Commit Graph

13 Commits

Author SHA1 Message Date
Barcode Betty 35ec73bf8f fix(ci): probe preview server on 127.0.0.1, not localhost (CAR-1218)
The lighthouse job has been failing on dev for months because wait-on
probes http://localhost:4173/, but 'localhost' resolves to ::1 (IPv6) on
the Gitea Actions runner while 'npm run preview' (vite preview) binds
127.0.0.1 (IPv4) only. The HTTP probe never connects; lighthouse never
runs.

Pin both the wait-on probe and the lighthouserc url to 127.0.0.1:4173 so
the IPv4 binding is the only thing in play. Two-line diff, scoped to
the lighthouse job and its config; no other CI step, no app/runtime
change, no quality-gate assertion change.

This is a carve-out of the workaround from CAR-938 (which disabled the
job) and supersedes the broken timeouts in CAR-937 (75700fb, a729b7e,
a9a7db6). audit/lint/test/e2e/build-and-push/deploy-dev/deploy-uat
gates are untouched.

Refs: CAR-1218, CAR-1215, CAR-938, CAR-937
Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-04 01:18:49 +00:00
Barcode Betty 3dcf0ce021 ci: treat infra PR approvals gate as success in deploy jobs (CAR-1212)
Per the spec for CAR-1212 (CAR-1195 follow-up):

- deploy-dev and deploy-uat now request cs_savannah as a reviewer on the
  cartsnitch/infra PR (best-effort, log on non-2xx, never fail the job).
- After the merge attempt, classify the response:
  * .merged == true                      -> success notice
  * 'Does not have enough approvals'     -> ::notice:: + exit 0
                                           (GitOps approval gate, not a
                                           failure; the PR is correctly
                                           opened and surfaces in the CTO
                                           queue)
  * anything else                        -> keep the existing ::error::
                                           and exit 1 (genuine unexpected
                                           failure)

This unblocks the deploy jobs that were hard-failing on the branch-protection
approvals requirement, which a CI bot cannot self-satisfy. The CTO (cs_savannah)
already backstop-approves+merges these infra PRs by hand (e.g. #321, #322).

- 'No image changes to deploy' early-exit preserved.
- Still uses secrets.CI_GITEA_TOKEN for the PR/reviewer/merge API calls.
- No git push origin main: only the API path is used.

Refs CAR-1195, CAR-1194.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-03 21:34:18 +00:00
Barcode Betty 83b553b58e ci: delete overlay deploy branches after merge
Set delete_branch_after_merge:true on the auto-merge POST in both
deploy-dev and deploy-uat so the per-deploy branches in
cartsnitch/infra (ci/deploy-{dev,uat}-${GITHUB_SHA}) are removed
once their overlay image-tag bump lands on main. Without this flag
every successful deploy would leave a branch behind, accumulating
in cartsnitch/infra and making future re-runs of the same SHA
un-actionable from the existing branch name.

Refs CAR-1195 (CTO fix #2).
2026-06-03 20:53:54 +00:00
Barcode Betty 3a69ec29b5 fix(ci): bind deploy PR API to secrets.CI_GITEA_TOKEN (CAR-1195)
deploy-dev and deploy-uat had CI_GITEA_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
which is the package-scoped container-registry token. PR creation and
auto-merge against cartsnitch/infra would 403 on the first real push.
Bind to secrets.CI_GITEA_TOKEN (the token the infra checkout already
uses for branch push) so the Gitea API calls have repo-write scope.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-03 20:39:21 +00:00
Barcode Betty 2573de86d5 Update .gitea/workflows/ci.yml 2026-06-03 20:09:56 +00:00
Barcode Betty 06162f9f15 fix(ci): unblock dev build/deploy (CAR-1195) 2026-06-03 19:43:54 +00:00
Coupon Carl d92bcf433b fix(ci): remove actions/setup-node from lint job to bypass corrupted runner cache
Runner pod gitea-act-runner-cartsnitch-85b5984bb-527xw has a corrupt
/root/.cache/act clone of actions/setup-node (missing dist/setup/index.js).
SHA-pinning changed the cache hash but the fresh clone on that pod still
ends up missing the dist directory.

catthehacker/ubuntu:act-latest ships Node pre-installed; the lint job only
needs ESLint + tsc, both of which are devDependencies installed by npm ci.
Removing actions/setup-node from lint bypasses the corrupt pod cache entirely
without affecting other jobs.

Refs CAR-1162

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-06-03 19:07:14 +00:00
Barcode Betty a7a55bbf79 fix(ci): unblock dev PR #271 CI
- Remove .mcp.json (scope creep, unrelated to CAR-1078)
- Bump vitest to ^4.1.8 (fixes GHSA-5xrq-8626-4rwp critical)
- Run npm audit fix for non-breaking vulns
- Pin actions/checkout and actions/setup-node to commit SHAs
  in .gitea/workflows/ci.yml to force a clean cache fetch on
  the act runner (workaround for corrupted /root/.cache/act cache)

Refs CAR-1162, CAR-1122, CAR-1078
2026-06-03 11:41:19 +00:00
Coupon Carl 2c4e9985b1 ci: rename GITEA_TOKEN -> REGISTRY_TOKEN to match configured secret name
cpfarhood confirmed the Gitea registry token is configured as REGISTRY_TOKEN
(not GITEA_TOKEN). This applies to both the registry docker login steps
and the infra repo checkout steps in deploy-dev/deploy-uat.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-23 14:29:45 +00:00
cartsnitch-ci[bot] 821f1d20b3 fix(ci): replace hardcoded cs_carl username and fix kustomize image rename syntax
- Replace hardcoded 'cs_carl' Gitea registry username with '${{ github.actor }}' in all 5 login steps
- Use kustomize 'OLD=NEW:TAG' rename syntax so existing ghcr.io image entries are updated instead of duplicated

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-23 14:27:24 +00:00
Coupon Carl 555ced4fdc ci: migrate image registry from ghcr.io to git.farh.net
Replace GitHub Container Registry with Gitea's built-in container registry.
- REGISTRY env var: ghcr.io -> git.farh.net
- All 4 build-and-push jobs: replace GHCR login with Gitea registry login
  using cs_carl + GITEA_TOKEN (token already required for infra checkout)
- deploy-dev/deploy-uat: update kustomize image refs to git.farh.net/*
- Also fix legacy api/.gitea/workflows/ci.yml (non-executing nested file)

Required secrets drop from 5 to 3: DOCKERHUB_USERNAME, DOCKERHUB_TOKEN,
GITEA_TOKEN. GHCR_USERNAME and GHCR_TOKEN no longer needed.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-23 14:20:38 +00:00
Savannah Savings 4797f07af9 Merge pull request 'ci: move .github/workflows to .gitea/workflows [CAR-900]' (#259) from barcode-betty/move-workflows-to-gitea into dev
Merge PR #259: ci: move .github/workflows to .gitea/workflows [CAR-897]

QA-approved. CTO merge to dev.

cc @cpfarhood
2026-05-21 19:19:20 +00:00
Flea Flicker 96331c9fa7 Move .github/workflows to .gitea/workflows
- Relocate all CI workflows from .github/workflows/ to .gitea/workflows/
- Root: .github/workflows/ci.yml -> .gitea/workflows/ci.yml
- api/: api/.github/workflows/ci.yml -> api/.gitea/workflows/ci.yml
- common/: common/.github/workflows/ci.yml -> common/.gitea/workflows/ci.yml
- Gitea uses .gitea/workflows/ for CI configuration

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-21 11:59:35 +00:00