Skip to content

fix: enables https and job fixes [#70]#71

Merged
robert-7 merged 1 commit into
mainfrom
enable-https-and-job-fix
Apr 14, 2026
Merged

fix: enables https and job fixes [#70]#71
robert-7 merged 1 commit into
mainfrom
enable-https-and-job-fix

Conversation

@robert-7

@robert-7 robert-7 commented Apr 14, 2026

Copy link
Copy Markdown
Owner

Summary

Addresses the issues discussed in #70 around two separate areas:

  1. GitHub Actions warnings and job setup
  2. Production HTTPS / asset loading behavior behind the AWS ALB

This PR contains the repo-side fixes needed to support the AWS HTTPS rollout and to clean up the CI workflow.

Discussion Summary

During investigation, we confirmed a few separate problems:

  • GitHub Actions was warning about JavaScript actions still running on the deprecated Node.js 20 runtime.
  • The lint job was also relying on an implicit Python version and the pre-commit/action wrapper.
  • Production POST behavior was failing under the original HTTP-only ALB setup because the app correctly uses secure cookies in APP_ENV=production.
  • After enabling HTTPS on AWS, the app still showed partial styling issues.
  • Browser inspection showed the rendered page included /static//css/main.css, and the browser console showed blocked stylesheet requests.
  • That pointed to two repo-side issues:
    • doubled static asset paths in the shared layout template
    • Flask not trusting the ALB's forwarded scheme/host headers, so proxy-aware HTTPS behavior was incomplete

Separately from this PR, the AWS and DNS side was configured manually during the discussion:

  • an ACM certificate was requested and DNS-validated via Namecheap
  • course-enrollment-app.robertlech.com was pointed at the ALB
  • the ALB was updated to serve HTTPS and redirect HTTP to HTTPS

What This PR Changes

CI / workflow fixes

  • Updates .github/workflows/main.yml to set python-version: 3.13 in the lint job
  • Replaces pre-commit/action with explicit dependency installation plus pre-commit run --all-files
  • Enables pip caching for the Python jobs
  • Temporarily sets FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true for the workflow, with an inline comment explaining that this is a compatibility guardrail while GitHub-hosted runners complete the Node 20 deprecation transition

HTTPS / app fixes

  • Wraps the Flask app with ProxyFix in application/__init__.py so the app respects the ALB's forwarded scheme/host headers
  • Fixes static asset paths in application/templates/layout.html by removing the leading slash from url_for('static', filename=...)
  • This normalizes rendered asset URLs from /static//... to /static/... and avoids proxy/mixed-content style failures after the HTTPS rollout

Tests

  • Adds a config assertion that the app is wrapped with ProxyFix
  • Adds a route regression test that verifies index renders normalized static asset paths and does not emit /static//...

Files Changed

  • .github/workflows/main.yml
  • application/__init__.py
  • application/templates/layout.html
  • tests/test_config.py
  • tests/test_routes.py
  • .vscode/settings.json

Validation

Ran locally:

  • pre-commit run --files application/__init__.py application/templates/layout.html tests/test_config.py tests/test_routes.py
  • .venv/bin/pytest tests/test_config.py tests/test_routes.py
  • pre-commit run --files .github/workflows/main.yml

Validated during the AWS/HTTPS rollout discussion:

  • ACM DNS validation CNAME resolved publicly
  • course-enrollment-app.robertlech.com resolved to the ALB
  • ACM certificate reached ISSUED
  • https://course-enrollment-app.robertlech.com/index became reachable through the ALB

Follow-up After Merge

After this PR is merged and deployed, validate that:

  • the GitHub Actions warnings are reduced/cleared as expected
  • https://course-enrollment-app.robertlech.com/index loads with the app stylesheet applied
  • page source renders /static/css/main.css rather than /static//css/main.css
  • registration/login/enrollment POST flows work correctly over HTTPS

Closes #70

@codecov

codecov Bot commented Apr 14, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@robert-7 robert-7 merged commit edd8248 into main Apr 14, 2026
11 checks passed
@robert-7 robert-7 deleted the enable-https-and-job-fix branch April 14, 2026 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Fix some issues with out current deployment and code

1 participant