Re-running the same commit collided with the prior run's deploy/<sha> branch
(non-fast-forward reject). The branch is a disposable deploy artifact; main is
the protected human-merge gate, so force-push is safe and makes re-runs work.
The branch push is the deploy artifact; opening the PR is best-effort.
Previously a no-timeout curl to the private Gitea API tripped split-horizon
DNS from the runner, hanging the step ~10min then failing the whole run.
Now: --connect-timeout 10 --max-time 30, failure is logged non-fatally, exit 0.
All JS moved to external /site.js → script-src 'self' with no inline JS,
hashes or eval. Full header set via nginx (CSP, nosniff, frame-deny,
referrer, permissions, COOP/CORP); HSTS stays at the CF edge. Shared
headers include avoids the location add_header reset footgun. Build-time
secret/inline-script/third-party scan gate. SECURITY.md documents posture.
Real career history (Woolworths, Virtus Health, Linde, ELGAS, Darktime),
cloud-heavy skills matrix, education, LinkedIn, Sydney location, and
projects mapped to actual work. OG subtitle now smaller italic serif.
jwright