fix(ci): add provenance: false to fix registry push failures

OCI attestation manifests fail to push on Gitea registry when image layers already exist (cross-repo blob references). Disabling provenance generation on all four build-push-action steps ensures a simple single manifest push that Gitea handles reliably. Co-Authored-By: Paperclip <noreply@paperclip.ing>
fix: add network=host to buildx driver-opts for DinD DNS resolution
2026-05-23 01:25:07 +00:00 · 2026-05-23 00:52:59 +00:00 · 2026-05-22 22:39:41 +00:00 · 2026-05-22 22:36:15 +00:00
2 changed files with 7 additions and 1 deletions
@@ -78,6 +78,8 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
@@ -89,6 +91,7 @@ jobs:
      - name: Build and push API image
        uses: docker/build-push-action@v6
        with:
+          provenance: false
          context: .
          file: Dockerfile
          target: runner
@@ -102,6 +105,7 @@ jobs:
      - name: Build and push Migrate image
        uses: docker/build-push-action@v6
        with:
+          provenance: false
          context: .
          file: Dockerfile
          target: migrate
@@ -115,6 +119,7 @@ jobs:
      - name: Build and push Seed image
        uses: docker/build-push-action@v6
        with:
+          provenance: false
          context: .
          file: Dockerfile
          target: seed
@@ -128,6 +133,7 @@ jobs:
      - name: Build and push Reset image
        uses: docker/build-push-action@v6
        with:
+          provenance: false
          context: .
          file: Dockerfile
          target: reset
@@ -23,7 +23,7 @@ if (process.env.AUTH_DISABLED === "true") {
 }

 export const authMiddleware: MiddlewareHandler = async (c, next) => {
-  if (c.req.path.startsWith("/api/auth/")) {
+  if (c.req.path.startsWith("/api/auth/") || c.req.path === "/api/health") {
    await next();
    return;
  }
Author	SHA1	Message	Date
Flea Flicker	d17915907c	fix(ci): add provenance: false to fix registry push failures CI / Test (pull_request) Successful in 1m6s Details CI / Lint & Typecheck (pull_request) Successful in 1m10s Details CI / Build & Push Docker Images (pull_request) Successful in 37s Details OCI attestation manifests fail to push on Gitea registry when image layers already exist (cross-repo blob references). Disabling provenance generation on all four build-push-action steps ensures a simple single manifest push that Gitea handles reliably. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 01:25:07 +00:00
The Dogfather	4e8c66f3ca	fix: add network=host to buildx driver-opts for DinD DNS resolution CI / Test (push) Successful in 43s Details CI / Lint & Typecheck (push) Successful in 44s Details CI / Build & Push Docker Images (push) Failing after 39s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 00:52:59 +00:00
The Dogfather	ea28095434	Merge pull request 'fix(GRO-1566): bypass auth for /api/health endpoint on UAT' (#61 ) from fix/gro-1566-api-health-auth-bypass into dev CI / Test (push) Failing after 1m33s Details CI / Lint & Typecheck (push) Failing after 1m39s Details CI / Build & Push Docker Images (push) Has been skipped Details	2026-05-22 22:39:41 +00:00
Flea Flicker	3b9c72c2c4	fix(GRO-1566): bypass auth for /api/health endpoint on UAT CI / Lint & Typecheck (pull_request) Failing after 1m27s Details CI / Test (pull_request) Failing after 1m38s Details CI / Build & Push Docker Images (pull_request) Has been skipped Details The /api/health endpoint returns 401 on UAT because authMiddleware was not skipping it — the health check was registered on the Hono app instance (not the api sub-router), placing it below authMiddleware on the base app. The fix adds /api/health to the auth skip list alongside /api/auth/. The /health endpoint (registered at app level, above all middleware) correctly returns 200. The /api/health endpoint must also be public since the task requires confirming it returns 200. Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-22 22:36:15 +00:00