fix(ci): Re-enable QA for tags and use global Turborepo cache key to allow hits across branches/tags

.gitea/workflows/ci.yml

@@ -50,9 +50,9 @@ jobs:
         uses: actions/cache@v4
         with:
           path: .turbo
-          key: ${{ runner.os }}-turbo-${{ github.ref_name }}-${{ github.sha }}
+          key: ${{ runner.os }}-turbo-global-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-turbo-${{ github.ref_name }}-
+            ${{ runner.os }}-turbo-global-
             ${{ runner.os }}-turbo-
 
       - name: 🧪 QA Checks

.gitea/workflows/deploy.yml

@@ -175,9 +175,9 @@ jobs:
         uses: actions/cache@v4
         with:
           path: .turbo
-          key: ${{ runner.os }}-turbo-${{ github.ref_name }}-${{ github.sha }}
+          key: ${{ runner.os }}-turbo-global-${{ github.sha }}
           restore-keys: |
-            ${{ runner.os }}-turbo-${{ github.ref_name }}-
+            ${{ runner.os }}-turbo-global-
             ${{ runner.os }}-turbo-
 
       - name: 🔒 Security Audit

Dockerfile

@@ -41,10 +41,7 @@ CMD ["pnpm", "dev:local"]
 # Build application
 # Stage 3: Builder (Production)
 FROM base AS builder
-RUN --mount=type=cache,target=/app/.next/cache,id=nextjs-cache \
-    pnpm build && \
-    mkdir -p /app/.next-cache-tmp && \
-    cp -r /app/.next/cache/* /app/.next-cache-tmp/ || true
+RUN pnpm build
 
 # Stage 3: Runner
 FROM registry.infra.mintel.me/mintel/runtime:v1.7.10 AS runner
@@ -63,6 +60,6 @@ ENV NODE_ENV=production
 COPY --from=builder --chown=nextjs:nodejs /app/public ./public
 COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
 COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
-COPY --from=builder --chown=nextjs:nodejs /app/.next-cache-tmp ./.next/cache
+COPY --from=builder --chown=nextjs:nodejs /app/.next/cache ./.next/cache
 
 CMD ["node", "server.js"]

middleware.ts

@@ -10,10 +10,38 @@ const intlMiddleware = createMiddleware({
   defaultLocale: 'en',
 });
 
-export default function middleware(request: NextRequest) {
+const imgproxyStatus = { isDown: false, lastCheck: 0 };
+
+async function isImgproxyDown() {
+  const now = Date.now();
+  if (now - imgproxyStatus.lastCheck > 60000) {
+    try {
+      const imgproxyUrl = process.env.IMGPROXY_URL || 'https://img.infra.mintel.me';
+      const checkUrl = imgproxyUrl.startsWith('http') ? imgproxyUrl : `https://${imgproxyUrl}`;
+      const res = await fetch(checkUrl, { signal: AbortSignal.timeout(2000) });
+      imgproxyStatus.isDown = res.status >= 500;
+    } catch (e) {
+      imgproxyStatus.isDown = true;
+    }
+    imgproxyStatus.lastCheck = now;
+  }
+  return imgproxyStatus.isDown;
+}
+
+export default async function middleware(request: NextRequest) {
   const { method, url, headers } = request;
   const { pathname } = request.nextUrl;
 
+  if (pathname.startsWith('/_img/')) {
+    if (await isImgproxyDown()) {
+      const originalUrl = request.nextUrl.searchParams.get('url');
+      if (originalUrl) {
+        return NextResponse.redirect(originalUrl);
+      }
+    }
+    return NextResponse.next();
+  }
+
   // Explicit bypass for infrastructure routes to avoid locale redirects/interception
   if (
     pathname.startsWith('/stats') ||
@@ -97,7 +125,7 @@ export default function middleware(request: NextRequest) {
 
 export const config = {
   matcher: [
-    '/((?!api|_next/static|_next/image|_img|favicon.ico|manifest.webmanifest|.*\\.(?:svg|png|jpg|jpeg|gif|webp|pdf|txt|vcf|xml|webm|mp4|map)$).*)',
+    '/((?!api|_next/static|_next/image|favicon.ico|manifest.webmanifest|.*\\.(?:svg|png|jpg|jpeg|gif|webp|pdf|txt|vcf|xml|webm|mp4|map)$).*)',
     '/(de|en)/:path*',
     '/(de|en)/:path*',
   ],