jwright/bztmon-site
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
20 Commits 1 Branch 0 Tags
1c87af560d25d0faee70af8406196b77c68c3b75
Commit Graph

11 Commits

Author SHA1 Message Date
jwright 1c87af560d ci(bump-digest): force-push the ephemeral deploy branch (idempotent re-runs) 
Re-running the same commit collided with the prior run's deploy/<sha> branch
(non-fast-forward reject). The branch is a disposable deploy artifact; main is
the protected human-merge gate, so force-push is safe and makes re-runs work.
 2026-06-17 23:33:34 +10:00
jwright 2592b5680b ci(bump-digest): bound PR-open curl + make it non-fatal so runs go green 
The branch push is the deploy artifact; opening the PR is best-effort.
Previously a no-timeout curl to the private Gitea API tripped split-horizon
DNS from the runner, hanging the step ~10min then failing the whole run.
Now: --connect-timeout 10 --max-time 30, failure is logged non-fatally, exit 0.
 2026-06-17 23:02:27 +10:00
jwright 1c956d6ec4 Hero: fix title descender clipping (g); CI: rename PR token var so Gitea's auto GITEA_TOKEN doesn't 401 the branch step
build-and-deploy / build (push) Failing after 11m19s
Details
2026-06-17 20:54:57 +10:00
jwright 18ed7458c3 CI: per-user digest file path (avoid /tmp collision between manual + runner) 2026-06-17 20:51:08 +10:00
jwright a729484c7a Hero/OG: Platform & Infrastructure Engineer, RHEL-led tagline with ▸; fix :8080 links (relative nginx redirects)
build-and-deploy / build (push) Failing after 15m26s
Details
2026-06-17 20:35:51 +10:00
jwright 3fd0a9a729 CI: retry buildah build/push (resilient to transient registry 502s) 2026-06-17 20:27:59 +10:00
jwright fbad7a18db CI: digest-bump pushes a branch for manual PR (no broad token needed) 2026-06-17 20:11:13 +10:00
jwright 83edaf5975 M5: publish seam + CI/CD pipeline
build-and-deploy / build (push) Failing after 15m10s
Details 
scripts/new-post.mjs writes schema-valid posts from flags or a JSON event
(the IaC publish seam). Gitea Actions workflow: ci check, audit-ci gate,
build, dist scan, CycloneDX SBOM, buildah build+push, and a least-privilege
digest-bump PR to home-ops (never auto-merged). Renovate + audit allowlist.
 2026-06-17 17:20:54 +10:00
jwright c1db5cec86 M4: security pass — strict CSP, header split, build-time scan 
All JS moved to external /site.js → script-src 'self' with no inline JS,
hashes or eval. Full header set via nginx (CSP, nosniff, frame-deny,
referrer, permissions, COOP/CORP); HSTS stays at the CF edge. Shared
headers include avoids the location add_header reset footgun. Build-time
secret/inline-script/third-party scan gate. SECURITY.md documents posture.
 2026-06-17 17:12:57 +10:00
jwright ae207eb79d Populate site with real CV data; restyle OG subtitle 
Real career history (Woolworths, Virtus Health, Linde, ELGAS, Darktime),
cloud-heavy skills matrix, education, LinkedIn, Sydney location, and
projects mapped to actual work. OG subtitle now smaller italic serif.
 2026-06-17 16:44:03 +10:00
jwright 2d4b6ea097 Initial portfolio site: Astro + Tailwind MVP 
Outcome-led hero, about, grouped skills, experience summary, featured
projects + /projects index, static contact, SEO/OG, dark/light theme.
Dockerfile + nginx config + build script for homelab deploy.
 2026-06-17 16:22:53 +10:00