Rate limits (Mistral web_search 429) used to get counted as hard errors,
marking the bucket as queried and bumping the Errors(24h) strip — even
though the right behavior is to wait and try again later.
Backend:
- isRateLimit() matches "rate limit" / "status 429" in the error string.
- On persistent rate-limit after one 10s retry: leave last_queried_at
unchanged (bucket stays eligible for next tick) and abort the
remainder of this tick — Mistral's web_search budget is shared, no
point hammering more buckets in the same batch.
- TickSummary gains rate_limited counter; Errors stays for real failures.
Frontend:
- Dates: RFC3339 → 'DD.MM.YYYY' German format, range rendered as
'DD.MM.YYYY – DD.MM.YYYY'.
- Queue table: cell horizontal padding, uppercase compact headers,
scrollable on narrow viewports, dark-mode variants on every color
(emerald/amber badges, link color, reject button), Region folds
bundesland||land into a single column (Land was always 'Deutschland'
for DACH anyway).
Without snake_case json tags, Go serializes fields as PascalCase (ID,
MarktName, etc.) — but the Svelte frontend reads snake_case. Every
row.id on the client was undefined, which made Svelte 5 see identical
'undefined' keys across the {#each queue as row (row.id)} loop and
throw each_key_duplicate.
Adds explicit snake_case tags to Bucket, DiscoveredMarket, and
RejectedDiscovery to match what the TypeScript types already expect.
Service listens on port 80 (target: container 8080). The CronJob was
curling :8080 directly, which isn't exposed by the Service — every tick
timed out after ~135s with "Could not connect to server".
Switch to {{ .Values.service.port }} so the template always tracks the
actual Service port.
Go's nil slice marshals as JSON null, not [], which crashed the Svelte
page's .length access on fresh installs where no discovery tick has
happened yet. Reproduced in production: /admin/discovery → 500 because
data.queue was null and {queue.length} dereferenced it.
Backend: initialize every returning slice in repository.go via
make([]T, 0) so zero rows serialize as [] consistently. Also applies to
PickStaleBuckets, ListSeriesByCity, and Stats.RecentErrors.
Web: coalesce data.queue / data.stats.recent_errors at the top of the
Svelte script with `?? []` so future nil-slice regressions don't take
the whole page down.
Surfaces CronJob health signals without needing kubectl: last tick time
(stale-amber if > 6h), buckets due now, errors in the last 24h (with an
expandable list of the most recent failing buckets), and queue size.
Also wires the previously-orphaned /admin/discovery route into the admin
sidebar next to Märkte.
- backend: new GET /admin/discovery/stats endpoint; Stats + BucketError
types; repository Stats() aggregates four counters + top 5 failing
buckets.
- web: +page.server.ts fetches stats in parallel with queue;
+page.svelte renders a 4-card strip above the queue table.
Previous deploys emitted 4 warnings on the discovery-tick Pod template
against the restricted:latest policy. Today they are warnings; if the
namespace enforcement tightens, admission will silently drop the Pod.
Pod-level: runAsNonRoot, runAsUser/runAsGroup 100 (curlimages/curl's
built-in non-root UID), seccompProfile RuntimeDefault.
Container-level: allowPrivilegeEscalation false, capabilities drop ALL.
pgx cannot implicitly encode int arg into text for the `$1 || ' month'`
concatenation pattern (error: "unable to encode 12 into text format for
text (OID 25): cannot find encode plan"). Multiplication with a known
interval works directly with the int parameter and is semantically
equivalent.
Discovered during the T19 smoke test — the tick endpoint returned 500
on every call before this fix.
Adds a batch/v1 CronJob that POSTs to /api/v1/admin/discovery/tick on a
configurable schedule (default every 4h). Wires DISCOVERY_TOKEN into the
ci-secrets Secret and projects discovery/AI env vars into the backend
Deployment.
Construct discoveryRepo, discoveryAgent, discoveryService, and
discoveryHandler in registerRoutes(); register all 4 discovery routes
on /api/v1 with bearer-token guard on /tick and admin-session guard on
queue management endpoints.
Normalizes market names for dedup matching: lowercase, umlaut expansion,
punctuation stripping, whitespace collapse, and leading/trailing filler
word removal. Guards stripping so edge fillers are preserved when the
remaining content is purely numeric (e.g. 'Markt 2026' stays 'markt 2026').
The home page dropped `plz` server-side, so /markets was called with
radius but no center (unfiltered) and the PLZ input rendered empty
after reload. +page.server.ts now reads plz, geocodes via /geocode,
and echoes plz back in searchParams for form rehydration.
Relaxes /geocode DTO + guard to accept PLZ without city — Nominatim
already supports postal-only lookups. URL lat/lon (GPS flow) take
priority over plz on tie-break; geocode failures fall through to no
geo-filter so the page always renders.
Post-process adapter-node output into a single self-contained
build/bundle.mjs (614 KB) via esbuild, then ship it on a fresh
alpine:3.21 base with just the node binary copied in. Drops the
node_modules + package manager baggage that comes with node:25-alpine.
- Add esbuild devDep + `bundle` script (scripts/bundle.mjs)
- Dockerfile: drop `deps` stage; final stage is alpine + node binary +
bundle + static client assets
- Uncompressed image: 177 MB -> 149 MB (-16%)
- Verified: /, /healthz, static assets all respond identically;
outbound TLS to api.marktvogt.de works via node's built-in CA bundle
- CLAUDE.md: correct stale Woodpecker/submodules claims; note
registry.itsh.dev's attestation requirement and the docker-container
driver prerequisite so future contributors don't rediscover the issue.
- .gitlab-ci.yml: export SOURCE_DATE_EPOCH from commit time so the
rewrite-timestamp=true buildx flag produces genuinely reproducible
images (layer digests stable across rebuilds of the same commit).
The alpine/helm:4.1 image has 'helm' as ENTRYPOINT. GitLab CI wraps
step_script in sh, which the container resolves to 'helm sh ...',
failing with 'unknown command sh for helm'. Setting entrypoint: [""]
lets GitLab's sh wrapper execute normally before invoking helm.
buildx create --driver docker-container cannot inherit TLS env vars
from docker:dind directly; it needs a named context. Create 'tls-env'
from the ambient DOCKER_HOST/DOCKER_CERT_PATH, then point buildx at it.
The default buildx driver inside docker:29-dind is 'docker' (host daemon),
which cannot produce attestations. Even with default provenance enabled,
the docker driver silently drops attestation-related flags and emits a
bare single-image manifest. registry.itsh.dev (Zot with strict attestation
policy) rejects these with 'manifest invalid'.
Creating a 'docker-container' driver builder before each build gives
buildkit full export capabilities, matching both the Woodpecker plugin's
behavior and what works from local development machines.
Empirical finding: registry.itsh.dev rejects pushes that contain zero
attestations ("manifest invalid"). Attestations cause buildx to emit
an OCI image index; without any, it emits a bare single-image manifest
which this Zot instance refuses in this namespace.
Remove --provenance=false --sbom=false, switch to the explicit output
form matching woodpeckerci/plugin-docker-buildx (proven working against
the same registry for the infinity-tales project).
Root cause of the original 610ca91 regression: that commit added
--provenance=false, which stripped the last required attestation once
SBOM generation was disabled in a later buildkit default change.
The woodpeckerci/plugin-docker-buildx image that successfully pushes to
this same registry uses docker:29.4.0-dind with buildx 0.33.0. Version
skew between docker:27's bundled buildkit and the registry is the next
hypothesis after ground-truth manifest inspection ruled out OCI format
and attestations as the cause.
Previously only backend/** or web/** file changes would trigger the
respective docker+deploy jobs. CI config changes now also trigger
rebuilds of both services, ensuring any pipeline-definition changes
are verified end-to-end on the same commit that introduces them.
Matches woodpeckerci/plugin-docker-buildx defaults. Without --sbom=false
buildkit emits an OCI image index with SBOM attestation that the itsh.dev
registry rejects with 'manifest invalid'. Provenance was already disabled.
