fix: pass Turnstile sitekey to frontend Docker build

The frontend Vite build was not receiving VITE_TURNSTILE_SITE_KEY during Docker builds, causing the production bundle to fall back to the Cloudflare test sitekey (1x00000000000000000000AA) which returns 503 in production. - Add ARG/ENV for VITE_TURNSTILE_SITE_KEY in Dockerfile frontend stage (placed after npm ci to preserve dependency cache) - Pass TURNSTILE_SITE_KEY from .env as build arg in docker-compose.yml - Add post-change workflow section to CLAUDE.md Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2 months ago · bc68434ed8
parent 7c22647d89
commit bc68434ed8
3 changed files with 19 additions and 0 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -144,3 +144,16 @@ See `.env.example` for the complete list. Key ones:
 - Single-tenant self-hosted (one instance per deployment)
 - i18n-ready (French only for now)
 - Per-theme content settings, global infrastructure settings
+
+## Post-Change Workflow
+
+After every code change, you MUST follow this workflow before considering the task done:
+
+1. **Code quality review** — Use the `superpowers:requesting-code-review` skill (or the code-reviewer agent) to review the changes against coding standards and best practices.
+2. **Test coverage check** — Verify that new or modified code has adequate test coverage:
+   - Backend: run `cd backend && cargo test --lib` for unit tests; check if integration tests in `tests/` cover the changed functionality.
+   - Frontend: run `cd frontend && npx vitest run` for unit tests; run `cd frontend && npx tsc --noEmit` for type checking.
+   - If tests are missing for the changed code, write them before proceeding.
+3. **Commit and push** — If review passes and tests are sufficient and green:
+   - Stage the relevant files, create a commit with a clear message.
+   - Push to the remote (`git push`). When working directly on `master`, always ask the user for confirmation before pushing.
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@ -10,6 +10,10 @@ COPY frontend/package.json frontend/package-lock.json ./

 RUN npm ci

+# Inject build-time env var after npm ci for better Docker layer caching
+ARG VITE_TURNSTILE_SITE_KEY
+ENV VITE_TURNSTILE_SITE_KEY=${VITE_TURNSTILE_SITE_KEY}
+
 # Copy source and build
 COPY frontend/ ./

--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -3,6 +3,8 @@ services:
    build:
      context: .
      dockerfile: backend/Dockerfile
+      args:
+        VITE_TURNSTILE_SITE_KEY: ${TURNSTILE_SITE_KEY}
    container_name: ai-synth
    restart: unless-stopped
    env_file: .env