fix: critical workflow fixes and add missing nginx.conf

kristiyan-velkov · kristiyan-velkov · commit 24d4b2c5ba96 · 2025-11-09T21:33:26.000+02:00
- Add missing nginx.conf file (required by Dockerfile)
- Fix Node.js version from 22 to 20 (stable LTS) in all workflows
- Fix AI code review to work with private repos
- Add pull-requests: write permission to performance workflow
- Remove unnecessary public repo checks

Fixes:
- Docker build failure (missing nginx.conf)
- Performance workflow PR comment permission error
- AI review workflow conditions for private repos
diff --git a/.github/workflows/ai-code-review.yml b/.github/workflows/ai-code-review.yml
@@ -20,9 +20,7 @@ jobs:
     ai-review:
         name: AI-Powered Code Review
         runs-on: ubuntu-latest
-        if: |
-            (github.event_name == 'pull_request' || github.event_name == 'pull_request_review_comment') &&
-            github.event.repository.private == false
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_review_comment'
 
         steps:
             - name: Check for OpenAI API Key
@@ -78,9 +76,7 @@ jobs:
     coderabbit-review:
         name: CodeRabbit AI Review
         runs-on: ubuntu-latest
-        if: |
-            github.event_name == 'pull_request' &&
-            github.event.repository.private == false
+        if: github.event_name == 'pull_request'
 
         steps:
             - name: Check for OpenAI API Key
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -24,7 +24,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
diff --git a/.github/workflows/performance.yml b/.github/workflows/performance.yml
@@ -11,6 +11,9 @@ jobs:
   lighthouse:
     name: Lighthouse Performance Audit
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
 
     steps:
       - name: Checkout code
@@ -19,7 +22,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
@@ -119,7 +122,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -106,7 +106,7 @@ jobs:
         if: steps.check_token.outputs.skip == 'false'
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: "22"
+          node-version: "20"
           cache: "npm"
 
       - name: Install dependencies
diff --git a/nginx.conf b/nginx.conf
@@ -0,0 +1,56 @@
+worker_processes auto;
+error_log /var/log/nginx/error.log warn;
+pid /tmp/nginx.pid;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                    '$status $body_bytes_sent "$http_referer" '
+                    '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log /var/log/nginx/access.log main;
+
+    sendfile on;
+    tcp_nopush on;
+    keepalive_timeout 65;
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+    server {
+        listen 8080;
+        server_name localhost;
+        root /usr/share/nginx/html;
+        index index.html;
+
+        # Security headers
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+        # SPA routing - serve index.html for all routes
+        location / {
+            try_files $uri $uri/ /index.html;
+        }
+
+        # Cache static assets
+        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+        }
+
+        # Health check endpoint
+        location /health {
+            access_log off;
+            return 200 "healthy\n";
+            add_header Content-Type text/plain;
+        }
+    }
+}
+
