From aa95e00e9f6b8903b72d3985e404f9cf99f7c5e3 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 17 Feb 2026 19:23:09 +0000
Subject: [PATCH 1/2] Initial plan
From 8870b1a11158b238031cd23d2098a7f8520574ba Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 17 Feb 2026 19:27:29 +0000
Subject: [PATCH 2/2] fix: address unresolved review comments
- Replace Link with anchor tags for external URLs in build-info page
- Add NODE_OPTIONS to builder stage for memory optimization
- Improve sitemap test description for clarity
- Document commit field as legacy for backward compatibility
- Add comment clarifying IMAGE_DIGEST fallback behavior
- Update npm integrity check from SHA-1 to SHA-256
Co-authored-by: devakesu <61821107+devakesu@users.noreply.github.com>
---
Dockerfile | 3 ++-
src/app/(public)/build-info/page.tsx | 19 +++++++++++--------
src/app/__tests__/sitemap.test.ts | 2 +-
src/app/api/provenance/route.ts | 4 ++--
4 files changed, 16 insertions(+), 12 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 634179f3..28c4ef5c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ FROM ${NODE_IMAGE} AS base
# Install wget and update npm to version 11 (pinned by hash)
RUN apk add --no-cache wget && \
wget -O npm.tgz https://registry.npmjs.org/npm/-/npm-11.10.0.tgz && \
- echo "dc0e65832b94fb48b8746c8ed43e1d2d2c9b0726 npm.tgz" | sha1sum -c - && \
+ echo "43c653384c39617756846ad405705061a78fb6bbddb2ced57ab79fb92e8af2a7 npm.tgz" | sha256sum -c - && \
npm install -g npm.tgz && \
rm npm.tgz && \
rm -rf /var/cache/apk/*
@@ -83,6 +83,7 @@ ENV SENTRY_PROJECT=${SENTRY_PROJECT}
ENV NEXT_PUBLIC_SENTRY_DSN=${NEXT_PUBLIC_SENTRY_DSN}
ENV NEXT_TELEMETRY_DISABLED=1
ENV NEXT_PRIVATE_BUILD_WORKER_COUNT=1
+ENV NODE_OPTIONS="--max-old-space-size=2560"
WORKDIR /app
diff --git a/src/app/(public)/build-info/page.tsx b/src/app/(public)/build-info/page.tsx
index e10a42b1..dc2960dc 100644
--- a/src/app/(public)/build-info/page.tsx
+++ b/src/app/(public)/build-info/page.tsx
@@ -277,12 +277,12 @@ export default function BuildInfoPage() {
View the source code and contribution history
-
+
-
+
)}
@@ -293,15 +293,16 @@ export default function BuildInfoPage() {
View the CI/CD pipeline logs for this build
-
-
+
)}
@@ -312,15 +313,16 @@ export default function BuildInfoPage() {
SLSA Level 3 cryptographic proofs and signatures
-
-
+
)}
@@ -331,15 +333,16 @@ export default function BuildInfoPage() {
OpenSSF security best practices compliance
-
-
+
)}
diff --git a/src/app/__tests__/sitemap.test.ts b/src/app/__tests__/sitemap.test.ts
index 11d6074d..dc6c316e 100644
--- a/src/app/__tests__/sitemap.test.ts
+++ b/src/app/__tests__/sitemap.test.ts
@@ -112,7 +112,7 @@ describe("sitemap.xml", () => {
expect(homepage.priority).toBeGreaterThan(others[0].priority || 0);
});
- it("should have different priorities for different page types", () => {
+ it("should have priority hierarchy: homepage > public pages > build-info", () => {
const urls = sitemap();
const homepage = urls[0];
const publicPages = urls.slice(1, 4); // login, contact, legal
diff --git a/src/app/api/provenance/route.ts b/src/app/api/provenance/route.ts
index 66d4dc96..001a39bb 100644
--- a/src/app/api/provenance/route.ts
+++ b/src/app/api/provenance/route.ts
@@ -11,11 +11,11 @@ export function GET() {
const buildTimestamp = process.env.BUILD_TIMESTAMP ?? new Date().toISOString();
const auditStatus = process.env.AUDIT_STATUS ?? "UNKNOWN";
const signatureStatus = process.env.SIGNATURE_STATUS ?? "UNSIGNED";
- const imageDigest = process.env.IMAGE_DIGEST ?? commitSha;
+ const imageDigest = process.env.IMAGE_DIGEST ?? commitSha; // IMAGE_DIGEST is post-build only, fallback to commit SHA
return NextResponse.json(
{
- commit: commitSha,
+ commit: commitSha, // Legacy field for backward compatibility
commit_sha: commitSha,
build_id: githubRunId || commitSha,
github_run_id: githubRunId,