From 9788f4f7b5b314de186daa322469ce0f7b2e3b92 Mon Sep 17 00:00:00 2001
From: gnezim <gnezim@gmail.com>
Date: Mon, 27 Apr 2026 13:55:52 +0300
Subject: [PATCH] ci: scope build-args to docker_build step + downgrade
 upload-artifact

Job-level MAP_TILE_URL=/api/... and API_BASE_URL=/api leaked into the
unit-test step; src/env/index.ts validates these as URLs via Zod and
rejected the relative path, breaking 57 of 2057 tests. Move the env
exports to the docker_build step where they're actually consumed.

Gitea Actions doesn't support actions/upload-artifact@v4 (GHES-only).
Downgrade to v3 in ci-deploy.yml and release-verify.yml.
---
 .gitea/workflows/ci-deploy.yml      | 10 +++++++---
 .gitea/workflows/release-verify.yml |  2 +-
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.gitea/workflows/ci-deploy.yml b/.gitea/workflows/ci-deploy.yml
index 15575f92..6b107095 100644
--- a/.gitea/workflows/ci-deploy.yml
+++ b/.gitea/workflows/ci-deploy.yml
@@ -10,8 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     env:
-      MAP_TILE_URL: ${{ secrets.MAP_TILE_URL || '/map/api/tile/{z}/{x}/{y}.jpeg' }}
-      API_BASE_URL: ${{ secrets.API_BASE_URL || '/api' }}
+      # MAP_TILE_URL / API_BASE_URL are intentionally NOT exported at job level —
+      # vitest validates them via Zod and rejects relative paths. Build args are
+      # set inline on the docker_build step instead.
       BASIC_AUTH_USER: ${{ secrets.BASIC_AUTH_USER }}
       BASIC_AUTH_PASS: ${{ secrets.BASIC_AUTH_PASS }}
       TELEGRAM_BOT_TOKEN: ${{ secrets.TELEGRAM_BOT_TOKEN }}
@@ -65,6 +66,9 @@ jobs:
 
       - name: Build SSR image
         id: docker_build
+        env:
+          MAP_TILE_URL: ${{ secrets.MAP_TILE_URL || '/map/api/tile/{z}/{x}/{y}.jpeg' }}
+          API_BASE_URL: ${{ secrets.API_BASE_URL || '/api' }}
         run: |
           docker build -f Dockerfile.react \
             --build-arg "MAP_TILE_URL=${MAP_TILE_URL}" \
@@ -106,7 +110,7 @@ jobs:
 
       - name: Upload artifacts on failure
         if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: ci-deploy-failure-${{ github.run_id }}
           path: |
diff --git a/.gitea/workflows/release-verify.yml b/.gitea/workflows/release-verify.yml
index 636a152d..6f35558e 100644
--- a/.gitea/workflows/release-verify.yml
+++ b/.gitea/workflows/release-verify.yml
@@ -44,7 +44,7 @@ jobs:
 
       - name: Upload artifacts on failure
         if: failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
         with:
           name: release-verify-failure-${{ github.run_id }}
           path: |