Without a shared cookie signing key, each pod generates a random key on
startup. Requests that hit different pods fail session validation, causing
CaptchaError when the captcha and login requests route to different pods.
- Add procps to git-hook and email-worker Dockerfiles (provides pgrep)
- Change all exec probes from pgrep to kill -0 1 (more reliable, bash built-in)
- Add startupProbe to gitserver with 30 failure threshold (5min max startup time)
- Increase gitserver liveness initialDelay to 30s for slower SSH init
- Add landing subpages: pricing, skills, solutions, network, about, docs
- Nav pop cards link to all subpages with nested routes
- Homepage: full landing content with top nav (no sidebar) for logged-in users
- Rewrite copy based on real backend: Git repos, Issues/PRs, Rooms, AI Agents
- Introduce "Command as Service" as core product concept
- Terminal demo shows realistic gitdata CLI commands
- Footer links updated to real routes
- Fix workspace redirect slug guard (undefined route)
ConfigMap was removed from Helm chart (managed externally).
Secret contains all required env vars (APP_DATABASE_URL, APP_REDIS_URL,
SMTP credentials, SSH domain/key, etc.) and is always rendered
(helm.sh/resource-policy: keep prevents deletion on upgrade).
Also add APP_SSH_PORT and APP_SSH_SERVER_PRIVATE_KEY to secret template.
Replace individual configMapKeyRef env vars with envFrom + configMapRef
to inject the full ConfigMap, plus minimal env blocks for static values.
Also remove resources block from operator deployment (K8s schema validation).
The previous single-quote syntax with escaped quotes was split by
split_sql_statements on semicolons inside the function body.
Use $$ quoting to avoid quote escaping issues.
m20260411_000003_add_workspace_id_to_project was running before
m20250628_000013_create_project, causing "relation project does not exist".
Move all project table CREATEs before workspace migrations.
Foreign keys at the database level cause issues with deployment flexibility.
Keep only indexes for query performance; enforce referential integrity at
the application level.
- build.js: cargo build first, then docker build — no more Docker-in-Docker
- .dockerignore: exclude target/ but re-include
target/x86_64-unknown-linux-gnu/release/ so pre-built binaries
are available in Docker build context
The .dockerignore excluded the entire target/ directory, preventing
COPY of pre-built binaries into runtime-only Docker images.
Now explicitly allows target/x86_64-unknown-linux-gnu/release/.
- Time does not implement Display, use .0 (inner DateTime<Utc>) and
to_rfc3339() instead.
- phase is &str, convert to String to match JobStatusResult.phase.
- Strip builder stage from all Rust Dockerfiles; images now only contain
the runtime and a pre-built binary copied from target/.
- build.js: cargo builds all Rust binaries first (using all CPU cores),
then copies them into Docker images.
- .drone.yml: add cargo-build step before docker-build so kaniko can COPY
the pre-compiled binaries without rebuilding inside the image.
The kaniko --build-arg flag was missing from all docker-build commands,
causing TARGET to be empty and cargo build to produce binaries in the
wrong directory (target//release/ instead of target/x86_64-unknown-linux-gnu/release/).
