devteam/sharenet
3
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Fix for job container not having curl
Some checks failed
Podman Rootless Demo / test-backend (push) Has been skipped
Details
Podman Rootless Demo / test-frontend (push) Has been skipped
Details
Podman Rootless Demo / build-backend (push) Has been skipped
Details
Podman Rootless Demo / build-frontend (push) Has been skipped
Details
Podman Rootless Demo / deploy-prod (push) Failing after 2m19s
Details

Browse source
This commit is contained in:
continuist 2025-09-20 22:20:52 -04:00
parent 198d77de8a
commit d4a70ed770
1 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
.forgejo/workflows/ci.yml
View file

@ -245,21 +245,19 @@ jobs:
podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-backend-api-postgres:$IMAGE_TAG" podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-backend-api-postgres:$IMAGE_TAG"
podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-frontend:$IMAGE_TAG" podman --remote pull "$REGISTRY_HOST/$APP_NAME/sharenet-frontend:$IMAGE_TAG"
# 1) Render nginx.conf from repo and copy to host (no unshare) # RENDER & COPY NGINX CONF (unchanged except for whitelisted envsubst)
- name: Render nginx.conf and write to host - name: Render nginx.conf and write to host
run: | run: |
set -euo pipefail set -euo pipefail
apk add --no-cache gettext >/dev/null # envsubst apk add --no-cache gettext >/dev/null
# Only substitute the vars we intend to: ${PROD_*_PORT}
envsubst '${PROD_FRONTEND_PORT} ${PROD_BACKEND_PORT}' < nginx/nginx.conf > /tmp/nginx.conf envsubst '${PROD_FRONTEND_PORT} ${PROD_BACKEND_PORT}' < nginx/nginx.conf > /tmp/nginx.conf
podman --remote run --rm -i \ podman --remote run --rm -i \
--userns=keep-id \ --userns=keep-id \
-v /opt/sharenet/nginx:/host-nginx:rw \ -v /opt/sharenet/nginx:/host-nginx:rw \
alpine:3.20 sh -c 'install -D -m 0644 /dev/stdin /host-nginx/nginx.conf' \ alpine:3.20 sh -c 'install -D -m 0644 /dev/stdin /host-nginx/nginx.conf' \
< /tmp/nginx.conf < /tmp/nginx.conf
# 2) Lint nginx.conf BEFORE restarting the pod (avoids crash loops) # LINT NGINX CONF BEFORE APPLYING
- name: Validate nginx.conf with throwaway container - name: Validate nginx.conf with throwaway container
run: | run: |
set -euo pipefail set -euo pipefail
@ -268,16 +266,24 @@ jobs:
docker.io/nginx:alpine \ docker.io/nginx:alpine \
sh -lc 'nginx -t -c /etc/nginx/nginx.conf' sh -lc 'nginx -t -c /etc/nginx/nginx.conf'
# 3) Recreate the pod (down → play). This ensures new images/ports/env + the validated conf. # APPLY/RE-APPLY THE POD (no explicit "down"; use --replace)
- name: Recreate pod - name: Apply pod (kube play --replace)
run: | run: |
set -euo pipefail set -euo pipefail
podman --remote kube down sharenet-production-pod || true # If your Podman supports --replace, this is the cleanest:
envsubst < deploy/prod-pod.yml | podman --remote kube play - envsubst < deploy/prod-pod.yml | podman --remote kube play --replace -
# 4) Verify health on the prod host # If --replace is NOT supported in your Podman, use this fallback instead:
# - name: Recreate pod (fallback)
# run: |
# set -euo pipefail
# podman --remote pod rm -f sharenet-production-pod 2>/dev/null || true
# envsubst < deploy/prod-pod.yml | podman --remote kube play -
# VERIFY (install curl first)
- name: Verify in-pod Nginx - name: Verify in-pod Nginx
run: | run: |
set -euo pipefail set -euo pipefail
apk add --no-cache curl >/dev/null
curl -sS -D- http://127.0.0.1:18080/healthz curl -sS -D- http://127.0.0.1:18080/healthz
curl -sS -I http://127.0.0.1:18080/