Samir Boulahtit
947ca43c7b
All checks were successful
Picked up the morning's carry-over and ran the full prod-readiness chain end-to-end. Resolution: SG credential out of git permanently via untrack + .example template (e44f5c04); per-host migration on prod (alertmanager.yml gitignored, real file lives outside git); deploy-api-only.sh succeeded for the first time; today's 9 queued loyalty commits live on prod with ?v=e44f5c04 (and verified by re-running the loyalty redirect flicker repro — clean). Multi-hour rabbit hole on actual email delivery: provider's port 587 PLAIN backend is OAuth-wired (returns RFC 6749 invalid_grant text for password auth); switched to provider's documented port 465 SSL/TLS endpoint. Discovered Hetzner Cloud blocks outbound 25 and 465 by default as anti-spam policy. Auto-approved unblock ticket landed in minutes; one-line smarthost change to :465 reactivated email alerting after 13+ days down. alertmanager handles implicit TLS on 465 natively, no stunnel/relay needed. Hetzner doc updated with the egress-block warning + mail1 SMTP callout in1227567das 5h-debug payback. Next session resumes at Test 5.2 (/account/loyalty with 168 pts customer) → 5.3 history. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>