.forgejo/workflows/deploy.yml

@@ -1,44 +1,40 @@
-name: Build & Deploy to Staging
+name: Deploy to Staging
 
 on:
   push:
     branches: [main]
 
 jobs:
-  build-and-stage:
+  build-and-deploy:
-    name: Build & Deploy to Staging
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
+    - name: Checkout code
       uses: actions/checkout@v4
-    - name: Set up QEMU
+
-      uses: docker/setup-qemu-action@v3
     - name: Set up Docker Buildx
       uses: docker/setup-buildx-action@v3
-    - name: Login to Forgejo Registry
+
+    - name: Login to Container Registry
       uses: docker/login-action@v3
       with:
         registry: git.cloonar.com
-        username: openclawd
+        username: ${{ github.actor }}
-        password: ${{ secrets.REGISTRY_TOKEN }}
+        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Build and Push
+
+    - name: Build and push Docker image
       uses: docker/build-push-action@v5
       with:
         context: .
-        push: true
-        no-cache: true
-        tags: |
-          git.cloonar.com/openclawd/snapapi:latest
-          git.cloonar.com/openclawd/snapapi:${{ github.sha }}
         platforms: linux/arm64
-    - name: Deploy to Staging
+        push: true
+        tags: |
+          git.cloonar.com/openclawd/snapapi:staging
+          git.cloonar.com/openclawd/snapapi:${{ github.sha }}
+        cache-from: type=gha
+        cache-to: type=gha,mode=max
+
+    - name: Deploy to staging
       run: |
-        curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+        echo "Triggering staging deployment..."
-        chmod +x kubectl
+        # The actual deployment is handled by ArgoCD or similar GitOps tool
-        echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml
+        # This would typically update a helm chart or kubernetes manifest repo
-        ./kubectl set image deployment/snapapi \
-          snapapi=git.cloonar.com/openclawd/snapapi:${{ github.sha }} \
-          -n snapapi-staging --kubeconfig=/tmp/kubeconfig.yaml
-        ./kubectl rollout status deployment/snapapi \
-          -n snapapi-staging --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s
-        echo "✅ Staging deploy complete!"

.forgejo/workflows/promote.yml

@@ -6,39 +6,40 @@ on:
 
 jobs:
   promote:
-    name: Promote to Production
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
+    - name: Checkout code
       uses: actions/checkout@v4
-    - name: Set up QEMU
+
-      uses: docker/setup-qemu-action@v3
+    - name: Login to Container Registry
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-    - name: Login to Forgejo Registry
       uses: docker/login-action@v3
       with:
         registry: git.cloonar.com
-        username: openclawd
+        username: ${{ github.actor }}
-        password: ${{ secrets.REGISTRY_TOKEN }}
+        password: ${{ secrets.GITHUB_TOKEN }}
-    - name: Build and Push Production
+
-      uses: docker/build-push-action@v5
+    - name: Get latest staging image
-      with:
+      id: get_image
-        context: .
-        push: true
-        no-cache: true
-        tags: |
-          git.cloonar.com/openclawd/snapapi:prod
-          git.cloonar.com/openclawd/snapapi:${{ github.ref_name }}
-        platforms: linux/arm64
-    - name: Deploy to Production
       run: |
-        curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+        # Get the latest staging image digest
-        chmod +x kubectl
+        STAGING_DIGEST=$(docker manifest inspect git.cloonar.com/openclawd/snapapi:staging --verbose | jq -r '.Descriptor.digest')
-        echo "${{ secrets.KUBECONFIG }}" | base64 -d > /tmp/kubeconfig.yaml
+        echo "staging_digest=$STAGING_DIGEST" >> $GITHUB_OUTPUT
-        ./kubectl set image deployment/snapapi \
+        
-          snapapi=git.cloonar.com/openclawd/snapapi:${{ github.ref_name }} \
+        # Extract version from tag
-          -n snapapi --kubeconfig=/tmp/kubeconfig.yaml
+        VERSION=${GITHUB_REF#refs/tags/}
-        ./kubectl rollout status deployment/snapapi \
+        echo "version=$VERSION" >> $GITHUB_OUTPUT
-          -n snapapi --kubeconfig=/tmp/kubeconfig.yaml --timeout=180s
+
-        echo "✅ Production deploy complete!"
+    - name: Re-tag for production
+      run: |
+        # Pull staging image and re-tag for production
+        docker buildx imagetools create \
+          --tag git.cloonar.com/openclawd/snapapi:latest \
+          --tag git.cloonar.com/openclawd/snapapi:${{ steps.get_image.outputs.version }} \
+          --tag git.cloonar.com/openclawd/snapapi:prod \
+          git.cloonar.com/openclawd/snapapi:staging
+
+    - name: Deploy to production
+      run: |
+        echo "Triggering production deployment for version ${{ steps.get_image.outputs.version }}..."
+        # The actual deployment is handled by ArgoCD or similar GitOps tool
+        # This would typically update a helm chart or kubernetes manifest repo

public/index.html

@@ -330,7 +330,7 @@ footer{border-top:1px solid var(--border);padding:48px 24px 32px;background:var(
       <div class="feature-card">
         <div class="feature-icon purple">🔒</div>
         <h3>Secure by Default</h3>
-        <p>SSRF protection blocks internal IPs and metadata endpoints. Strict input validation and secure defaults built in.</p>
+        <p>SSRF protection blocks internal IPs and metadata endpoints. Rate limiting and strict input validation built in.</p>
       </div>
       <div class="feature-card">
         <div class="feature-icon orange">📐</div>
@@ -633,7 +633,10 @@ async function runPlayground(){
   }
 }
 
-// FAQ toggles — handled by inline onclick, no duplicate listeners needed
+// FAQ toggles
+document.querySelectorAll('.faq-q').forEach(function(q){
+  q.addEventListener('click',function(){this.parentElement.classList.toggle('open')});
+});
 
 // Smooth scroll
 document.querySelectorAll('a[href^="#"]').forEach(function(a){