upload/download-artifact@v4 is not supported on Gitea (GHES). Replace
with a direct Gitea API call in gitops-update: look up the tag name
whose commit SHA matches workflow_run.head_sha. Reverts the artifact
upload from build.yaml; no changes to build.yaml logic.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
github.event.workflow_run.head_branch is not populated for tag pushes
in Gitea Actions, causing the image tag to resolve to empty (-go suffix
with no version). Fix: build-go uploads the full image reference as a
one-line artifact; gitops-update downloads it via download-artifact@v4
with run-id from the workflow_run event.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
tea pr create matches the remote URL against the configured login URL to
auto-detect owner/repo. Embedding credentials in the URL (user:token@host)
breaks that match and produces "path segment [0] is empty". Store creds
via git credential helper instead and pass a clean URL to uh-cli.
Also adds set -x to the PR step for shell-level tracing in CI logs.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
After a successful Go image build, uh-cli opens a PR against
kacerr/home-kubernetes that bumps the fuj-management Deployment
(namespace fuj) to the newly published image tag. Supports
workflow_run auto-trigger and workflow_dispatch with dry-run option.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Capture HTTP status code and full response body separately so failures
show the actual error from the server instead of silently dying.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Gitea doesn't implement Actions OIDC tokens yet. Drop the experimental
id_token steps and use VAULT_ROLE_ID/VAULT_SECRET_ID/K8S_CA_CERT as
standard Gitea repo secrets.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Use ${VAR:-} default-empty syntax so set -u doesn't abort when
ACTIONS_ID_TOKEN_REQUEST_TOKEN/URL are absent (stock Gitea runners
don't set them).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Switch VAULT_ROLE_ID, VAULT_SECRET_ID, and K8S_CA_CERT from Gitea repo
secrets to shell env vars, which are injected via the runner host's
systemd EnvironmentFile — keeping credentials off Gitea entirely.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Split curl calls into separate variables and log intermediate
responses to stderr to identify which request is failing.
Added set -euxo pipefail for immediate failure visibility.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Added a Makefile to easily run project scripts (fees, match, web, image)
- Modified attendance.py to dynamically handle a variable number of header rows from the Google Sheet
- Updated both attendance calculations and calculate_fees terminal output to show actual attendance counts (e.g., '750 CZK (3)')
- Created a Flask web dashboard (app.py and templates/fees.html) to view member fees in an attractive, condensed, terminal-like UI
- Bound the Flask server to port 5000 and added a routing alias from '/' to '/fees'
- Configured Python virtual environment (.venv) creation directly into the Makefile to resolve global pip install errors on macOS
Co-authored-by: Antigravity <antigravity@deepmind.com>
