Merge pull request 'fix(GRO-1544): restore /health alongside /api/health endpoint' (#60 ) from fix/gro-1544-api-health-endpoint into dev

fix(GRO-1544): restore /health alongside /api/health endpoint (#60)
Merge pull request 'fix(GRO-1576): add provenance: false to all build-push-action steps' (#64 ) from fix/gro-1576-ci-provenance-false into dev
2026-05-23 18:30:57 +00:00 · 2026-05-23 01:40:07 +00:00 · 2026-05-23 01:30:16 +00:00 · 2026-05-23 00:52:59 +00:00 · 2026-05-22 22:39:41 +00:00 · 2026-05-22 22:36:15 +00:00
3 changed files with 10 additions and 1 deletions
@@ -78,6 +78,8 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
@@ -93,6 +95,7 @@ jobs:
          file: Dockerfile
          target: runner
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/api:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/api:latest' || '' }}
@@ -106,6 +109,7 @@ jobs:
          file: Dockerfile
          target: migrate
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/migrate:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/migrate:latest' || '' }}
@@ -119,6 +123,7 @@ jobs:
          file: Dockerfile
          target: seed
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/seed:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/seed:latest' || '' }}
@@ -132,6 +137,7 @@ jobs:
          file: Dockerfile
          target: reset
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/reset:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/reset:latest' || '' }}
@@ -59,6 +59,9 @@ app.use(
 );

 // Health check — no auth required, registered on app at full path before auth middleware
+// /health: used by Dockerfile HEALTHCHECK and K8s readinessProbe/livenessProbe (port 3000 direct)
+app.get("/health", (c) => c.json({ status: "ok" }));
+// /api/health: used by Gateway HTTPRoute (/api/* → API pod)
 app.get("/api/health", (c) => c.json({ status: "ok" }));

 // Public booking routes — no auth required, must be registered before auth middleware
@@ -23,7 +23,7 @@ if (process.env.AUTH_DISABLED === "true") {
 }

 export const authMiddleware: MiddlewareHandler = async (c, next) => {
-  if (c.req.path.startsWith("/api/auth/")) {
+  if (c.req.path.startsWith("/api/auth/") || c.req.path === "/api/health") {
    await next();
    return;
  }
Author	SHA1	Message	Date
The Dogfather	06d72b5baf	Merge pull request 'fix(GRO-1544): restore /health alongside /api/health endpoint' (#60 ) from fix/gro-1544-api-health-endpoint into dev CI / Lint & Typecheck (push) Successful in 45s Details CI / Test (push) Successful in 46s Details CI / Build & Push Docker Images (push) Successful in 2m45s Details fix(GRO-1544): restore /health alongside /api/health endpoint (#60)	2026-05-23 18:30:57 +00:00
The Dogfather	33aa63b10f	Merge pull request 'fix(GRO-1576): add provenance: false to all build-push-action steps' (#64 ) from fix/gro-1576-ci-provenance-false into dev CI / Lint & Typecheck (push) Successful in 10s Details CI / Test (push) Successful in 11s Details CI / Build & Push Docker Images (push) Successful in 20s Details fix(GRO-1576): add provenance: false to all build-push-action steps (#64) Disables OCI attestation manifest generation that was hitting a Gitea registry bug when image layers are pre-existing. Reviewed-by: Lint Roller (QA) Approved-by: The Dogfather (CTO)	2026-05-23 01:40:07 +00:00
Flea Flicker	e26d960046	fix(GRO-1576): add provenance: false to all build-push-action steps CI / Lint & Typecheck (pull_request) Successful in 11s Details CI / Test (pull_request) Successful in 11s Details CI / Build & Push Docker Images (pull_request) Failing after 2m28s Details Docker Buildx v6 defaults to OCI attestation manifests (--attest type=provenance,mode=max). These hit a Gitea registry bug when image layers are pre-existing (blob mount), causing "unknown" errors on manifest list push. API image succeeds because it pushes new layers; migrate/seed/ reset fail because their layers already exist. Disabling provenance attestation on all four build-push-action steps resolves the push failures. Addresses GRO-1575. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 01:30:16 +00:00
The Dogfather	4e8c66f3ca	fix: add network=host to buildx driver-opts for DinD DNS resolution CI / Test (push) Successful in 43s Details CI / Lint & Typecheck (push) Successful in 44s Details CI / Build & Push Docker Images (push) Failing after 39s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 00:52:59 +00:00
The Dogfather	ea28095434	Merge pull request 'fix(GRO-1566): bypass auth for /api/health endpoint on UAT' (#61 ) from fix/gro-1566-api-health-auth-bypass into dev CI / Test (push) Failing after 1m33s Details CI / Lint & Typecheck (push) Failing after 1m39s Details CI / Build & Push Docker Images (push) Has been skipped Details	2026-05-22 22:39:41 +00:00
Flea Flicker	3b9c72c2c4	fix(GRO-1566): bypass auth for /api/health endpoint on UAT CI / Lint & Typecheck (pull_request) Failing after 1m27s Details CI / Test (pull_request) Failing after 1m38s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details The /api/health endpoint returns 401 on UAT because authMiddleware was not skipping it — the health check was registered on the Hono app instance (not the api sub-router), placing it below authMiddleware on the base app. The fix adds /api/health to the auth skip list alongside /api/auth/. The /health endpoint (registered at app level, above all middleware) correctly returns 200. The /api/health endpoint must also be public since the task requires confirming it returns 200. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-22 22:36:15 +00:00
Flea Flicker	49f70eb74b	fix(GRO-1544): restore /health alongside /api/health endpoint CI / Lint & Typecheck (pull_request) Failing after 1m34s Details CI / Test (pull_request) Failing after 1m38s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details The previous GRO-1544 PR changed /health to /api/health but removed the /health endpoint entirely. This breaks: - Dockerfile HEALTHCHECK (curl -f http://localhost:3000/health) - K8s readinessProbe/livenessProbe (httpGet: path: /health, port: 3000) Both paths are registered before auth middleware so both remain publicly accessible without authentication. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-22 22:18:52 +00:00