Docker: enable BuildKit cache for npm ci

Dockerfile

@@ -7,16 +7,18 @@ WORKDIR /app
 ENV npm_config_update_notifier=false \
     npm_config_audit=false \
     npm_config_fund=false \
-    npm_config_progress=false
+    npm_config_progress=false \
+    ASTRO_TELEMETRY_DISABLED=1
 
 # (Optionnel mais propre) git + certificats
 RUN apt-get -o Acquire::Retries=5 -o Acquire::ForceIPv4=true update \
  && apt-get install -y --no-install-recommends ca-certificates git \
- && rm -rf /var/lib/apt/lists/*	
+ && rm -rf /var/lib/apt/lists/*
 
 # Déps d’abord (cache Docker)
 COPY package.json package-lock.json ./
-RUN npm ci --no-audit --no-fund
+RUN --mount=type=cache,target=/root/.npm \
+    npm ci --no-audit --no-fund
 
 # Sources
 COPY . .

src/layouts/EditionLayout.astro

@@ -416,25 +416,21 @@ const GITEA_REPO = import.meta.env.PUBLIC_GITEA_REPO ?? "";
           groups,
           raw: text,
         };
-      })().catch((err) => {
-        console.warn("[proposer] whoami fetch failed", err);
-        return {
-          ok: false,
-          user: "",
-          name: "",
-          email: "",
-          groups: [],
-          raw: "",
-        };
-      });
+      })().catch(() => ({
+        ok: false,
+        user: "",
+        name: "",
+        email: "",
+        groups: [],
+        raw: "",
+      }));
 
       return _authInfoPromise;
     }
 
     // Promise unique : est-on editor ?
-    // ⚠️ On reste fail-closed, mais NON destructif (on ne supprime pas sur erreur réseau)
     const isEditorP = giteaReady
-      ? getAuthInfo().then((info) => info.groups.includes(PROPOSE_REQUIRED_GROUP))
+      ? getAuthInfo().then((info) => info.groups.includes(PROPOSE_REQUIRED_GROUP)).catch(() => false)
       : Promise.resolve(false);
 
     const quoteBlock = (s) =>
@@ -505,24 +501,6 @@ const GITEA_REPO = import.meta.env.PUBLIC_GITEA_REPO ?? "";
     // ==========================
     const paras = Array.from(document.querySelectorAll('.reading p[id^="p-"]'));
 
-    // Petit helper : fail-closed mais réversible (hide ≠ remove)
-    function hidePropose(el) {
-      try {
-        el.hidden = true;
-        el.style.display = "none";
-        el.setAttribute("aria-hidden", "true");
-        el.setAttribute("tabindex", "-1");
-      } catch {}
-    }
-    function showPropose(el) {
-      try {
-        el.hidden = false;
-        el.style.display = "";
-        el.removeAttribute("aria-hidden");
-        el.removeAttribute("tabindex");
-      } catch {}
-    }
-
     for (const p of paras) {
       if (p.querySelector(".para-tools")) continue;
 
@@ -569,16 +547,16 @@ const GITEA_REPO = import.meta.env.PUBLIC_GITEA_REPO ?? "";
         propose.textContent = "Proposer";
         propose.setAttribute("aria-label", "Proposer une correction sur Gitea");
 
-        // ✅ fail-closed (mais NON destructif)
+        // ✅ fail-closed DUR : inline-style (ne peut pas être overridé par ton CSS)
+        propose.style.display = "none";
         propose.dataset.requiresGroup = PROPOSE_REQUIRED_GROUP;
-        hidePropose(propose);
 
         const raw = (p.textContent || "").trim().replace(/\s+/g, " ");
         const excerpt = raw.length > 420 ? (raw.slice(0, 420) + "…") : raw;
 
         const issueUrl = buildIssueURL(p.id, raw, excerpt);
 
-        // Lien fallback (si JS modal casse totalement)
+        // Lien fallback (si JS casse totalement)
         propose.href = issueUrl;
 
         // ✅ Marqueurs pour ProposeModal (interception 2 étapes)
@@ -622,18 +600,16 @@ const GITEA_REPO = import.meta.env.PUBLIC_GITEA_REPO ?? "";
     }
 
     // ✅ Après insertion : on autorise Proposer seulement si groupe editors
-    //    - ok=false => remove (pas d’UI “Proposer” pour les non-éditeurs)
-    //    - erreur fetch => on garde HIDDEN (non destructif) ; un reload pourra réussir
     if (giteaReady) {
       isEditorP.then((ok) => {
         const els = document.querySelectorAll(".para-propose");
         for (const el of els) {
-          if (ok) showPropose(el);
+          if (ok) el.style.display = "";
           else el.remove();
         }
-      }).catch((err) => {
-        console.warn("[proposer] gate failed; keeping Proposer hidden", err);
-        document.querySelectorAll(".para-propose").forEach((el) => hidePropose(el));
+      }).catch(() => {
+        // fail-closed
+        document.querySelectorAll(".para-propose").forEach((el) => el.remove());
       });
     }