Conversation
…gin fetches (#8194) Change Cross-Origin-Embedder-Policy from require-corp to credentialless on isometric pages. require-corp blocks all cross-origin fetches unless the remote server sends CORP headers — this broke Supabase SDK calls to supabase.kbve.com. credentialless still enables SharedArrayBuffer for WASM pthreads while allowing cross-origin requests that don't use cookies (Supabase uses bearer tokens in Authorization header).
…r isolation (#8200) /_astro/ JS bundles loaded as Web Workers (e.g. supabase/droid worker) need their own Cross-Origin-Embedder-Policy header. Without it, self.crossOriginIsolated is false inside the worker and Atomics/SharedArrayBuffer are unavailable. Bumps to v1.0.61. Co-authored-by: Al @h0lybyte <5599058+h0lybyte@users.noreply.github.com>
Contributor
Author
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned Files
|
…nnection close (#8199) RFC 7230 §6.1 forbids forwarding hop-by-hop headers across proxy boundaries. The proxy was forwarding Transfer-Encoding, Connection, Keep-Alive, Content-Encoding, Upgrade, etc. from upstream responses directly to nginx. Specifically, forwarding Connection: close caused hyper to close the nginx keep-alive TCP connection immediately after the response, which nginx logs as "upstream prematurely closed connection while reading response header". Fixes: - Strip hop-by-hop headers (transfer-encoding, connection, keep-alive, content-encoding, upgrade, proxy-connection, te, trailers) from upstream responses before forwarding — axum/hyper sets the correct content-length on the buffered body automatically. - Strip hop-by-hop headers and accept-encoding from upstream requests so ArgoCD/Grafana never compress responses (body is fully buffered, so we need raw bytes; stripping accept-encoding eliminates any content-encoding mismatch in the pipeline). - Use append instead of insert when building reqwest header maps so multi-value headers (Accept, Cookie, Set-Cookie, Vary) are preserved. Bumps axum-kbve to v1.0.61.
* ci(bevy): add ci-bevy.yml async workflow, remove tauri jobs from ci-main - Adds ci-bevy.yml triggered by workflow_run on CI - Main success - WASM is the only active build target (Bevy → wasm32-unknown-unknown via wasm-pack) - Native targets (macOS, Linux, Windows, iOS) scaffolded as commented matrix entries - Wires in utils-ci-failure-tracker.yml from day one (#8186) - Removes generate_tauri_matrix + build_tauri from ci-main.yml - Closes the Tauri bottleneck that was holding up the main pipeline Refs #8197 * ci(docker): add ci-docker.yml async workflow, remove docker jobs from ci-main - Adds ci-docker.yml triggered by workflow_run on CI - Main success - Full pipeline: guard → alter → base images → e2e → collect → publish → kube - Build-once: test_docker pushes ci-{sha} tag, publish_docker promotes it - Removes all docker/kube jobs from ci-main.yml (10 jobs gone) - Wires utils-ci-failure-tracker.yml for async failure visibility (#8186) - cancel-in-progress: false to protect mid-flight docker pushes Refs #8197 * ci(smoke): wire failure tracker into ci-docker-smoke-test.yml Tracks resolve_digests and smoke_build failures as GitHub issues so weekly digest-pin failures don't go unnoticed (#8186 Phase 1). * ci(publish): add ci-publish.yml async workflow, slim ci-main to dispatcher - Adds ci-publish.yml triggered by workflow_run on CI - Main success - npm/crates/python/godot all fan out in parallel after alter - Each domain owns its full test → collect → publish chain - All three registries already have version checks in their reusable workflows - Per-domain failure trackers: track_npm_failure, track_crates_failure, track_python_failure - Removes deploy job + all npm/crates/python/godot jobs from ci-main - ci-main is now a pure dispatcher: globals → call_sync + alter only Refs #8197
github-actions
bot
changed the title
h0lybyte
approved these changes
Mar 17, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release: Dev → Main
4 atomic commits ready for main
Bug Fixes
5a6aab7)02665e5)8c28a8d)CI/CD
15314bf)This PR is automatically maintained by CI — KBVE Studio