fix(GRO-1633): add buildx network=host and provenance:false to web CI

GRO-1672 follow-up: mirror groombook/api CI fixes in groombook/web - docker/setup-buildx-action: driver-opts network=host (DinD DNS fix) - docker/build-push-action: provenance: false (registry push compat) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Merge pull request 'fix(GRO-1414): update pet size value from x-large to xlarge' (#12 ) from fix/gro-1414-pet-size-enum into dev
2026-05-24 18:15:14 +00:00 · 2026-05-23 18:31:05 +00:00 · 2026-05-23 14:13:01 +00:00 · 2026-05-23 14:02:16 +00:00 · 2026-05-23 13:57:47 +00:00 · 2026-05-21 19:46:01 +00:00
16 changed files with 19 additions and 95 deletions
@@ -2,9 +2,9 @@ name: CI

 on:
  push:
-    branches: [main, dev]
+    branches: [main, dev, uat]
  pull_request:
-    branches: [main, dev]
+    branches: [main, dev, uat]
  workflow_dispatch:
    inputs:
      ref:
@@ -78,6 +78,8 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
+        with:
+          driver-opts: network=host

      - name: Log in to Gitea Container Registry
        uses: docker/login-action@v3
@@ -92,6 +94,7 @@ jobs:
          context: .
          file: Dockerfile
          push: true
+          provenance: false
          tags: |
            git.farh.net/groombook/web:${{ steps.version.outputs.tag }}
            ${{ github.ref == 'refs/heads/main' && 'git.farh.net/groombook/web:latest' || '' }}
@@ -18,4 +18,4 @@ COPY nginx.conf /etc/nginx/conf.d/default.conf
 COPY --from=builder /app/dist /usr/share/nginx/html
 EXPOSE 80
 HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
-  CMD curl -f http://localhost:80/ || exit 1
+  CMD wget --spider -q http://localhost:80/ || exit 1
@@ -69,6 +69,7 @@ export const { signIn, signOut, useSession, changePassword } = authClient;
 | TC-AUTH-5.3.1 | Auth client falls back to window.location.origin | Do not set `VITE_API_URL`, load app | Auth client uses `window.location.origin` as base URL |
 | TC-AUTH-5.3.2 | Sign-in on localhost | Load app without `VITE_API_URL` on localhost:3000 | Auth client uses `http://localhost:3000` as base URL |
 | TC-AUTH-5.3.3 | Sign-in on dev environment | Load app without `VITE_API_URL` on `https://dev.groombook.dev` | Auth client uses `https://dev.groombook.dev` as base URL |
+| TC-AUTH-5.3.4 | SSO cookie set after Authentik callback (GRO-1592) | Complete Authentik SSO login on UAT without `VITE_API_URL` set | `__Secure-better-auth.session_token` cookie is present in browser; subsequent `/api/*` calls include the cookie and return 200 |

 ### 5.4 Session Persistence

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96C853FAECD363909C4A0</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96CFC84D7A9333708F278</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96D48D7892E37386B9ACB</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96C25663D703833F23607</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96D89851C843332073968</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96C9C5A03D33730C61AD8</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96BEB91911B30317E3BE8</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96BFB7B92D33535D6D90D</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96B8BDF4B473630A2E120</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Error>
-  <Code>AccessDenied</Code>
-  <Message>You have no right to access this object because of bucket acl.</Message>
-  <RequestId>69D96D78BFFCAD343037C27C</RequestId>
-  <HostId>hailuo-image-algeng-data-us.oss-us-east-1.aliyuncs.com</HostId>
-  <EC>0003-00000001</EC>
-  <RecommendDoc>https://api.alibabacloud.com/troubleshoot?q=0003-00000001</RecommendDoc>
-</Error>
@@ -0,0 +1,10 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": ["config:recommended", ":pinAllExceptPeerDependencies", "helpers:pinGitHubActionDigests"],
+  "labels": ["dependencies"],
+  "prConcurrentLimit": 5,
+  "packageRules": [
+    {"matchUpdateTypes": ["minor", "patch"], "groupName": "minor and patch dependencies", "automerge": false},
+    {"matchDepTypes": ["devDependencies"], "matchUpdateTypes": ["minor", "patch"], "automerge": true, "automergeType": "pr"}
+  ]
+}
@@ -1,7 +1,7 @@
 import { createAuthClient } from "better-auth/react";

 export const authClient = createAuthClient({
-  baseURL: import.meta.env.VITE_API_URL ?? "",
+  baseURL: import.meta.env.VITE_API_URL || (typeof window !== "undefined" ? window.location.origin : ""),
 });

 export const { signIn, signOut, useSession, changePassword } = authClient;
@@ -519,7 +519,7 @@ export function BookPage() {
                    <option value="small">Small (under 15 lbs)</option>
                    <option value="medium">Medium (15–40 lbs)</option>
                    <option value="large">Large (40–80 lbs)</option>
-                    <option value="x-large">X-Large (over 80 lbs)</option>
+                    <option value="xlarge">X-Large (over 80 lbs)</option>
                  </select>
                </div>
                <div>
Author	SHA1	Message	Date
Barcode Betty	f6e6c3d75f	fix(GRO-1633): add buildx network=host and provenance:false to web CI CI / Test (pull_request) Successful in 20s Details CI / Lint & Typecheck (pull_request) Successful in 25s Details CI / Build & Push Docker Image (pull_request) Successful in 34s Details GRO-1672 follow-up: mirror groombook/api CI fixes in groombook/web - docker/setup-buildx-action: driver-opts network=host (DinD DNS fix) - docker/build-push-action: provenance: false (registry push compat) Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-24 18:15:14 +00:00
The Dogfather	c83214cf42	Merge pull request 'fix(GRO-1414): update pet size value from x-large to xlarge' (#12 ) from fix/gro-1414-pet-size-enum into dev CI / Test (push) Successful in 13s Details CI / Lint & Typecheck (push) Successful in 21s Details CI / Build & Push Docker Image (push) Failing after 2m20s Details fix(GRO-1414): update pet size value from x-large to xlarge (#12)	2026-05-23 18:31:05 +00:00
The Dogfather	80101fc37c	Merge pull request 'fix(GRO-1592): fallback auth baseURL to window.location.origin' (#15 ) from fix/gro-1592-sso-session-cookie into dev CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Failing after 39s Details	2026-05-23 14:13:01 +00:00
Flea Flicker	8ee58471b2	docs(UAT_PLAYBOOK): add TC-AUTH-5.3.4 — SSO cookie after Authentik callback CI / Test (pull_request) Successful in 14s Details CI / Lint & Typecheck (pull_request) Successful in 16s Details CI / Build & Push Docker Image (pull_request) Failing after 38s Details Documents the acceptance criteria for GRO-1592: after completing Authentik SSO login without VITE_API_URL set, the __Secure-better-auth.session_token cookie must be present in the browser and sent with subsequent /api/* calls. Updated: UAT_PLAYBOOK.md §5.3 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 14:02:16 +00:00
Flea Flicker	35d31a984d	fix(GRO-1592): fallback auth baseURL to window.location.origin CI / Test (pull_request) Successful in 18s Details CI / Lint & Typecheck (pull_request) Successful in 19s Details CI / Build & Push Docker Image (pull_request) Failing after 38s Details When VITE_API_URL is not set (e.g. in Docker/container deployments where the env var was never injected), fallback to window.location.origin so the auth client uses relative URLs and cookies are sent to the correct origin. Previously the fallback was empty string "", which caused the auth client to default to http://localhost:3000 — the nginx sub_filter workaround only handles strings baked into the JS bundle at build time, not runtime-constructed URLs. Fixes: SSO session cookie not set in browser after Authentik callback Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-23 13:57:47 +00:00
The Dogfather	f62c0b112d	Merge pull request 'feat(GRO-1173): admin UI buffer rules, service default buffer, pet size/coat' (#13 ) from flea-flicker/pet-profile-editor into dev CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Image (push) Successful in 10s Details CI / Test (pull_request) Successful in 15s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Image (pull_request) Successful in 10s Details feat(GRO-1173): admin UI buffer rules, service default buffer, pet size/coat (#13) Merged-By: The Dogfather (CTO) Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 19:46:01 +00:00
Flea Flicker	f1bb7c4fa6	fix(GRO-1414): update pet size value from x-large to xlarge CI / Test (pull_request) Successful in 14s Details CI / Lint & Typecheck (pull_request) Successful in 18s Details CI / Build & Push Docker Image (pull_request) Successful in 35s Details Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-21 06:58:56 +00:00
The Dogfather	56b11befe9	Merge pull request 'feat(GRO-1174): add pet size/coat dropdowns to booking wizard' (#8 ) from flea-flicker/pet-profile-editor into dev CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Build & Push Docker Image (push) Successful in 37s Details test merge	2026-05-21 00:43:10 +00:00
Scrubs McBarkley	f70dd96c65	Merge pull request 'feat: extract groombook/web from monorepo (GRO-903)' (#1 ) from dev into main CI / Test (push) Successful in 14s Details CI / Lint & Typecheck (push) Successful in 16s Details CI / Build & Push Docker Image (push) Successful in 14s Details feat: extract groombook/web from monorepo (GRO-903) Bootstrap exception: dev → main QA: Lint Roller (#2753) CTO: The Dogfather (#2764) CI: Lint & Typecheck ✓, Tests ✓, Docker Build ✓ UAT_PLAYBOOK.md: present	2026-05-20 15:26:27 +00:00
Chris Farhood	42f3e3211a	fix(GRO-903): resolve CI/CD blockers on groombook/web PR #1 CI / Test (push) Successful in 15s Details CI / Test (pull_request) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 17s Details CI / Lint & Typecheck (pull_request) Successful in 17s Details CI / Build & Push Docker Image (push) Successful in 10s Details CI / Build & Push Docker Image (pull_request) Successful in 11s Details - Move CI workflow from .github/workflows/ to .gitea/workflows/ - Add uat branch to CI triggers (push and pull_request) - Fix Dockerfile HEALTHCHECK to use wget instead of curl Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 15:01:46 +00:00
Chris Farhood	465db89ab4	fix(GRO-1361): remove unused X import and delete corrupted demo-pet images CI / Test (push) Successful in 16s Details CI / Test (pull_request) Successful in 15s Details CI / Lint & Typecheck (push) Successful in 19s Details CI / Lint & Typecheck (pull_request) Successful in 19s Details CI / Build & Push Docker Image (pull_request) Successful in 41s Details CI / Build & Push Docker Image (push) Successful in 2m55s Details - Remove unused 'X' import from lucide-react in PetProfiles.tsx - Delete 10 corrupted demo-pet PNG files that contain Alibaba AccessDenied XML Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-20 14:09:20 +00:00
The Dogfather	ee7fc2e9bf	Merge pull request 'chore: add Renovate config (GRO-1081)' (#4 ) from add-renovate-config into dev CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Failing after 17s Details CI / Build & Push Docker Image (push) Has been skipped Details CI / Test (pull_request) Successful in 14s Details CI / Lint & Typecheck (pull_request) Failing after 18s Details CI / Build & Push Docker Image (pull_request) Has been skipped Details chore: add Renovate config (GRO-1081) Merge PR #4: add-renovate-config → dev Approved by QA (Lint Roller) and CTO (The Dogfather).	2026-05-20 12:41:45 +00:00
The Dogfather	c8610ec28d	Merge pull request 'fix(ci): use Gitea registry for Docker push' (#9 ) from fix/ci-registry-auth into dev CI / Test (push) Successful in 15s Details CI / Lint & Typecheck (push) Failing after 17s Details CI / Build & Push Docker Image (push) Has been skipped Details CI / Lint & Typecheck (pull_request) Failing after 17s Details CI / Test (pull_request) Successful in 13s Details CI / Build & Push Docker Image (pull_request) Has been skipped Details fix(ci): use Gitea registry for Docker push (#9) GRO-1348 - Change Docker login from ghcr.io/GITHUB_TOKEN to git.farh.net/REGISTRY_TOKEN - Update image tags from ghcr.io/groombook/web to git.farh.net/groombook/web - Replace GitHub Actions cache with registry cache	2026-05-20 11:17:01 +00:00
Chris Farhood	a582bd04b7	fix(ci): use Gitea registry for Docker push CI / Lint & Typecheck (pull_request) Failing after 18s Details CI / Test (pull_request) Successful in 15s Details CI / Build & Push Docker Image (pull_request) Has been skipped Details - Change Docker login from ghcr.io/GITHUB_TOKEN to git.farh.net/REGISTRY_TOKEN - Update image tags from ghcr.io/groombook/web to git.farh.net/groombook/web - Replace GitHub Actions cache (type=gha) with registry cache - Remove GitHub Actions-specific permissions block - GRO-1348 Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-20 10:57:02 +00:00
Chris Farhood	b8a9e8cc09	chore: add Renovate config GRO-1081: add renovate.json to successor repos Co-Authored-By: Paperclip <noreply@paperclip.ing>	2026-05-14 17:42:22 +00:00