chore: release v1.7.78-alpha

2026-05-20 20:53:23 -04:00 · 2026-05-20 20:53:23 -04:00 · e61c757633
commit e61c757633
parent cc1f8fba72
9 changed files with 74 additions and 40 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,7 @@

 ## v1.7.78-alpha (2026-05-20)

+- Public Nginx Proxy Manager hosts for Saleor now keep browser GraphQL calls same-origin at `/graphql/` and proxy them to the local API on `8000`, fixing `Failed to fetch` when a public domain such as `noderunner.shop` was loaded from devices that cannot reach the node's private LAN/tailnet API address.
 - Saleor's validated stack changes are now release-ready: dashboard origins on port `9010` are explicitly allowed for dashboard/API calls, preserving the working test-node install path for production nodes.
 - NetBird launches now stay pinned to the unified dashboard/proxy origin on port `8087` instead of following stale runtime-discovered server URLs on `8086`.
 - NetBird's local nginx proxy now routes browser API, OAuth, relay, and WebSocket traffic through `host.containers.internal:8086` instead of a hard-coded rootless Podman gateway IP, and includes the upstream `management.ProxyService` gRPC path.
--- a/core/Cargo.lock
+++ b/core/Cargo.lock
@ -80,7 +80,7 @@ checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61"

 [[package]]
 name = "archipelago"
-version = "1.7.77-alpha"
+version = "1.7.78-alpha"
 dependencies = [
 "anyhow",
 "archipelago-container",
--- a/core/archipelago/Cargo.toml
+++ b/core/archipelago/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "archipelago"
-version = "1.7.77-alpha"
+version = "1.7.78-alpha"
 edition = "2021"
 description = "Archipelago Bitcoin Node OS - Native backend"
 authors = ["Archipelago Team"]
--- a/neode-ui/package-lock.json
+++ b/neode-ui/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "neode-ui",
-  "version": "1.7.77-alpha",
+  "version": "1.7.78-alpha",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "neode-ui",
-      "version": "1.7.77-alpha",
+      "version": "1.7.78-alpha",
      "dependencies": {
        "@types/dompurify": "^3.0.5",
        "@vue-leaflet/vue-leaflet": "^0.10.1",
--- a/neode-ui/package.json
+++ b/neode-ui/package.json
@ -1,7 +1,7 @@
 {
  "name": "neode-ui",
  "private": true,
-  "version": "1.7.77-alpha",
+  "version": "1.7.78-alpha",
  "type": "module",
  "scripts": {
    "start": "./start-dev.sh",
--- a/neode-ui/src/views/appSession/appSessionConfig.ts
+++ b/neode-ui/src/views/appSession/appSessionConfig.ts
@ -100,7 +100,7 @@ export const NEW_TAB_APPS = new Set([
 export const IFRAME_BLOCKED_APPS = new Set<string>([])

 /** Resolve app URL using direct port mapping (source of truth) */
-export function resolveAppUrl(id: string, routeQueryPath?: string, runtimeUrl?: string): string {
+export function resolveAppUrl(id: string, routeQueryPath?: string, _runtimeUrl?: string): string {
  // External HTTPS apps
  const ext = EXTERNAL_URLS[id]
  if (ext) return ext
--- a/release-manifest.json
+++ b/release-manifest.json
@ -1,29 +1,31 @@
 {
-  "version": "1.7.77-alpha",
+  "version": "1.7.78-alpha",
  "release_date": "2026-05-20",
  "changelog": [
-    "Saleor first-use now exposes generated credentials through Archipelago instead of leaving users at an unexplained dashboard login: App Details shows copyable `admin@example.com` credentials, and My Apps/mobile icon launches show a pre-launch credentials modal.",
-    "Saleor installs now create or repair the `admin@example.com` staff account idempotently after sample data loads, use the correct dashboard mount path, and re-check stack containers after startup so stopped containers are caught.",
-    "NetBird embedded login now uses the upstream-compatible IdP signing-key behavior and sends ID tokens from the dashboard to the management API, fixing the post-signup `Unauthenticated` state while preserving the unified local proxy/logout routes.",
-    "Transient unnamed Podman helper containers created during app install tasks are hidden from My Apps, so generated names like `eager_keldysh` no longer appear as user applications.",
-    "Validation passed with catalog/release JSON checks, `npm run type-check`, and `cargo fmt --all --check --manifest-path core/Cargo.toml`; live checks on `100.114.134.21` confirmed Saleor dashboard/API availability, generated Saleor admin login, NetBird OAuth availability, and NetBird logout redirects."
+    "Public Nginx Proxy Manager hosts for Saleor now keep browser GraphQL calls same-origin at `/graphql/` and proxy them to the local API on `8000`, fixing `Failed to fetch` when a public domain such as `noderunner.shop` was loaded from devices that cannot reach the node's private LAN/tailnet API address.",
+    "Saleor's validated stack changes are now release-ready: dashboard origins on port `9010` are explicitly allowed for dashboard/API calls, preserving the working test-node install path for production nodes.",
+    "NetBird launches now stay pinned to the unified dashboard/proxy origin on port `8087` instead of following stale runtime-discovered server URLs on `8086`.",
+    "NetBird's local nginx proxy now routes browser API, OAuth, relay, and WebSocket traffic through `host.containers.internal:8086` instead of a hard-coded rootless Podman gateway IP, and includes the upstream `management.ProxyService` gRPC path.",
+    "The mobile credentials interstitial now keeps credential lists scrollable and action buttons reachable in both My Apps and the mobile app icon grid.",
+    "Android WebView popup windows now hand external popup URLs to the system browser, covering app login/signup flows that open secondary windows.",
+    "Validation passed with `git diff --check`, `cargo check -p archipelago`, and the focused `npm test -- src/views/appSession/__tests__/appSessionConfig.test.ts` suite."
  ],
  "components": [
    {
      "name": "archipelago",
-      "current_version": "1.7.77-alpha",
-      "new_version": "1.7.77-alpha",
-      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.77-alpha/archipelago",
-      "sha256": "53679077182044f0601bab41e7239d293089f30725c1bedd883f30c40bd7807b",
-      "size_bytes": 43068640
+      "current_version": "1.7.78-alpha",
+      "new_version": "1.7.78-alpha",
+      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.78-alpha/archipelago",
+      "sha256": "49ac959035029fb77cbf001cfabbe7919bc74aee3bb7176067c77ab0d1c97b58",
+      "size_bytes": 43069480
    },
    {
-      "name": "archipelago-frontend-1.7.77-alpha.tar.gz",
-      "current_version": "1.7.77-alpha",
-      "new_version": "1.7.77-alpha",
-      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.77-alpha/archipelago-frontend-1.7.77-alpha.tar.gz",
-      "sha256": "a083abfcbdbb03a2ba5a02e622d7d496fa5e6b39f2ee5afd41c9f4df0d31b9d6",
-      "size_bytes": 166486722
+      "name": "archipelago-frontend-1.7.78-alpha.tar.gz",
+      "current_version": "1.7.78-alpha",
+      "new_version": "1.7.78-alpha",
+      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.78-alpha/archipelago-frontend-1.7.78-alpha.tar.gz",
+      "sha256": "a11ed587122fe2150c7439fdb88bfb4f3b999de2c52855bb4ac860b237854943",
+      "size_bytes": 166486679
    }
  ]
 }
--- a/releases/manifest.json
+++ b/releases/manifest.json
@ -1,29 +1,31 @@
 {
-  "version": "1.7.77-alpha",
+  "version": "1.7.78-alpha",
  "release_date": "2026-05-20",
  "changelog": [
-    "Saleor first-use now exposes generated credentials through Archipelago instead of leaving users at an unexplained dashboard login: App Details shows copyable `admin@example.com` credentials, and My Apps/mobile icon launches show a pre-launch credentials modal.",
-    "Saleor installs now create or repair the `admin@example.com` staff account idempotently after sample data loads, use the correct dashboard mount path, and re-check stack containers after startup so stopped containers are caught.",
-    "NetBird embedded login now uses the upstream-compatible IdP signing-key behavior and sends ID tokens from the dashboard to the management API, fixing the post-signup `Unauthenticated` state while preserving the unified local proxy/logout routes.",
-    "Transient unnamed Podman helper containers created during app install tasks are hidden from My Apps, so generated names like `eager_keldysh` no longer appear as user applications.",
-    "Validation passed with catalog/release JSON checks, `npm run type-check`, and `cargo fmt --all --check --manifest-path core/Cargo.toml`; live checks on `100.114.134.21` confirmed Saleor dashboard/API availability, generated Saleor admin login, NetBird OAuth availability, and NetBird logout redirects."
+    "Public Nginx Proxy Manager hosts for Saleor now keep browser GraphQL calls same-origin at `/graphql/` and proxy them to the local API on `8000`, fixing `Failed to fetch` when a public domain such as `noderunner.shop` was loaded from devices that cannot reach the node's private LAN/tailnet API address.",
+    "Saleor's validated stack changes are now release-ready: dashboard origins on port `9010` are explicitly allowed for dashboard/API calls, preserving the working test-node install path for production nodes.",
+    "NetBird launches now stay pinned to the unified dashboard/proxy origin on port `8087` instead of following stale runtime-discovered server URLs on `8086`.",
+    "NetBird's local nginx proxy now routes browser API, OAuth, relay, and WebSocket traffic through `host.containers.internal:8086` instead of a hard-coded rootless Podman gateway IP, and includes the upstream `management.ProxyService` gRPC path.",
+    "The mobile credentials interstitial now keeps credential lists scrollable and action buttons reachable in both My Apps and the mobile app icon grid.",
+    "Android WebView popup windows now hand external popup URLs to the system browser, covering app login/signup flows that open secondary windows.",
+    "Validation passed with `git diff --check`, `cargo check -p archipelago`, and the focused `npm test -- src/views/appSession/__tests__/appSessionConfig.test.ts` suite."
  ],
  "components": [
    {
      "name": "archipelago",
-      "current_version": "1.7.77-alpha",
-      "new_version": "1.7.77-alpha",
-      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.77-alpha/archipelago",
-      "sha256": "53679077182044f0601bab41e7239d293089f30725c1bedd883f30c40bd7807b",
-      "size_bytes": 43068640
+      "current_version": "1.7.78-alpha",
+      "new_version": "1.7.78-alpha",
+      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.78-alpha/archipelago",
+      "sha256": "49ac959035029fb77cbf001cfabbe7919bc74aee3bb7176067c77ab0d1c97b58",
+      "size_bytes": 43069480
    },
    {
-      "name": "archipelago-frontend-1.7.77-alpha.tar.gz",
-      "current_version": "1.7.77-alpha",
-      "new_version": "1.7.77-alpha",
-      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.77-alpha/archipelago-frontend-1.7.77-alpha.tar.gz",
-      "sha256": "a083abfcbdbb03a2ba5a02e622d7d496fa5e6b39f2ee5afd41c9f4df0d31b9d6",
-      "size_bytes": 166486722
+      "name": "archipelago-frontend-1.7.78-alpha.tar.gz",
+      "current_version": "1.7.78-alpha",
+      "new_version": "1.7.78-alpha",
+      "download_url": "http://146.59.87.168:3000/lfg2025/archy/releases/download/v1.7.78-alpha/archipelago-frontend-1.7.78-alpha.tar.gz",
+      "sha256": "a11ed587122fe2150c7439fdb88bfb4f3b999de2c52855bb4ac860b237854943",
+      "size_bytes": 166486679
    }
  ]
 }
--- a/scripts/sync-npm-public-hosts.sh
+++ b/scripts/sync-npm-public-hosts.sh
@ -58,6 +58,32 @@ for row in rows:
    # NPM containers use this name to reach host-published services; host nginx
    # itself should use loopback for the same services.
    nginx_host = "127.0.0.1" if host == "host.containers.internal" else host
+    try:
+        forward_port = int(port)
+    except (TypeError, ValueError):
+        forward_port = None
+    is_saleor = forward_port == 9010
+    graphql_location = ""
+    saleor_proxy_headers = ""
+    if is_saleor:
+        graphql_location = """
+    location ^~ /graphql/ {
+        proxy_pass http://127.0.0.1:8000/graphql/;
+        proxy_http_version 1.1;
+        proxy_set_header Host 127.0.0.1;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Forwarded-Scheme https;
+        proxy_set_header Origin "";
+    }
+"""
+        saleor_proxy_headers = """
+        proxy_set_header Accept-Encoding "";
+        sub_filter_once off;
+        sub_filter_types text/html;
+        sub_filter '</head>' '<script>if(window.__SALEOR_CONFIG__){window.__SALEOR_CONFIG__.API_URL=location.origin+"/graphql/";window.__SALEOR_CONFIG__.EXTENSIONS_API_URL=location.origin+"/graphql/";}</script></head>';
+"""

    print(f"""
 server {{
@ -81,6 +107,8 @@ server {{
    ssl_certificate {cert};
    ssl_certificate_key {key};

+{graphql_location}
+
    location / {{
        proxy_pass {scheme}://{nginx_host}:{port};
        proxy_http_version 1.1;
@ -91,6 +119,7 @@ server {{
        proxy_set_header X-Forwarded-Scheme https;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
+{saleor_proxy_headers}
    }}
 }}
 """)