pez-infra/.github/workflows
Rasmus "Pez" Wejlgaard e9d5f9bc76
ci: make Caddyfile validation download robust (#134)
The validate-caddyfile workflow fetched the Caddy binary by first hitting
api.github.com/releases/latest to resolve the version tag, then building a
release-asset URL from it. That API call is unauthenticated, so it shares
the 60-requests/hour-per-IP limit across all GitHub-hosted runners and
returns 403 under load. On failure jq emits "null", the URL becomes
caddy_null_linux_amd64.tar.gz, and `curl -sL` silently pipes a 404 page
into tar — a confusing, flaky failure on every PR that touches the Caddyfile.

Switch to Caddy's official download API, which serves the latest linux/amd64
binary directly: one request, no GitHub API, no jq/tar parsing. Add `-f` so
curl fails loudly on an HTTP error instead of writing an error page to disk.
2026-06-15 20:38:21 +01:00
..
_deploy-core.yml Update cache action (#111) 2026-05-16 11:13:38 +01:00
deploy-on-merge.yml fix: stop masking failed service deploys; trim dead config (#119) 2026-06-04 18:41:24 +01:00
deploy.yml hotfix: broken pipeline (#109) 2026-05-15 20:19:56 +01:00
lint-ansible.yml chore(deps): bump the github-actions group across 1 directory with 2 updates (#117) 2026-06-05 21:13:03 +01:00
lint-docker-compose.yml fix: update checkout version to dodge deprecation (#77) 2026-04-26 18:13:38 +01:00
terraform.yml ci: serialize terraform and deploy runs with concurrency guards (#114) 2026-06-02 19:39:13 +01:00
validate-caddyfile.yml ci: make Caddyfile validation download robust (#134) 2026-06-15 20:38:21 +01:00
validate-terraform.yml make Dependabot tofu validate stubs satisfy provider validators (#132) 2026-06-12 19:25:24 +01:00