webhook returns 200 even when a trigger rule isn't satisfied, which would let
the app's res.ok check falsely report success if the secret drifted. Set
trigger-rule-mismatch-http-response-code: 403 so unauthorized triggers are
clearly rejected.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The -template parser is Go text/template; JSON-escaped \" broke the action.
Backtick raw-string literal is valid inside the JSON string and parses cleanly.
Config-only (mounted + hotreload) — no app rebuild.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add an admin 'Pull & rebuild' button (Settings → Updates). It POSTs an
admin-gated route that signals a privileged 'updater' sidecar (adnanh/webhook +
docker socket) over the internal network with a shared secret; the sidecar runs
'git fetch && reset --hard origin/master && docker compose up -d --build app'
detached. The UI polls /api/version until the rebuilt app returns on the new
version, then reloads.
Secret matching uses webhook -template + getenv so UPDATER_SECRET stays out of
the repo (host .env only). No request data reaches the shell — the command is
fixed in updater/update.sh.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>