The agent-roles catalog source is no longer hardcoded in app code and no longer
supports a local filesystem directory. The provider fetches only from an
http(s):// base URL read at runtime from AI_AGENT_ROLES_CATALOG_URL; an empty or
non-http value yields a 502 (catalog unavailable). The image ships a per-branch
default for that URL (set in CI), still overridable at runtime via the env var.
- provider: drop readLocal + node:fs/node:path; readRelative requires http(s)
and 502s otherwise; remote fetch/streaming-cap/SSRF guards unchanged.
- environment.service: keep AI_AGENT_ROLES_CATALOG_URL (default ''); comment
reflects the per-branch build-time default that is runtime-overridable.
- Dockerfile: add ARG+ENV AI_AGENT_ROLES_CATALOG_URL in the installer stage as
the image default.
- CI: develop.yml builds with the develop raw URL; release.yml defines the main
raw URL once in workflow env and references it from both build steps.
- tests: replace local-fixture tests with remote-mock happy/malformed bundle
tests and a non-http => 502 case; path-traversal block uses an https source.
- docs: update .env.example, CHANGELOG (#222), agent-roles-catalog/README.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The agent-roles catalog source is no longer hardcoded in app code and no
longer supports a local filesystem directory. The provider now fetches only
from an http(s):// base URL read from AI_AGENT_ROLES_CATALOG_URL; an empty or
non-http value yields a 502 (catalog unavailable). The default URL is baked
into the Docker image at build time and set per branch in CI.
- provider: drop readLocal + node:fs/node:path; readRelative requires http(s)
and 502s otherwise; remote fetch/streaming-cap/SSRF guards unchanged.
- environment.service: keep AI_AGENT_ROLES_CATALOG_URL (default ''); comment
updated to reflect build-time injection, remote-only.
- Dockerfile: add ARG+ENV AI_AGENT_ROLES_CATALOG_URL in the installer stage.
- CI: develop.yml builds with the develop raw URL; release.yml (both build
steps) with the main raw URL.
- tests: replace local-fixture tests with remote-mock happy/malformed bundle
tests and a non-http => 502 case; path-traversal block uses an https source.
- docs: update .env.example, CHANGELOG (#222), agent-roles-catalog/README.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The Docker-image builds ran independently of the Test workflow, so a
failing test would not block publishing the :develop image (or a
release). GitHub Actions `needs:` only works within one workflow, so the
two separate workflows didn't depend on each other.
Make test.yml a reusable workflow (workflow_call) and call it from
develop.yml and release.yml as a `test` job that `build` depends on
(`needs: test`); release's `release` job already needs `build`, so it
waits transitively. test.yml keeps its pull_request trigger for PR
gating; its redundant push:develop trigger is dropped (develop.yml now
calls it on push).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Display the app version (output of `git describe --tags`) in the header
beside the gitmost logo: a clean tag renders as `vX.Y.Z`, otherwise the
tag plus commits-since and short hash (e.g. v0.90.1-56-g25975acd).
- vite.config.ts: resolve APP_VERSION from env (Docker/CI) -> git describe
(local) -> package.json version fallback
- app-header.tsx: render APP_VERSION after the brand block (ml="md"),
nudge the Home nav group (ml={50} -> "xl")
- Dockerfile: accept APP_VERSION build-arg in the builder stage (.git is
excluded from the build context)
- CI: pass APP_VERSION build-arg — release.yml uses the tag, develop.yml
computes git describe with fetch-depth: 0
- nx.json: add APP_VERSION to the build target inputs so the cache
invalidates when the version changes
Add `ignore-error=true` to the `cache-to` settings in both develop and release GitHub Actions workflows to prevent build failures when cache upload encounters errors.
Remove the private apps/server/src/ee git submodule (github.com/docmost/ee)
and the now-empty .gitmodules so that `git clone --recurse-submodules` and CI
checkout no longer fail with 404. The server loads EE only via guarded runtime
require(), so the build succeeds without it (community edition).
Rewrite .github/workflows/release.yml for the fork:
- drop the GitHub App token step and `submodules: recursive` checkout
- publish to GHCR (ghcr.io/vvzvlad/gitmost) via the built-in GITHUB_TOKEN
instead of Docker Hub (docmost/docmost) — no extra secrets required
- add `packages: write` permission and an IMAGE env var
- log in as github.repository_owner; rename release tarballs to gitmost-*
Repoint the Dockerfile image source label to the fork.
