: git.farh.net
  IMAGE_NAME: cartsnitch/api
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - run: pip install ruff
      - name: Ruff lint
        run: ruff check .
      - name: Ruff format check
        run: ruff format --check .
  typecheck:
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential
      - run: pip install -e ".[dev]" mypy
      - name: Type check
        run: mypy src/cartsnitch_api
  test:
    runs-on: ubuntu-latest
    services:
      postgres:
        image: postgres:15-alpine
        env:
          POSTGRES_USER: cartsnitch
          POSTGRES_PASSWORD: cartsnitch_test
          POSTGRES_DB: cartsnitch_test
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
      redis:
        image: redis:7-alpine
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    env:
      CARTSNITCH_DATABASE_URL: postgresql+asyncpg://cartsnitch:cartsnitch_test@localhost:5432/cartsnitch_test
      CARTSNITCH_REDIS_URL: redis://localhost:6379/0
      CARTSNITCH_JWT_SECRET_KEY: test-secret-do-not-use-in-prod
      CARTSNITCH_SERVICE_KEY: test-service-key-do-not-use-in-prod
      CARTSNITCH_FERNET_KEY: wXWQsC0FZlhSz2t_tfVQjNUSP8vgAGG3o3pkjrX8Bw0=
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential
      - run: pip install -e ".[dev]"
      - name: Run tests
        run: pytest --tb=short -q
  build-and-push:
    runs-on: ubuntu-latest
    needs: [lint, test]
    outputs:
      calver_tag: ${{ steps.calver.outputs.version }}
      sha_tag: sha-${{ github.sha }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Generate CalVer tag
        id: calver
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        run: |
          DATE_TAG=$(date -u +%Y.%m.%d)
          EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
          if [ -z "$EXISTING" ]; then
            VERSION="$DATE_TAG"
          elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
            VERSION="${DATE_TAG}.2"
          else
            BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//")
            VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"
          fi
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "CalVer tag: $VERSION"
      - name: Log in to Gitea Container Registry
        run: echo "${{ github.token }}" | docker login git.farh.net -u ${{ github.actor }} --password-stdin
      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=sha,prefix=sha-,format=long
            type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          load: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            APT_CACHE_BUST=${{ github.run_id }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Scan api image for vulnerabilities
        uses: anchore/scan-action@v5
        id: scan
        env:
          GRYPE_CONFIG: .grype.yaml
        with:
          image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
          fail-build: true
          severity-cutoff: high
          only-fixed: "true"
          output-format: sarif
      - name: Push Docker image
        if: github.event_name == 'push'
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            APT_CACHE_BUST=${{ github.run_id }}
          cache-from: type=gha
      - name: Create git tag
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        run: |
          git tag "v${{ steps.calver.outputs.version }}"
          git push origin "v${{ steps.calver.outputs.version }}"
@@ -1,304 +0,0 @@
 name: CI
 on:
  push:
    branches: [main, dev]
  pull_request:
    branches: [main, dev]
 concurrency:
  group: ci-${{ github.ref }}
  cancel-in-progress: true
 permissions:
  contents: write
  packages: write
 env:
  REGISTRY: ghcr.io
  IMAGE_NAME: cartsnitch/api
 jobs:
  lint:
    runs-on: runners-cartsnitch
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
          cache: pip
      - run: pip install ruff
      - name: Ruff lint
        run: ruff check .
      - name: Ruff format check
        run: ruff format --check .
  typecheck:
    runs-on: runners-cartsnitch
    continue-on-error: true
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
          cache: pip
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential
      - run: pip install -e ".[dev]" mypy
      - name: Type check
        run: mypy src/cartsnitch_api
  test:
    runs-on: runners-cartsnitch
    services:
      postgres:
        image: postgres:15-alpine
        credentials:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
        env:
          POSTGRES_USER: cartsnitch
          POSTGRES_PASSWORD: cartsnitch_test
          POSTGRES_DB: cartsnitch_test
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
      redis:
        image: redis:7-alpine
        credentials:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    env:
      CARTSNITCH_DATABASE_URL: postgresql+asyncpg://cartsnitch:cartsnitch_test@localhost:5432/cartsnitch_test
      CARTSNITCH_REDIS_URL: redis://localhost:6379/0
      CARTSNITCH_JWT_SECRET_KEY: test-secret-do-not-use-in-prod
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
          cache: pip
      - name: Install system dependencies
        run: sudo apt-get update && sudo apt-get install -y libpq-dev build-essential
      - run: pip install -e ".[dev]"
      - name: Run tests
        run: pytest --tb=short -q
  build-and-push:
    runs-on: runners-cartsnitch
    needs: [lint, test]
    outputs:
      calver_tag: ${{ steps.calver.outputs.version }}
      sha_tag: sha-${{ github.sha }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Generate CalVer tag
        id: calver
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        run: |
          DATE_TAG=$(date -u +%Y.%m.%d)
          EXISTING=$(git tag -l "v${DATE_TAG}*" | sort -V | tail -1)
          if [ -z "$EXISTING" ]; then
            VERSION="$DATE_TAG"
          elif [ "$EXISTING" = "v${DATE_TAG}" ]; then
            VERSION="${DATE_TAG}.2"
          else
            BUILD_NUM=$(echo "$EXISTING" | sed "s/v${DATE_TAG}\.//")
            VERSION="${DATE_TAG}.$((BUILD_NUM + 1))"
          fi
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
          echo "CalVer tag: $VERSION"
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Log in to GHCR
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Extract metadata
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
          tags: |
            type=sha,prefix=sha-,format=long
            type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}
      - name: Build Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          load: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            APT_CACHE_BUST=${{ github.run_id }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      - name: Scan api image for vulnerabilities
        uses: anchore/scan-action@v5
        id: scan
        env:
          GRYPE_CONFIG: .grype.yaml
        with:
          image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
          fail-build: true
          severity-cutoff: high
          only-fixed: "true"
          output-format: sarif
      - name: Upload api scan results to GitHub Security
        uses: github/codeql-action/upload-sarif@v3
        if: always()
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}
      - name: Push Docker image
        if: github.event_name == 'push'
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          build-args: |
            APT_CACHE_BUST=${{ github.run_id }}
          cache-from: type=gha
      - name: Create git tag
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
        run: |
          git tag "v${{ steps.calver.outputs.version }}"
          git push origin "v${{ steps.calver.outputs.version }}"
  deploy-dev:
    runs-on: runners-cartsnitch
    needs: [build-and-push]
    if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
    steps:
      - name: Generate GitHub App token
        id: app-token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
          repositories: infra
      - name: Checkout infra repo
        uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
          token: ${{ steps.app-token.outputs.token }}
          ref: main
          path: infra
      - name: Install kubectl
        uses: azure/setup-kubectl@v4
      - name: Install kustomize
        uses: imranismail/setup-kustomize@v2
      - name: Determine image tag
        id: api_tag
        run: |
          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
            echo "tag=${{ needs.build-and-push.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
          else
            echo "tag=${{ needs.build-and-push.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
          fi
      - name: Update api image tag
        if: needs.build-and-push.result == 'success'
        run: |
          cd infra/apps/overlays/dev
          kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
      - name: Commit and push to infra
        run: |
          cd infra
          git config user.name "cartsnitch-ci[bot]"
          git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
          git add apps/overlays/dev/kustomization.yaml
          git commit -m "ci(dev): update api image"
          git pull --rebase origin main
          git push origin main
  deploy-uat:
    runs-on: runners-cartsnitch
    needs: [build-and-push]
    if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
    steps:
      - name: Generate GitHub App token
        id: app-token
        uses: actions/create-github-app-token@v1
        with:
          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
          owner: ${{ github.repository_owner }}
          repositories: infra
      - name: Checkout infra repo
        uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
          token: ${{ steps.app-token.outputs.token }}
          ref: main
          path: infra
      - name: Install kubectl
        uses: azure/setup-kubectl@v4
      - name: Install kustomize
        uses: imranismail/setup-kustomize@v2
      - name: Determine image tag
        id: api_tag
        run: |
          if [ "${{ github.ref }}" == "refs/heads/main" ]; then
            echo "tag=${{ needs.build-and-push.outputs.calver_tag }}" >> "$GITHUB_OUTPUT"
          else
            echo "tag=${{ needs.build-and-push.outputs.sha_tag }}" >> "$GITHUB_OUTPUT"
          fi
      - name: Update api image tag
        if: needs.build-and-push.result == 'success'
        run: |
          cd infra/apps/overlays/uat
          kustomize edit set image ghcr.io/cartsnitch/api:${{ steps.api_tag.outputs.tag }}
      - name: Commit and push to infra
        run: |
          cd infra
          git config user.name "cartsnitch-ci[bot]"
          git config user.email "cartsnitch-ci[bot]@users.noreply.github.com"
          git add apps/overlays/uat/kustomization.yaml
          git commit -m "ci(uat): update api image"
          git pull --rebase origin main
          git push origin main
@@ -0,0 +1,11 @@
 {
  "mcpServers": {
    "gitea": {
      "type": "http",
      "url": "https://git-mcp.farh.net/mcp",
      "headers": {
        "Authorization": "Bearer ${GITEA_TOKEN}"
      }
    }
  }
 }
@@ -45,7 +45,11 @@ def run_migrations_online() -> None:
        poolclass=pool.NullPool,
    )
    with connectable.connect() as connection:
-        context.configure(connection=connection, target_metadata=target_metadata, version_table_column_width=128)
+        context.configure(
            connection=connection,
            target_metadata=target_metadata,
            version_table_column_width=128,
        )
        with context.begin_transaction():
            context.run_migrations()
        # Create any tables defined in models but not yet created by migrations.
@@ -56,6 +60,7 @@ def run_migrations_online() -> None:
            connection.commit()
        except Exception as exc:
            import logging
            logging.getLogger("alembic.env").warning(
                "create_all failed (non-fatal, migrations should handle table creation): %s", exc
            )
@@ -30,7 +30,10 @@ def upgrade() -> None:
    if inspector.has_table("users"):
        existing_user_cols = [c["name"] for c in inspector.get_columns("users")]
        if "email_verified" not in existing_user_cols:
-            op.add_column("users", sa.Column("email_verified", sa.Boolean(), nullable=False, server_default="false"))
+            op.add_column(
                "users",
                sa.Column("email_verified", sa.Boolean(), nullable=False, server_default="false"),
            )
        if "image" not in existing_user_cols:
            op.add_column("users", sa.Column("image", sa.Text(), nullable=True))
@@ -44,8 +47,18 @@ def upgrade() -> None:
            sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
            sa.Column("ip_address", sa.Text(), nullable=True),
            sa.Column("user_agent", sa.Text(), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.PrimaryKeyConstraint("id"),
        )
        op.create_index("ix_sessions_token", "sessions", ["token"], unique=True)
@@ -66,8 +79,18 @@ def upgrade() -> None:
            sa.Column("scope", sa.Text(), nullable=True),
            sa.Column("id_token", sa.Text(), nullable=True),
            sa.Column("password", sa.Text(), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.PrimaryKeyConstraint("id"),
        )
        op.create_index("ix_accounts_user_id", "accounts", ["user_id"])
@@ -80,8 +103,18 @@ def upgrade() -> None:
            sa.Column("identifier", sa.Text(), nullable=False),
            sa.Column("value", sa.Text(), nullable=False),
            sa.Column("expires_at", sa.DateTime(timezone=True), nullable=False),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.PrimaryKeyConstraint("id"),
        )
@@ -96,8 +129,10 @@ def upgrade() -> None:
            user_id_str = str(user_id)
            conn.execute(
                text(
-                    "INSERT INTO accounts (id, user_id, account_id, provider_id, password, created_at, updated_at) "
+                    "INSERT INTO accounts "
-                    "VALUES (gen_random_uuid()::text, :user_id, :account_id, 'credential', :password, now(), now())"
+                    "(id, user_id, account_id, provider_id, password, created_at, updated_at) "
                    "VALUES (gen_random_uuid()::text, :user_id, :account_id, "
                    "'credential', :password, now(), now())"
                ),
                {"user_id": user_id_str, "account_id": user_id_str, "password": hashed_password},
            )
@@ -40,7 +40,12 @@ def upgrade() -> None:
            return  # already TEXT — nothing to do
    # Step 1: Drop existing FK constraints (ignore if they don't exist)
-    op.execute(text("ALTER TABLE user_store_accounts DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"))
+    op.execute(
        text(
            "ALTER TABLE user_store_accounts "
            "DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"
        )
    )
    op.execute(text("ALTER TABLE purchases DROP CONSTRAINT IF EXISTS purchases_user_id_fkey"))
    # Step 2: Alter users.id from uuid to text
@@ -89,7 +94,12 @@ def upgrade() -> None:
 def downgrade() -> None:
    # Drop FK constraints
-    op.execute(text("ALTER TABLE user_store_accounts DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"))
+    op.execute(
        text(
            "ALTER TABLE user_store_accounts "
            "DROP CONSTRAINT IF EXISTS user_store_accounts_user_id_fkey"
        )
    )
    op.execute(text("ALTER TABLE purchases DROP CONSTRAINT IF EXISTS purchases_user_id_fkey"))
    # Revert users.id from text to uuid
@@ -20,7 +20,7 @@ depends_on = None
 def upgrade() -> None:
    conn = op.get_bind()
    inspector = sa.inspect(conn)
-    # Guard: on a fresh DB Base.metadata.create_all creates users table with the column already present
+    # Guard: on fresh DB, Base.metadata.create_all already has the column
    if not inspector.has_table("users"):
        return
    existing_cols = [c["name"] for c in inspector.get_columns("users")]
@@ -6,6 +6,7 @@ Create Date: 2026-04-04
 """
 import sqlalchemy as sa
 from alembic import op
 revision = "006_email_inbound_token_server_default"
@@ -29,7 +30,8 @@ def upgrade() -> None:
        "users",
        "email_inbound_token",
        server_default=sa.text(
-            "replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
+            "replace(replace(trim(trailing '=' from "
            "encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
        ),
    )
@@ -27,7 +27,8 @@ def upgrade() -> None:
    if inspector.has_table("users"):
        return  # Table already exists (non-fresh DB or create_all already ran)
-    conn.execute(text("""
+    conn.execute(
        text("""
        CREATE TABLE users (
            id TEXT PRIMARY KEY,
            email VARCHAR(255) NOT NULL UNIQUE,
@@ -36,11 +37,20 @@ def upgrade() -> None:
            email_verified BOOLEAN NOT NULL DEFAULT false,
            image TEXT,
            email_inbound_token VARCHAR(22) NOT NULL UNIQUE
-                DEFAULT replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_'),
+                DEFAULT (
                    replace(
                        replace(
                            trim(trailing '=' from encode(gen_random_bytes(16), 'base64')),
                            '+', '-'
                        ),
                        '/', '_'
                    )
                ),
            created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
            updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
        )
-    """))
+    """)
    )
 def downgrade() -> None:
@@ -29,8 +29,18 @@ def upgrade() -> None:
            sa.Column("slug", sa.String(20), nullable=False, unique=True),
            sa.Column("logo_url", sa.String(500), nullable=True),
            sa.Column("website_url", sa.String(500), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
        )
    # 2. store_locations
@@ -45,8 +55,18 @@ def upgrade() -> None:
            sa.Column("zip", sa.String(10), nullable=False),
            sa.Column("lat", sa.Float(), nullable=True),
            sa.Column("lng", sa.Float(), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
        )
    # 3. normalized_products
@@ -61,8 +81,18 @@ def upgrade() -> None:
            sa.Column("size", sa.String(50), nullable=True),
            sa.Column("size_unit", sa.String(10), nullable=True),
            sa.Column("upc_variants", sa.JSON(), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
        )
    # 4. purchases
@@ -72,7 +102,9 @@ def upgrade() -> None:
            sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
            sa.Column("user_id", sa.Text(), sa.ForeignKey("users.id"), nullable=False),
            sa.Column("store_id", sa.Uuid(), sa.ForeignKey("stores.id"), nullable=False),
-            sa.Column("store_location_id", sa.Uuid(), sa.ForeignKey("store_locations.id"), nullable=True),
+            sa.Column(
                "store_location_id", sa.Uuid(), sa.ForeignKey("store_locations.id"), nullable=True
            ),
            sa.Column("receipt_id", sa.String(200), nullable=False),
            sa.Column("purchase_date", sa.Date(), nullable=False),
            sa.Column("total", sa.Numeric(10, 2), nullable=False),
@@ -81,9 +113,24 @@ def upgrade() -> None:
            sa.Column("savings_total", sa.Numeric(10, 2), nullable=True),
            sa.Column("source_url", sa.String(500), nullable=True),
            sa.Column("raw_data", sa.JSON(), nullable=True),
-            sa.Column("ingested_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "ingested_at",
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.UniqueConstraint("user_id", "store_id", "receipt_id", name="uq_purchase_receipt"),
            sa.Index("ix_purchases_user_store", "user_id", "store_id"),
        )
@@ -104,9 +151,24 @@ def upgrade() -> None:
            sa.Column("coupon_discount", sa.Numeric(10, 2), nullable=True),
            sa.Column("loyalty_discount", sa.Numeric(10, 2), nullable=True),
            sa.Column("category_raw", sa.String(100), nullable=True),
-            sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=True),
+            sa.Column(
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "normalized_product_id",
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                sa.Uuid(),
                sa.ForeignKey("normalized_products.id"),
                nullable=True,
            ),
            sa.Column(
                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
        )
    # 6. coupons
@@ -115,7 +177,12 @@ def upgrade() -> None:
            "coupons",
            sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
            sa.Column("store_id", sa.Uuid(), sa.ForeignKey("stores.id"), nullable=False),
-            sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=True),
+            sa.Column(
                "normalized_product_id",
                sa.Uuid(),
                sa.ForeignKey("normalized_products.id"),
                nullable=True,
            ),
            sa.Column("title", sa.String(300), nullable=False),
            sa.Column("description", sa.String(1000), nullable=True),
            sa.Column("discount_type", sa.String(20), nullable=False),
@@ -127,8 +194,18 @@ def upgrade() -> None:
            sa.Column("coupon_code", sa.String(100), nullable=True),
            sa.Column("source_url", sa.String(500), nullable=True),
            sa.Column("scraped_at", sa.DateTime(timezone=True), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
        )
    # 7. price_history
@@ -136,7 +213,12 @@ def upgrade() -> None:
        op.create_table(
            "price_history",
            sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
-            sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=False),
+            sa.Column(
                "normalized_product_id",
                sa.Uuid(),
                sa.ForeignKey("normalized_products.id"),
                nullable=False,
            ),
            sa.Column("store_id", sa.Uuid(), sa.ForeignKey("stores.id"), nullable=False),
            sa.Column("observed_date", sa.Date(), nullable=False),
            sa.Column("regular_price", sa.Numeric(10, 2), nullable=False),
@@ -144,10 +226,27 @@ def upgrade() -> None:
            sa.Column("loyalty_price", sa.Numeric(10, 2), nullable=True),
            sa.Column("coupon_price", sa.Numeric(10, 2), nullable=True),
            sa.Column("source", sa.String(20), nullable=False),
-            sa.Column("purchase_item_id", sa.Uuid(), sa.ForeignKey("purchase_items.id"), nullable=True),
+            sa.Column(
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "purchase_item_id", sa.Uuid(), sa.ForeignKey("purchase_items.id"), nullable=True
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            ),
-            sa.Index("ix_price_history_product_store_date", "normalized_product_id", "store_id", "observed_date"),
+            sa.Column(
                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Index(
                "ix_price_history_product_store_date",
                "normalized_product_id",
                "store_id",
                "observed_date",
            ),
        )
    # 8. shrinkflation_events
@@ -155,7 +254,12 @@ def upgrade() -> None:
        op.create_table(
            "shrinkflation_events",
            sa.Column("id", sa.Uuid(), server_default=text("gen_random_uuid()"), primary_key=True),
-            sa.Column("normalized_product_id", sa.Uuid(), sa.ForeignKey("normalized_products.id"), nullable=False),
+            sa.Column(
                "normalized_product_id",
                sa.Uuid(),
                sa.ForeignKey("normalized_products.id"),
                nullable=False,
            ),
            sa.Column("detected_date", sa.Date(), nullable=False),
            sa.Column("old_size", sa.String(50), nullable=False),
            sa.Column("new_size", sa.String(50), nullable=False),
@@ -165,8 +269,18 @@ def upgrade() -> None:
            sa.Column("price_at_new_size", sa.Numeric(10, 2), nullable=True),
            sa.Column("confidence", sa.Numeric(3, 2), server_default=text("1.00"), nullable=False),
            sa.Column("notes", sa.String(1000), nullable=True),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
        )
    # 9. user_store_accounts
@@ -180,8 +294,18 @@ def upgrade() -> None:
            sa.Column("session_expires_at", sa.DateTime(timezone=True), nullable=True),
            sa.Column("last_sync_at", sa.DateTime(timezone=True), nullable=True),
            sa.Column("status", sa.String(20), server_default=text("'active'"), nullable=False),
-            sa.Column("created_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+            sa.Column(
-            sa.Column("updated_at", sa.DateTime(timezone=True), server_default=sa.func.now(), nullable=False),
+                "created_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.Column(
                "updated_at",
                sa.DateTime(timezone=True),
                server_default=sa.func.now(),
                nullable=False,
            ),
            sa.UniqueConstraint("user_id", "store_id", name="uq_user_store_account"),
        )
@@ -6,6 +6,7 @@ Create Date: 2026-04-14
 """
 import sqlalchemy as sa
 from alembic import op
 revision = "009_add_gin_index_upc_variants"
@@ -5,7 +5,8 @@ Sessions are verified by querying the shared sessions table directly.
 """
 from datetime import UTC, datetime
-from fastapi import Cookie, Depends, Header, HTTPException, Request, status
+
 from fastapi import Depends, Header, HTTPException, Request, status
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 from sqlalchemy import text
 from sqlalchemy.ext.asyncio import AsyncSession
@@ -6,13 +6,10 @@ endpoints that query our own user data from the shared database.
 """
 from fastapi import APIRouter, Depends, HTTPException, status
 from pydantic import BaseModel
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 from cartsnitch_api.auth.dependencies import get_current_user
 from cartsnitch_api.database import get_db
 from cartsnitch_api.models import User
 from cartsnitch_api.schemas import (
    UpdateUserRequest,
    UserResponse,
@@ -23,7 +23,12 @@ class Settings(BaseSettings):
    auth_service_url: str = "http://auth:3001"
-    cors_origins: list[str] = ["http://localhost:3000", "https://cartsnitch.com"]
+    cors_origins: list[str] = [
        "http://localhost:3000",
        "https://cartsnitch.com",
        "https://dev.cartsnitch.com",
        "https://uat.cartsnitch.com",
    ]
    receiptwitness_url: str = "http://receiptwitness:8001"
    stickershock_url: str = "http://stickershock:8002"
@@ -6,11 +6,10 @@ from fastapi import APIRouter, FastAPI
 from cartsnitch_api.auth.routes import router as auth_router
 from cartsnitch_api.cache import cache_client
-from cartsnitch_api.database import dispose_engine
+from cartsnitch_api.middleware.audit import add_audit_middleware
 from cartsnitch_api.middleware.cors import add_cors_middleware
 from cartsnitch_api.middleware.error_handler import add_error_handlers, add_error_monitor_middleware
 from cartsnitch_api.middleware.rate_limit import add_rate_limit_middleware
 from cartsnitch_api.middleware.audit import add_audit_middleware
 from cartsnitch_api.routes.alerts import router as alerts_router
 from cartsnitch_api.routes.coupons import router as coupons_router
 from cartsnitch_api.routes.health import router as health_router
@@ -26,6 +25,8 @@ from cartsnitch_api.routes.user import router as user_router
@asynccontextmanager
 async def lifespan(app: FastAPI):
    from cartsnitch_api.database import dispose_engine
    await cache_client.initialize()
    yield
    await cache_client.close()
@@ -26,9 +26,7 @@ class User(TimestampMixin, Base):
    email: Mapped[str] = mapped_column(String(255), nullable=False, unique=True)
    hashed_password: Mapped[str | None] = mapped_column(String(255), nullable=True)
    display_name: Mapped[str | None] = mapped_column(String(100))
-    email_verified: Mapped[bool] = mapped_column(
+    email_verified: Mapped[bool] = mapped_column(Boolean, nullable=False, server_default="false")
        Boolean, nullable=False, server_default="false"
    )
    image: Mapped[str | None] = mapped_column(Text, nullable=True)
    email_inbound_token: Mapped[str] = mapped_column(
        String(22),
@@ -36,7 +34,8 @@ class User(TimestampMixin, Base):
        unique=True,
        default=lambda: secrets.token_urlsafe(16),
        server_default=sa.text(
-            "replace(replace(trim(trailing '=' from encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
+            "replace(replace(trim(trailing '=' from "
            "encode(gen_random_bytes(16), 'base64')), '+', '-'), '/', '_')"
        ),
    )
@@ -53,6 +53,10 @@ def disable_rate_limiting():
 def engine():
    """Sync in-memory SQLite engine for model unit tests."""
    eng = create_engine("sqlite:///:memory:")
    from cartsnitch_api.models.user import User
    col = User.__table__.columns["email_inbound_token"]
    col.server_default = None
    Base.metadata.create_all(eng)
    yield eng
    eng.dispose()
@@ -77,6 +81,9 @@ async def db_engine():
        cursor.close()
    async with engine.begin() as conn:
        from cartsnitch_api.models.user import User
        User.__table__.columns["email_inbound_token"].server_default = None
        await conn.run_sync(Base.metadata.create_all)
        # Create Better-Auth tables (not managed by SQLAlchemy models)
        await conn.execute(
@@ -177,8 +184,10 @@ async def _create_test_user_and_session(
    async with db_engine.begin() as conn:
        await conn.execute(
            text(
-                "INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
+                "INSERT INTO users (id, email, hashed_password, display_name, "
-                "VALUES (:id, :email, :hashed_password, :display_name, :email_verified, :created_at, :updated_at)"
+                "email_verified, email_inbound_token, created_at, updated_at) "
                "VALUES (:id, :email, :hashed_password, :display_name, "
                ":email_verified, :email_inbound_token, :created_at, :updated_at)"
            ),
            {
                "id": user_id,
@@ -186,6 +195,7 @@ async def _create_test_user_and_session(
                "hashed_password": "not-used-with-better-auth",
                "display_name": display_name,
                "email_verified": False,
                "email_inbound_token": secrets.token_urlsafe(16),
                "created_at": now,
                "updated_at": now,
            },
@@ -138,8 +138,9 @@ async def test_expired_session_rejected(client, db_engine):
    async with db_engine.begin() as conn:
        await conn.execute(
            text(
-                "INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
+                "INSERT INTO users (id, email, hashed_password, display_name, "
-                "VALUES (:id, :email, :hp, :dn, :ev, :ca, :ua)"
+                "email_verified, email_inbound_token, created_at, updated_at) "
                "VALUES (:id, :email, :hp, :dn, :ev, :token, :ca, :ua)"
            ),
            {
                "id": user_id,
@@ -147,6 +148,7 @@ async def test_expired_session_rejected(client, db_engine):
                "hp": "unused",
                "dn": "Expired User",
                "ev": False,
                "token": secrets.token_urlsafe(16),
                "ca": now,
                "ua": now,
            },
@@ -1,7 +1,5 @@
 """Tests for Settings config, specifically the database_url env var fallback."""
 import os
 from cartsnitch_api.config import Settings
@@ -30,7 +28,10 @@ def test_database_url_normalizes_plain_postgresql_prefix():
        "DATABASE_URL": "postgresql://cartsnitch:cartsnitch@localhost:5432/cartsnitch",
    }
    settings = Settings(**env)
-    assert settings.database_url == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
+    assert (
        settings.database_url
        == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
    )
 def test_database_url_preserves_asyncpg_prefix():
@@ -39,10 +40,16 @@ def test_database_url_preserves_asyncpg_prefix():
        "CARTSNITCH_DATABASE_URL": "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch",
    }
    settings = Settings(**env)
-    assert settings.database_url == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
+    assert (
        settings.database_url
        == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
    )
 def test_database_url_default():
    """When neither env var is set, the hardcoded default is used."""
    settings = Settings()
-    assert settings.database_url == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
+    assert (
        settings.database_url
        == "postgresql+asyncpg://cartsnitch:cartsnitch@localhost:5432/cartsnitch"
    )
@@ -65,8 +65,9 @@ class TestSessionValidation:
        async with db_engine.begin() as conn:
            await conn.execute(
                text(
-                    "INSERT INTO users (id, email, hashed_password, display_name, email_verified, created_at, updated_at) "
+                    "INSERT INTO users (id, email, hashed_password, display_name, "
-                    "VALUES (:id, :email, :hp, :dn, :ev, :ca, :ua)"
+                    "email_verified, email_inbound_token, created_at, updated_at) "
                    "VALUES (:id, :email, :hp, :dn, :ev, :token, :ca, :ua)"
                ),
                {
                    "id": user_id,
@@ -74,6 +75,7 @@ class TestSessionValidation:
                    "hp": "unused",
                    "dn": "Expired User",
                    "ev": False,
                    "token": secrets.token_urlsafe(16),
                    "ca": now,
                    "ua": now,
                },
@@ -1,7 +1,7 @@
 """Tests for rate limiting middleware."""
 import time
-from unittest.mock import AsyncMock, MagicMock, patch
+from unittest.mock import AsyncMock, MagicMock
 import pytest
Author	SHA1	Message	Date
Flea Flicker	4965d374a5	Remove deploy-dev and deploy-uat CI jobs (CAR-1069)	2026-05-27 01:43:44 +00:00
Chris Farhood	24d1b199ea	Add .mcp.json	2026-05-25 21:46:58 +00:00
Savannah Savings	46906cc333	Merge pull request 'Promote to Production: CAR-894 Gitea workflows migration' (#36 ) from uat into main	2026-05-24 18:51:43 +00:00
Savannah Savings	0c0cc63d59	Merge pull request 'Promote dev → uat: test fixes (CAR-1006)' (#33 ) from dev into uat	2026-05-23 23:43:08 +00:00
Savannah Savings	280882f515	Merge pull request 'Fix test failures: email_inbound_token server_default for SQLite' (#29 ) from betty/fix-email-inbound-token-tests into dev Fix test failures: email_inbound_token server_default for SQLite (#29) Strip PostgreSQL-only server_default from email_inbound_token before SQLite create_all(). Add email_inbound_token to test user INSERT statements. Reviewed-by: Savannah Savings (CTO) Approved-by: Checkout Charlie (QA)	2026-05-23 23:25:03 +00:00
Savannah Savings	21443a266a	Merge pull request 'Promote dev → uat: ruff lint fixes (CAR-1004)' (#31 ) from dev into uat Promote dev → uat: ruff lint fixes (CAR-1004)	2026-05-23 23:12:10 +00:00
Savannah Savings	ec4eaa1f03	Merge pull request 'Fix ruff lint errors across codebase' (#30 ) from barcode-betty/car-1004-fix-ruff-lint into dev Merge PR #30: Fix ruff lint errors across codebase Fixes 56 ruff lint errors (E501, F401, I001) in cartsnitch/api. QA: cs_charlie APPROVED CTO: cs_savannah APPROVED	2026-05-23 23:11:54 +00:00
Barcode Betty	0e3c9fb52e	Fix: strip PostgreSQL server_default from email_inbound_token for SQLite The email_inbound_token column uses a PostgreSQL-only server_default (gen_random_bytes/encode/trim) that SQLite cannot parse. Strip the server_default before metadata.create_all() in both the sync engine and async db_engine fixtures so tests run against SQLite. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 23:07:39 +00:00
Barcode Betty	cc6ca5982c	fix: resolve email_inbound_token conflict in test fixtures Rebase on latest dev and wrap SQL INSERT lines to honor ruff line-length=100. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 23:00:02 +00:00
Barcode Betty	c9fd066c31	fix: resolve email_inbound_token conflict in test fixtures	2026-05-23 22:57:16 +00:00
Barcode Betty	c68838acf2	Fix ruff lint errors across codebase - Auto-fix F401 (unused imports) and I001 (unsorted imports) with ruff --fix - Manually fix E501 (line too long) in alembic migrations and src/ models - Run ruff format to ensure consistent formatting Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 22:47:17 +00:00
Savannah Savings	4751154679	Merge pull request 'Fix ruff lint errors across codebase' (#28 ) from cs_betty/api:betty/car-932-lint-fixes into dev Merge PR #28: Fix ruff lint errors across codebase	2026-05-23 22:44:02 +00:00
Savannah Savings	6799b0e7b1	Merge pull request 'promote: dev → uat (CAR-995 CI registry migration)' (#27 ) from dev into uat promote: dev → uat (CAR-995 CI registry migration) (#27)	2026-05-23 22:31:54 +00:00
Savannah Savings	71cf0a4563	Merge pull request 'ci: migrate from ghcr.io to Gitea built-in registry' (#25 ) from fix/cart-995-gitea-registry-migration into dev ci: migrate from ghcr.io to Gitea built-in registry (#25) CAR-995: Update CI workflow to use Gitea built-in container registry. - REGISTRY env var: ghcr.io -> git.farh.net - Replace Docker Hub/GHCR login with direct docker login using github.token - Remove Docker Hub credentials from service containers - Update deploy kustomize image refs to use env vars	2026-05-23 22:31:36 +00:00
Barcode Betty	9659e63208	ci: migrate from ghcr.io to Gitea built-in registry - Update REGISTRY env var: ghcr.io -> git.farh.net - Replace Docker Hub + GHCR login with Gitea login step - Remove credentials blocks from postgres and redis service definitions - Update deploy-dev/deploy-uat kustomize image refs to use $REGISTRY var Fixes QA FAIL from PR #23: missing Gitea login step. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 22:14:55 +00:00
Savannah Savings	50110a54b7	Merge pull request 'Promote dev → uat: CI pipeline fixes (CAR-1000)' (#24 ) from dev into uat Promote dev → uat: CI pipeline fixes (CAR-1000) Promotes PR #22 fixes to UAT environment.	2026-05-23 22:14:44 +00:00
Savannah Savings	5c33b6ee38	Merge pull request 'Fix CI pipeline failures in cartsnitch/api' (#22 ) from cs_betty/api:barcode-betty/fix-ci-pipeline into dev Merge PR #22: Fix CI pipeline failures in cartsnitch/api Fixes: - Remove cache: pip from setup-python to fix intermittent tar corruption - Add CARTSNITCH_SERVICE_KEY and CARTSNITCH_FERNET_KEY test env vars Reviewed-by: Savannah Savings (CTO) Approved-by: Checkout Charlie (QA)	2026-05-23 22:13:56 +00:00
Barcode Betty	ae2fc15a5b	fix: resolve lint errors in test files [CAR-932] Fix 56 lint errors in test files that were blocking CI: - E501: Split long SQL INSERT statements across multiple lines - F401: Remove unused imports (os, unittest.mock.patch) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 22:09:33 +00:00
Flea Flicker	cf4b29b8d3	Fix CI pipeline failures: remove pip cache from setup-python, add missing env vars - Remove 'cache: pip' from setup-python in lint, typecheck, test jobs to fix intermittent 'archive/tar: write too long' errors on act_runner pods - Add CARTSNITCH_SERVICE_KEY and CARTSNITCH_FERNET_KEY to test job env to satisfy Settings pydantic model requirements Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 21:57:04 +00:00
Savannah Savings	28ad343759	Merge pull request 'chore: promote dev to uat (dispose_engine fix, CAR-932)' (#20 ) from dev into uat chore: promote dev to uat (dispose_engine fix, CAR-932)	2026-05-23 21:52:24 +00:00
Savannah Savings	23899f6c8d	Merge pull request 'fix: remove dead dispose_engine import from API main.py [CAR-932]' (#16 ) from betty/car-932-fix-dispose-engine into dev fix: remove dead dispose_engine import from API main.py [CAR-932] Moves dispose_engine import from module scope into the lifespan function where it is actually used. Fixes ImportError crashing API pods. Reviewed-by: cs_charlie (QA) Approved-by: cs_savannah (CTO) CI-override: pre-existing failures unrelated to this change	2026-05-23 21:51:56 +00:00
Savannah Savings	06c6dbed5c	Merge pull request 'promote: dev → uat (CAR-992 cors_origins fix)' (#15 ) from dev into uat promote: dev → uat (CAR-992 cors_origins fix) (#15)	2026-05-23 20:56:06 +00:00
Savannah Savings	1805ff93cf	Merge pull request 'fix: add UAT/dev domains to cors_origins' (#14 ) from cs_betty/api:car992-fix into dev fix: add UAT/dev domains to cors_origins (#14) Refs: CAR-992	2026-05-23 20:55:39 +00:00
Barcode Betty	ba88fad48b	fix: remove dead dispose_engine import from API main.py The top-level import of dispose_engine from cartsnitch_api.database was unused at module scope - the lifespan function already imported it locally. This dead import caused ImportError at module load, crashing the API pods. Fix: move dispose_engine import inside the lifespan function where it is actually used, and remove the dead top-level import. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 20:54:39 +00:00
Barcode Betty	0127c16d0b	fix: add UAT/dev domains to cors_origins Add dev.cartsnitch.com and uat.cartsnitch.com to the CORS origins list to match the infra HTTPRoute domains and fix auth blocking on UAT. Refs: CAR-992 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 20:45:56 +00:00
Savannah Savings	228a83c355	Merge pull request 'promote: dev → uat (CI trigger fix)' (#10 ) from dev into uat promote: dev → uat (CI trigger fix) (#10) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:39:13 +00:00
Savannah Savings	7fd8e90b9c	Merge pull request 'fix(ci): add uat branch to workflow triggers' (#9 ) from savannah/fix-ci-uat-trigger into dev fix(ci): add uat branch to workflow triggers (#9) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:38:59 +00:00
Savannah Savings	e429786696	fix(ci): add uat branch to workflow triggers The on.push and on.pull_request triggers only listed [main, dev]. The deploy-uat job condition checks for refs/heads/uat but the workflow never fires on uat pushes. Add uat to both trigger lists. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 14:37:47 +00:00
Savannah Savings	fbfedd4e8f	Merge pull request 'chore: promote dev to uat (CAR-898 workflow move)' (#7 ) from dev into uat chore: promote dev to uat (CAR-898 workflow move) (#7)	2026-05-21 13:05:23 +00:00
Savannah Savings	6b54a5ee7f	Merge pull request 'chore: move workflows from .github to .gitea' (#6 ) from barcode-betty/move-workflows-to-gitea into dev chore: move workflows from .github to .gitea (#6) Part of Gitea migration (CAR-893).	2026-05-21 13:05:07 +00:00
Barcode Betty	4e38dd4a0e	chore: move workflows from .github to .gitea Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 12:30:57 +00:00
Coupon Carl	6a8db71537	Merge pull request 'ci: promote Gitea Actions conversion to UAT' (#5 ) from dev into uat	2026-05-21 04:55:13 +00:00
Coupon Carl	3a4bf6fb30	Merge pull request 'ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)' (#4 ) from betty/car-869-gitea-actions-api into dev	2026-05-21 04:54:50 +00:00
Barcode Betty	0c3c549a6a	ci: convert GitHub Actions to Gitea Actions (ubuntu-latest) - Replace runs-on: runners-cartsnitch with ubuntu-latest (6 jobs) - Remove SARIF upload step (github/codeql-action/upload-sarif) - Replace GitHub App token with secrets.GITEA_TOKEN in deploy-dev and deploy-uat Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 03:57:49 +00:00