codewithcj changed sparkyfitness versioning on 2026-06-01:
- Old (through v0.16.6.3 / 2026-05-24): vMAJOR.MINOR.PATCH.BUILD
- New (from v0.16.7 / 2026-06-01) : vMAJOR.MINOR.PATCH
Our version-checker regex was `^v\d+\.\d+\.\d+\.\d+$` (4 segments
only), so the new v0.16.7 / v0.16.8 tags were invisible to it. The
"newest matching" became an arbitrarily-chosen old 4-segment tag
(v0.16.5.9 in the latest scan), which then showed up as an "upgrade
to an older version" -- nonsense, but predictable given the filter.
Two changes:
1. Bump both `codewithcj/sparkyfitness` (frontend) and
`codewithcj/sparkyfitness_server` (backend) from v0.16.6.3 to
v0.16.8 (the actual upstream latest).
2. Loosen the regex to `^v\d+\.\d+\.\d+(\.\d+)?$` so it matches
both the legacy 4-segment form and the new 3-segment form.
Once everything's on 3-segment we can tighten it again if we
want, but the current form is harmless.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
DISABLE_SIGNUP=true blocks OIDC auto-register too (callback returns 'Signups are
currently disabled by the administrator'), so the first admin account can't be
created. Set DISABLE_SIGNUP=false just long enough for the admin to log in via
Authentik once (auto-registers + admin via SPARKY_FITNESS_ADMIN_EMAIL); will be
reverted to true right after.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The Authentik application was created with slug 'sparky-fitness' (hyphen), so the
OIDC discovery document lives at /application/o/sparky-fitness/.well-known/...
The previous value (no hyphen) 404'd. Align the issuer URL with the actual slug.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
SparkyFitness (https://github.com/CodeWithCJ/SparkyFitness) replaces wger on
workout.dooplex.hu / workout.home with native Authentik OIDC.
Components (sparkyfitness.yaml): dedicated postgres:15-alpine, server (3010,
/api/health), frontend nginx (root image, listens :80). PVCs sparkyfitness-postgres
+ sparkyfitness-uploads (Longhorn, backup labels). In-app OIDC, no forward-auth.
Deviations from the deploy spec, following upstream ground truth:
- In-container mount path for uploads is /app/SparkyFitnessServer/uploads (per the
upstream Helm chart values.yaml), not /app/uploads.
- Frontend root image (codewithcj/sparkyfitness) has 'listen 80;' hardcoded ->
NGINX_LISTEN_PORT=80, containerPort/Service 80.
- Image names use the docker-compose variants (codewithcj/sparkyfitness_server,
codewithcj/sparkyfitness); the upstream Helm chart uses -server/-frontend.
- All wger Deployments scaled to 0 (incl. celery worker/beat), not just
wger + wger-redis, so celery doesn't crashloop against the downed redis.
Secrets (outside git): sparky-oauth (client-id/client-secret, pre-existing) +
sparky-app (db + app-db creds, api-encryption-key, better-auth-secret).
wger is parked, not deleted: Deployments at 0, both Ingresses removed (ArgoCD
prune frees the hostnames); Services/ConfigMap/PVCs/CNPG DB kept for rollback.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
admin
Renovate Bot