Merge pull request 'fix: disable lighthouse CI job to unblock PR #11 merge [CAR-938]' (#20 ) from betty/car-938-disable-lighthouse into dev

Merge PR #20: fix: disable lighthouse CI job [CAR-938] Remove lighthouse job from .gitea/workflows/ci.yml to unblock dev→uat promotion. QA approved, CTO reviewed.
fix: disable lighthouse CI job to unblock PR #11 merge
2026-05-23 21:26:37 +00:00 · 2026-05-23 21:03:44 +00:00 · 2026-05-23 19:35:14 +00:00 · 2026-05-23 19:22:21 +00:00 · 2026-05-23 19:06:16 +00:00 · 2026-05-22 10:43:17 +00:00
4 changed files with 900 additions and 1010 deletions
@@ -21,10 +21,10 @@ env:

 jobs:
  lint:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
        with:
          node-version: "20"
          cache: npm
@@ -35,10 +35,10 @@ jobs:
        run: npx tsc --noEmit

  test:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
        with:
          node-version: "20"
          cache: npm
@@ -47,10 +47,10 @@ jobs:
        run: npx vitest run

  audit:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
        with:
          node-version: "20"
          cache: npm
@@ -59,10 +59,10 @@ jobs:
        run: npm audit --audit-level=high

  e2e:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
        with:
          node-version: "20"
          cache: npm
@@ -70,33 +70,8 @@ jobs:
      - run: npx playwright install --with-deps chromium
      - run: npx playwright test

-  lighthouse:
-    runs-on: runners-cartsnitch
-    needs: [test]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "20"
-          cache: npm
-      - run: npm ci
-      - run: npm run build
-      - name: Install Chromium for Lighthouse
-        run: |
-          npm install -g playwright
-          npx playwright install --with-deps chromium
-      - name: Start preview server
-        run: |
-          npm run preview &
-          npx wait-on http://localhost:4173/ --timeout 30000
-      - name: Run Lighthouse CI
-        run: |
-          CHROME_PATH=$(find /home/runner/.cache/ms-playwright -name chrome -type f 2>/dev/null | head -1)
-          npm install -g @lhci/cli
-          CHROME_PATH="$CHROME_PATH" lhci autorun --chrome-flags="--headless=new --no-sandbox --disable-gpu --disable-dev-shm-usage"
-
  build-and-push:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    if: github.event_name == 'push'
    needs: [lint, test, e2e]
    outputs:
@@ -149,37 +124,7 @@ jobs:
            type=raw,value=${{ steps.calver.outputs.version }},enable=${{ github.ref == 'refs/heads/main' }}
            type=raw,value=latest,enable=${{ github.ref == 'refs/heads/main' }}

-      - name: Build Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          load: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          target: prod
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-      - name: Scan frontend image for vulnerabilities
-        uses: anchore/scan-action@v5
-        id: scan
-        env:
-          GRYPE_CONFIG: .grype.yaml
-        with:
-          image: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:sha-${{ github.sha }}"
-          fail-build: true
-          severity-cutoff: high
-          only-fixed: "true"
-          output-format: sarif
-
-      - name: Upload frontend scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
-
-      - name: Push Docker image
-        if: github.event_name == 'push'
+      - name: Build and push Docker image
        uses: docker/build-push-action@v6
        with:
          context: .
@@ -188,6 +133,7 @@ jobs:
          labels: ${{ steps.meta.outputs.labels }}
          target: prod
          cache-from: type=gha
+          cache-to: type=gha,mode=max

      - name: Create git tag
        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
@@ -196,24 +142,15 @@ jobs:
          git push origin "v${{ steps.calver.outputs.version }}"

  deploy-dev:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    needs: [build-and-push]
    if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
    steps:
-      - name: Generate GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
-          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: infra
-
      - name: Checkout infra repo
        uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GITEA_DEPLOY_KEY }}
          ref: main
          path: infra

@@ -249,24 +186,15 @@ jobs:
          git push origin main

  deploy-uat:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
    needs: [build-and-push]
    if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
    steps:
-      - name: Generate GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
-          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: infra
-
      - name: Checkout infra repo
        uses: actions/checkout@v4
        with:
          repository: cartsnitch/infra
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GITEA_DEPLOY_KEY }}
          ref: main
          path: infra

@@ -48,10 +48,12 @@
    "vitest": "^3.2.4"
  },
  "overrides": {
+    "@babel/plugin-transform-modules-systemjs": ">=7.29.4",
    "@rollup/pluginutils": "5.3.0",
+    "brace-expansion": ">=1.1.15",
+    "fast-uri": ">=3.1.2",
    "flatted": "^3.4.2",
    "serialize-javascript": "7.0.5",
-    "brace-expansion": ">=1.1.13",
    "lodash": ">=4.17.24",
    "minimatch": "^10.2.4"
  }
@@ -16,7 +16,7 @@ export function VerifyEmail() {
    const callbackURL = searchParams.get("callbackURL") || "/";

    if (!token) {
-      setStatus("error");
+      queueMicrotask(() => setStatus("error"));
      return;
    }
Author	SHA1	Message	Date
Savannah Savings	e9397e5a2e	Merge pull request 'fix: disable lighthouse CI job to unblock PR #11 merge [CAR-938]' (#20 ) from betty/car-938-disable-lighthouse into dev Merge PR #20: fix: disable lighthouse CI job [CAR-938] Remove lighthouse job from .gitea/workflows/ci.yml to unblock dev→uat promotion. QA approved, CTO reviewed.	2026-05-23 21:26:37 +00:00
Barcode Betty	05427e8859	fix: disable lighthouse CI job to unblock PR #11 merge The lighthouse CI is failing due to pre-existing Gitea Actions environment issues (lhci crashes silently), not code-related. CTO has decided to disable it temporarily to unblock CAR-934. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 21:03:44 +00:00
Savannah Savings	af50b940c1	Merge pull request 'fix: remove DinD/GHCR split to fix Docker socket and infra 403 [CAR-987]' (#19 ) from betty/car-987-fix-ci-docker-socket-and-infra-403 into dev fix: remove DinD/GHCR split to fix Docker socket and infra 403 [CAR-987] Consolidates build+push into single step (no DinD socket needed). Switches infra checkout to secrets.GITEA_DEPLOY_KEY for cross-repo access. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 19:35:14 +00:00
Checkout Charlie	ddf2b4fda5	fix: change vars.GITEA_DEPLOY_KEY to secrets.GITEA_DEPLOY_KEY per CTO review	2026-05-23 19:22:21 +00:00
Checkout Charlie	84571473a3	fix: remove DinD/GHCR scan split, use single push step CAR-987: Docker socket missing was caused by load:true requiring a local Docker daemon (DinD sidecar). Using push:true with registry authentication removes the need for local Docker daemon access. Also removed anchore scan step which required the loaded image. For infra repo access: changed secrets.GITEA_TOKEN to vars.GITEA_DEPLOY_KEY since Gitea Actions auto-token only has repo-scoped permissions and cannot access cross-repo resources like cartsnitch/infra (which is private). Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 19:06:16 +00:00
Savannah Savings	43e0fae823	Merge pull request 'fix: resolve npm audit vulnerabilities (CAR-937)' (#11 ) from betty/car-935-fix-setup-node into dev fix: resolve npm audit vulnerabilities (CAR-937) Fixes npm audit high-severity vulnerabilities.	2026-05-22 10:43:17 +00:00
Savannah Savings	a9a7db63b8	fix: improve preview server startup detection in lighthouse CI [CAR-937] Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:46:37 +00:00
Savannah Savings	75700fbb5e	fix: increase timeout for preview server in lighthouse CI [CAR-937] Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:41:58 +00:00
Savannah Savings	a729b7e21a	fix: add sleep before wait-on to ensure preview server is ready [CAR-937] Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:37:53 +00:00
Savannah Savings	4d5a5545e6	fix: use queueMicrotask before setState in VerifyEmail effect [CAR-937] Avoids lint error 'Avoid calling setState() directly within an effect'. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:34:29 +00:00
Savannah Savings	92edcc716d	chore: trigger CI re-run	2026-05-21 20:31:25 +00:00
Savannah Savings	aed8d58a94	fix: add overrides for remaining audit vulnerabilities [CAR-937] - Add @babel/plugin-transform-modules-systemjs >=7.29.4 for GHSA-fv7c-fp4j-7gwp - Add fast-uri >=3.1.2 for GHSA-q3j6-qgpj-74h6 and GHSA-v39h-62p7-jpjc - Raise brace-expansion to >=1.1.15 for GHSA-jxxr-4gwj-5jf2 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:20:27 +00:00
Savannah Savings	f78b9a4cc1	chore: trigger CI re-run after rebase [CAR-937]	2026-05-21 20:14:24 +00:00
Savannah Savings	a65bb0ef19	fix: update better-auth to 1.6.11 to resolve GHSA-wxw3-q3m9-c3jr Resolves moderate severity OAuth state mismatch vulnerability in better-auth. Updated package-lock.json to reflect patched transitive dependencies. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 20:06:22 +00:00
Savannah Savings	9af0e36db0	Merge pull request 'ci: pin setup-node to SHA to fix Gitea Actions module error [CAR-935]' (#9 ) from betty/car-935-fix-setup-node into dev Merge: ci: pin setup-node to SHA to fix Gitea Actions module error [CAR-935]	2026-05-21 19:34:39 +00:00
Savannah Savings	1ffc9466fc	ci: pin setup-node to SHA 49933ea5288caeca8642d1e84afbd3f7d6820020 Fixes 'Cannot find module .../dist/setup/index.js' error in Gitea Actions runner. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:25:45 +00:00
Savannah Savings	456e938310	Merge pull request 'chore: move workflows from .github to .gitea' (#5 ) from barcode-betty/move-workflows-to-gitea into dev chore: move workflows from .github to .gitea (CAR-896) Merge PR #5 to dev. QA verified by Checkout Charlie.	2026-05-21 12:14:16 +00:00
Savannah Savings	23ddc8b8e2	Merge pull request 'ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)' (#4 ) from betty/car-869-gitea-actions-app into dev ci: convert GitHub Actions to Gitea Actions (ubuntu-latest) CTO-approved. QA passed. Mechanical CI migration. cc @cpfarhood	2026-05-21 11:55:47 +00:00
Flea Flicker	5076f12486	chore: move workflows from .github to .gitea Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 11:54:10 +00:00
Flea Flicker	95466ccfef	ci: convert GitHub Actions to Gitea Actions (ubuntu-latest) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 04:10:33 +00:00