From e9a8b6de97db0c2b7f95203936b83aa1a5331cd4 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 12 Mar 2026 15:14:34 -0500 Subject: [PATCH 1/4] ci: reorder release workflow --- .gitea/workflows/release-image.yaml | 84 ++++++++++++++--------------- 1 file changed, 39 insertions(+), 45 deletions(-) diff --git a/.gitea/workflows/release-image.yaml b/.gitea/workflows/release-image.yaml index 64a67d9..5c4e455 100644 --- a/.gitea/workflows/release-image.yaml +++ b/.gitea/workflows/release-image.yaml @@ -8,44 +8,7 @@ on: workflow_dispatch: jobs: - semantic-release: - runs-on: ubuntu-js - outputs: - new-release-published: ${{ steps.semantic.outputs.new-release-published }} - new-release-version: ${{ steps.semantic.outputs.new-release-version }} - new-release-git-tag: ${{ steps.semantic.outputs.new-release-git-tag }} - steps: - - name: Checkout - uses: actions/checkout@v6 - with: - fetch-depth: 0 - token: ${{ secrets.BOT_TOKEN }} - - - name: Set up Node - uses: actions/setup-node@v6 - with: - node-version: 24.14.0 - - - name: Set up Bun - uses: oven-sh/setup-bun@v2 - with: - bun-version: 1.3.10 - - - name: Install Dependencies - run: bun install --frozen-lockfile - - - name: Run Semantic Release - id: semantic - env: - GITEA_TOKEN: ${{ secrets.BOT_TOKEN }} - GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} - NODE_PATH: ${{ github.workspace }}/node_modules - run: | - bun run semantic-release - build: - needs: semantic-release - if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} runs-on: ubuntu-js steps: - name: Checkout @@ -98,8 +61,6 @@ jobs: image: true guarddog: - needs: semantic-release - if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} runs-on: ubuntu-js steps: - name: Checkout @@ -136,9 +97,45 @@ jobs: actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=release-image.yaml", "clear": true}]' image: true + semantic-release: + needs: [ build, guarddog ] + runs-on: ubuntu-js + outputs: + new-release-published: ${{ steps.semantic.outputs.new-release-published }} + new-release-version: ${{ steps.semantic.outputs.new-release-version }} + new-release-git-tag: ${{ steps.semantic.outputs.new-release-git-tag }} + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + fetch-depth: 0 + token: ${{ secrets.BOT_TOKEN }} + + - name: Set up Node + uses: actions/setup-node@v6 + with: + node-version: 24.14.0 + + - name: Set up Bun + uses: oven-sh/setup-bun@v2 + with: + bun-version: 1.3.10 + + - name: Install Dependencies + run: bun install --frozen-lockfile + + - name: Run Semantic Release + id: semantic + env: + GITEA_TOKEN: ${{ secrets.BOT_TOKEN }} + GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} + NODE_PATH: ${{ github.workspace }}/node_modules + run: | + bun run semantic-release + release-harbor: runs-on: ubuntu-js - needs: [semantic-release, build, guarddog, ] + needs: semantic-release if: ${{ needs.semantic-release.outputs.new-release-published == 'true' }} steps: - name: Checkout @@ -240,13 +237,10 @@ jobs: release-gitea: runs-on: ubuntu-js - needs: [ semantic-release, build, guarddog, release-harbor ] + needs: [ semantic-release, release-harbor ] if: | always() && - needs.semantic-release.result == 'success' && - needs.semantic-release.outputs.new-release-published == 'true' && - needs.build.result == 'success' && - needs.guarddog.result == 'success' + needs.semantic-release.outputs.new-release-published == 'true' steps: - name: Checkout uses: actions/checkout@v6 From d083660f1ca79838ba52dbcbc674b2b2274fd4c3 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 12 Mar 2026 15:44:42 -0500 Subject: [PATCH 2/4] ci: make registry an arg --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6293599..7f78157 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM dhi.io/bun:1.3.10-debian13-dev AS builder +ARG REGISTRY=dhi.io +FROM ${REGISTRY}/bun:1.3.10-debian13-dev AS builder + WORKDIR /app COPY package.json bun.lock ./ @@ -15,7 +17,7 @@ FROM build-deps AS build COPY . . RUN bun run build -FROM dhi.io/bun:1.3.10-alpine3.22 AS runtime +FROM ${REGISTRY}/bun:1.3.10-alpine3.22 AS runtime WORKDIR /app COPY --from=prod-deps /app/node_modules /app/node_modules COPY --from=build /app/dist /app/dist From 4c8665ebe2527ff605f82451b2173dd0473aa840 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 12 Mar 2026 16:26:17 -0500 Subject: [PATCH 3/4] feat: use alpine-dev for bun builder --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7f78157..e15c23a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG REGISTRY=dhi.io -FROM ${REGISTRY}/bun:1.3.10-debian13-dev AS builder +FROM ${REGISTRY}/bun:1.3.10-alpine3.22-dev AS builder WORKDIR /app From 0dfcc2598401765a1899d407a8bc34e8c105adcf Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 12 Mar 2026 18:05:46 -0500 Subject: [PATCH 4/4] feat: disable security feature --- astro.config.mjs | 2 -- 1 file changed, 2 deletions(-) diff --git a/astro.config.mjs b/astro.config.mjs index 967443a..4d9885e 100644 --- a/astro.config.mjs +++ b/astro.config.mjs @@ -13,8 +13,6 @@ import { getSiteURL } from './src/support/url'; export default defineConfig({ site: getSiteURL(), - security: { csp: true }, - image: { remotePatterns: [ { protocol: 'https', hostname: '*.alexlebens.net' },