Tags: tracefinity/tracefinity
Tags
Show app version in settings popover (#145) * Add version endpoint sourced from image build (#144) Bake APP_VERSION into the Docker image (release tag for releases, dev-<sha> for dev builds, dev locally) and expose it via GET /api/version. Signed-off-by: Jason Madigan <[email protected]> * Show app version in settings popover (#144) Fetched from /api/version on first open, hidden if the request fails. Signed-off-by: Jason Madigan <[email protected]> * Smoke test release image version in CI (#144) Fail the release build if the pushed image does not report the release tag, catching a dropped build-arg or non-semver tag. Signed-off-by: Jason Madigan <[email protected]> * Harden version tests against ambient env (#144) Check the Settings default with APP_VERSION unset rather than via the import-time singleton, and use the fixture style of neighbouring route tests. Signed-off-by: Jason Madigan <[email protected]> * Make version display optional via SHOW_APP_VERSION (#144) Defaults on. When false, /api/version returns 404 (so the settings popover shows nothing) and the OpenAPI version is a neutral placeholder, disclosing nothing. Signed-off-by: Jason Madigan <[email protected]> * Smoke test image before pushing release (#144) Build a single-arch image with load, check the baked APP_VERSION against the release tag with a literal compare that logs both values, and only then run the multi-arch push. Stops a bad version reaching the public tags. Signed-off-by: Jason Madigan <[email protected]> * Ignore empty env vars in settings (#144) An empty value (docker run -e SHOW_APP_VERSION=) crashed settings validation at import; fall back to defaults instead. Tests build fresh Settings without the dotenv file and restore reloaded modules even if the reload itself fails. Signed-off-by: Jason Madigan <[email protected]> --------- Signed-off-by: Jason Madigan <[email protected]>
Make auth middleware optional (#110) (#111) Remove the RuntimeError that crashes the backend on startup when no auth secret is configured. The middleware already handles the unconfigured case by passing requests through, so the startup guard was unnecessary. Secret present: middleware enforces auth (no change). Secret absent: middleware passes through (no change). Signed-off-by: Jason Madigan <[email protected]>
Add PUID/PGID support for NAS volume permissions (#95) * Add PUID/PGID support for NAS volume permissions (#94) Unraid and TrueNAS pass PUID/PGID env vars instead of --user. The hardcoded USER tracefinity (UID 1000) caused permission denied errors when host volumes are owned by a different user. - Remove USER directive; entrypoint starts as root and drops privileges via gosu after remapping - Add PUID/PGID handling: groupmod/usermod to remap the tracefinity user, chown /app/storage when ownership differs - Preserve --user flag path: non-root entrypoint skips remapping and runs directly (existing behaviour) - Default (no env vars) is identical to previous releases Fixes #94 Signed-off-by: Jason Madigan <[email protected]> * Fix supervisor EACCES when entrypoint drops privileges via gosu The root cause: supervisord re-opens /dev/stdout and /dev/stderr as filesystem paths for child log capture. These resolve through /proc/self/fd/{1,2} which are owned by root with mode 0200. After gosu drops to UID 1000, supervisor's open() calls fail with EACCES. Fix: let supervisord run as root (it can open the log paths) and use supervisor's own user= directive on each [program:] section to drop privileges per-child. The entrypoint still handles PUID/PGID remapping and storage ownership, but no longer uses gosu for the final exec. The --user flag path is unaffected (supervisor runs as the given UID, user=tracefinity is a no-op when already that UID). Signed-off-by: Jason Madigan <[email protected]> * Fix supervisor child processes running as root instead of tracefinity The supervisor config shipped with user=tracefinity baked into each [program:xxx] section. This works when supervisord runs as root (it can setuid to the target user), but breaks with --user flag because a non-root supervisor cannot call setuid at all, causing "Can't drop privilege as nonroot user" and immediate exit. Fix: ship the config WITHOUT any user= directives (compatible with --user mode), and have the entrypoint inject user=root in [supervisord] plus user=tracefinity in each [program:xxx] only when running as root. The injection is idempotent (skipped if user= already present). All three deployment modes now work: - Default (root, no PUID/PGID): children run as tracefinity (1000:1000) - PUID/PGID (root, remapped): children run as remapped tracefinity - --user flag (non-root): all processes run as the specified UID Signed-off-by: Jason Madigan <[email protected]> --------- Signed-off-by: Jason Madigan <[email protected]>
Add per-object depth control Each PlacedTool and FingerHole gains an optional depth_override that takes precedence over the bin's global cutout_depth. Resolution is fh.depth_override → polygon.depth_override → global, clamped to [5, max_depth]. Chamfer is now clamped per-feature against its own pocket depth so deep cutouts get a full chamfer and shallow ones don't punch through the floor. UI: select a placed tool to set the outline depth, or click an individual finger hole to set the hole's depth. Empty input inherits; × resets. CutoutOverlay was already interactive in the tool editor and is now reused in the bin editor. Closes #N (replace if you have an issue number) Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>