From 209c5496d8c72019ec8f4d0b22fab9c705f487b8 Mon Sep 17 00:00:00 2001
From: Dan Milne <d@nmilne.com>
Date: Thu, 11 Jun 2026 23:53:09 +1000
Subject: [PATCH] Fix asset precompile boot and bump version to 0.16.0

The CLINCH_HOST initializer raised during `assets:precompile` in the
Docker build, where no real host is set. Skip the check when
SECRET_KEY_BASE_DUMMY is present (the build-time precompile step);
deployed boots still require CLINCH_HOST.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 config/initializers/clinch_host.rb | 5 ++++-
 config/initializers/version.rb     | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/config/initializers/clinch_host.rb b/config/initializers/clinch_host.rb
index d29ed84..8286cab 100644
--- a/config/initializers/clinch_host.rb
+++ b/config/initializers/clinch_host.rb
@@ -4,7 +4,10 @@
 # never inferred from request headers — X-Forwarded-Host is attacker-influenceable,
 # so inferring the origin from it would allow host-header phishing and open
 # redirects. Fail fast at boot rather than start in an unsafe configuration.
-unless Rails.env.local?
+#
+# Skipped during asset precompilation (e.g. the Docker build step, which sets
+# SECRET_KEY_BASE_DUMMY): no real CLINCH_HOST exists yet and assets don't need it.
+unless Rails.env.local? || ENV["SECRET_KEY_BASE_DUMMY"].present?
   if ENV["CLINCH_HOST"].blank?
     raise "CLINCH_HOST must be set (e.g. https://auth.example.com). It is the " \
           "canonical origin of this Clinch instance and must not be inferred " \
diff --git a/config/initializers/version.rb b/config/initializers/version.rb
index db9d8f8..b5c1601 100644
--- a/config/initializers/version.rb
+++ b/config/initializers/version.rb
@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Clinch
-  VERSION = "0.15.0"
+  VERSION = "0.16.0"
 end