Skip to content

Release-Fixes und Release-Please-Umstellung nach main bringen#3

Merged
bin101 merged 3 commits into
mainfrom
develop
Jul 10, 2026
Merged

Release-Fixes und Release-Please-Umstellung nach main bringen#3
bin101 merged 3 commits into
mainfrom
develop

Conversation

@bin101

@bin101 bin101 commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Summary

  • Bringt die Review-Fixes (PR fix: offline auto-refresh, graceful shutdown, healthcheck port, page/auth hardening #2) und die Umstellung von python-semantic-release auf Release Please nach main.
  • Nach dem Merge läuft release-please.yml auf main und öffnet automatisch eine Release-PR (erwarteter nächster Versionssprung: 0.1.00.2.0, da seit dem letzten v0.1.0-Tag sowohl ein feat:- als auch ein fix:-Commit dabei sind). Diese Release-PR muss anschließend separat gemerged werden, um den Tag + GitHub Release + Docker-Publish auszulösen.

Enthaltene Änderungen

Test plan

  • pytest -q — 49 passed
  • docker build — eingebetteter Test-Stage erfolgreich
  • Nach Merge: prüfen, dass release-please.yml erfolgreich eine Release-PR mit Version 0.2.0 öffnet

🤖 Generated with Claude Code

bin101 and others added 3 commits July 9, 2026 21:08
…k port, and public-page/auth hardening

Full-app review turned up five issues, all fixed here:
- The offline placeholder promised auto-updates but had no refresh mechanism,
  so a viewer opening the link before a session starts never saw it appear.
- SIGTERM didn't actually stop waitress (serve() installs no signal handling
  of its own), so containers only stopped via Docker's SIGKILL, skipping the
  monitor's clean IMAP logout. Now uses create_server()+close(), with the
  expected shutdown-induced OSError from waitress's interrupted select loop
  handled explicitly rather than raising.
- The Dockerfile HEALTHCHECK hard-coded port 8080 while WEB_PORT is
  configurable, silently breaking health checks for anyone changing it.
- The public page interpolated the link into HTML attributes and inline JS
  without escaping; only the email-extraction regex made this safe in
  practice, and admin-set links bypassed it entirely. Now escaped per
  context, and /admin/link rejects anything not shaped like a LiveTrack URL.
- Basic-Auth credential comparison used `==` instead of a constant-time
  compare.

Verified end-to-end: docker build (embedded test stage), and a real
docker run + docker stop timing test confirming shutdown now exits 0
in <1s instead of hitting the SIGKILL grace period, plus a WEB_PORT
override actually reporting healthy.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
…-shutdown-escaping

fix: offline auto-refresh, graceful shutdown, healthcheck port, page/auth hardening
Release Please's PR-based flow is a better fit than semantic-release's
direct-push-to-main approach: it only ever opens/updates a standing
release PR from Conventional Commits, and a normal (reviewable) merge of
that PR is what cuts the vX.Y.Z tag + GitHub Release -- nothing pushes to
main directly. Also splits the CI workflow by concern: ci.yml (tests only),
release-please.yml (versioning, on every push to main), and publish.yml
(multi-arch Docker build + GHCR push, only on the vX.Y.Z tag release-please
creates).

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@bin101 bin101 merged commit 28465a3 into main Jul 10, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant