chore(deps)(deps): bump docker/login-action from 3 to 4#1
Closed
dependabot[bot] wants to merge 1 commit into
Closed
chore(deps)(deps): bump docker/login-action from 3 to 4#1dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
ntatschner
pushed a commit
that referenced
this pull request
May 11, 2026
… settings Drift-audit fix #1 + #6. The server endpoint GET /v1/me/hangar has existed for ages but no web page consumed it — the entire hangar pipeline was dead-ended on the read side. The tray POSTs snapshots, postgres stores them, and the user had to launch the tray to see their fleet. Closes that loop. Web changes: * apps/web/src/lib/api.ts — getMyHangar + HangarSnapshot/HangarShip type aliases off the generated schema. Wraps the request to convert the server's 404 ("no_hangar_yet") into a typed null, matching the getCurrentLocation pattern (caller doesn't have to try/catch a status code). * apps/web/src/components/HangarCard.tsx — server component rendering captured_at as a relative timestamp, total ship count, breakdown by RSI's free-form `kind` field (ship / vehicle / skin / upgrade / paint / unspecified), and a preview list of up to six ships with manufacturer in mono. Empty state nudges users toward /devices to pair the tray. * apps/web/src/app/dashboard/page.tsx — fetches the snapshot alongside profile and renders the card under ProfileCard. * apps/web/src/app/settings/page.tsx — same fetch, places the card between the RSI handle ownership section and Sharing. The fetch is independent of `me.rsi_verified` because hangar push is gated on a paired tray + a working RSI cookie, not on the bio-code verification flow. A user can have a hangar without having verified their handle (and vice versa). Web typecheck + lint clean. dashboard.spec.ts + settings.spec.ts both still pass under the existing mock-server scenarios — the mock returns 404 for unmocked routes which getMyHangar correctly converts to null, and the empty-state card renders.
This was referenced May 20, 2026
ntatschner
pushed a commit
that referenced
this pull request
May 21, 2026
Replaces the tracing::info! placeholder in set_sync with a real
audit.append() call. Action is device.sync_enabled or
device.sync_disabled depending on the body's enabled flag.
Subject is the device_id; actor is the caller's user_id.
Audit emission is best-effort per CLAUDE.md — wrapped in
if let Err(e) = ... { tracing::warn!(...) } so an audit hiccup
never poisons the response.
Closes follow-up #1 from PR #63.
4 tasks
ntatschner
pushed a commit
that referenced
this pull request
May 21, 2026
Replaces the tracing::info! placeholder in set_sync with a real
audit.append() call. Action is device.sync_enabled or
device.sync_disabled depending on the body's enabled flag.
Subject is the device_id; actor is the caller's user_id.
Audit emission is best-effort per CLAUDE.md — wrapped in
if let Err(e) = ... { tracing::warn!(...) } so an audit hiccup
never poisons the response.
Closes follow-up #1 from PR #63.
This was referenced May 23, 2026
ntatschner
added a commit
that referenced
this pull request
May 24, 2026
* ci: add actionlint, invariant sentry, drop transition fallback Three small follow-ups from the release-tracks-split punch-list (see the gap audit in the chore/release-tracks-split PR's discussion): 1. New invariant-sentry.yml workflow runs hourly + on push to main/next and opens/closes a tracking issue when Invariant #1 (main is a strict ancestor of next) is violated. Catches silent back-merge failures from release.yml within an hour instead of weeks-later via a blocked live promotion. Self-heals: the same workflow auto-closes the issue when the next clean run sees the invariant restored. 2. New actionlint job in ci.yml (PR-only, scoped to changed workflow files). Catches workflow YAML syntax + GitHub Actions semantic errors at PR time rather than at first run. Cheap (~5s) and only fires when .github/workflows/*.yml changed. 3. Drop the pre-migration 'origin/next absent' fallback in release-images.yml's validate-tag step. The two-branch model has been live for many cycles; an absent origin/next is now a real misconfiguration, not a migration window. Falling back to suffix-only routing would silently let a misrouted tag ship. release.yml has the same fallback but is being rewritten by the release-tracks-split PR — this drop will land for release.yml in a follow-up after the split PR merges. Out of scope (queued for separate PRs): - Doc reference sweep (CHANGELOG, CONTRIBUTING, SECURITY, README, DESIGN-METRICS-IMPLEMENTATION-PLAN, plus most of docs/RELEASING.md body): bulk text update, no code impact. - Branch protection rules on main + next: needs PAT bypass thinking through. - release.yml fallback drop: conflicts with the in-flight release-tracks-split PR. - The 8 outstanding breaking Dependabot PRs (Next 16, vitest 4, etc.): per-PR review pass. * ci: silence SC2016 on intentional backtick-in-single-quote The Detect drift step emits a GitHub error annotation containing markdown-style backticks around the pnpm command. shellcheck flags this as SC2016 (single-quoted backticks != command substitution) — false positive here since the backticks are intentional emphasis. Adding shellcheck disable=SC2016 with a comment explaining intent. No behaviour change in the rendered annotation. --------- Co-authored-by: Nigel Tatschner <n Tatschner@gmail.com>
ntatschner
pushed a commit
that referenced
this pull request
May 24, 2026
…mits) # Conflicts: # release-manifests/tray-alpha.json
3 tasks
ntatschner
pushed a commit
that referenced
this pull request
May 24, 2026
ntatschner
added a commit
that referenced
this pull request
May 24, 2026
…abel (#95) Two follow-ups from the 2026-05-24 incident where: (a) release.yml's back-merge silently soft-failed on conflicts in release-manifests/tray-alpha.json after every release, leaving Invariant #1 violated; and (b) invariant-sentry.yml correctly detected (a) but couldn't open the tracking issue because the 'ci-sentry' label didn't exist. release.yml: add '-X theirs' to the back-merge so main's manifest content always wins. The conflict source is structural — every release rewrites release-manifests/tray-<channel>.json on main, and next's snapshot of that file (originally from the tray- prefix rename in PR #91) goes stale immediately. Main's freshly-written manifest is by definition the correct value, so 'theirs' is safe. No legitimate scenario has next holding a manifest change that main doesn't (manifests are only written by this workflow). invariant-sentry.yml: pre-create the ci-sentry label inline before gh issue create runs (--force is no-op if it already exists). Avoids the 'could not add label: ci-sentry not found' hard fail from run 26349188328. Co-authored-by: Nigel Tatschner <n Tatschner@gmail.com>
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps docker/login-action from 3 to 4.
Release notes
Sourced from docker/login-action's releases.
... (truncated)
Commits
4907a6dMerge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...1e233e6chore: update generated content6c24eadbuild(deps): bump the aws-sdk-dependencies group with 2 updatesee034d7Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.11527209Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...d39362abuild(deps): bump lodash from 4.17.23 to 4.18.1a6f092bchore: update generated content60953f0build(deps): bump the proxy-agent-dependencies group with 2 updates62c6885Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...102c0e6chore: update generated contentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)