From f517982b8fd3965f082df99f594de1ed396ed25b Mon Sep 17 00:00:00 2001
From: Kaan Yagci <kaan.yagci@makepad.fr>
Date: Sun, 7 Jun 2026 20:22:05 +0200
Subject: [PATCH 1/2] fix(nginx): allow larger VIF auth callback headers

---
 sites/vif-prod.conf.template | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sites/vif-prod.conf.template b/sites/vif-prod.conf.template
index f9755e8..c284cff 100644
--- a/sites/vif-prod.conf.template
+++ b/sites/vif-prod.conf.template
@@ -34,6 +34,9 @@ server {
         set $vif_prod_upstream ${VIF_PROD_UPSTREAM};
         proxy_pass $vif_prod_upstream;
         proxy_http_version 1.1;
+        proxy_buffer_size 32k;
+        proxy_buffers 8 32k;
+        proxy_busy_buffers_size 64k;
         proxy_read_timeout 300s;
         proxy_send_timeout 300s;
         proxy_set_header Connection $connection_upgrade;

From 71dedabd36562b25227ce65b3aa6e2d2b32aae67 Mon Sep 17 00:00:00 2001
From: Kaan Yagci <kaan.yagci@makepad.fr>
Date: Sun, 7 Jun 2026 20:24:13 +0200
Subject: [PATCH 2/2] fix(deploy): version nginx swarm configs

---
 .github/workflows/manual-deploy.yml | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/manual-deploy.yml b/.github/workflows/manual-deploy.yml
index b2887cb..16ce6b0 100644
--- a/.github/workflows/manual-deploy.yml
+++ b/.github/workflows/manual-deploy.yml
@@ -108,10 +108,12 @@ jobs:
           scp "${scp_opts[@]}" "${bundle_root}/sites/le-petit-coin-prod.conf.template" "${remote_target}:${REMOTE_DIR}/sites/le-petit-coin-prod.conf.template"
           scp "${scp_opts[@]}" "${bundle_root}/sites/vif-prod.conf.template" "${remote_target}:${REMOTE_DIR}/sites/vif-prod.conf.template"
 
-          ssh "${ssh_opts[@]}" "${remote_target}" bash -se -- "${REMOTE_DIR}" "${STACK_NAME}" <<'EOF'
+          deploy_revision="${GITHUB_SHA::12}"
+          ssh "${ssh_opts[@]}" "${remote_target}" bash -se -- "${REMOTE_DIR}" "${STACK_NAME}" "${deploy_revision}" <<'EOF'
           set -euo pipefail
           remote_dir=$1
           stack_name=$2
+          deploy_revision=$3
           deploy_env=production
           env_deploy="${remote_dir}/envs/${deploy_env}/.env.deploy"
           for app_network in \
@@ -131,16 +133,24 @@ jobs:
             -f "${remote_dir}/envs/${deploy_env}/compose.yml" \
             config > "${remote_dir}/stack.rendered.yml"
 
-          python3 - "${remote_dir}/stack.rendered.yml" "${remote_dir}/stack.yml" <<'PY'
+          python3 - "${remote_dir}/stack.rendered.yml" "${remote_dir}/stack.yml" "${deploy_revision}" <<'PY'
           from pathlib import Path
           import sys
 
           source = Path(sys.argv[1])
           target = Path(sys.argv[2])
+          revision = sys.argv[3]
           text = source.read_text()
           text = text.replace('published: "80"', 'published: 80')
           text = text.replace('published: "443"', 'published: 443')
-          text = "\n".join(line for line in text.splitlines() if line != "name: nginx") + "\n"
+          lines = []
+          for line in text.splitlines():
+              if line == "name: nginx":
+                  continue
+              if line.startswith("    name: nginx_") and line.endswith("_conf"):
+                  line = f"{line}_rev{revision}"
+              lines.append(line)
+          text = "\n".join(lines) + "\n"
           target.write_text(text)
           PY