- formulas/release.sh: cd to $FACTORY_ROOT (not parent) for docker compose build
- docker-compose.yml: mount docker-compose.yml into edge container, pass HOST_PROJECT_DIR
- dispatcher.sh: use -f and --project-directory so compose resolves volume paths
against the host filesystem when invoked from inside the edge container
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dockerfile: caddy:latest is Alpine, needs apk not apt-get. Add python3
which dispatcher.sh requires for JSON filtering since Apr 6.
dispatcher.sh: BusyBox mktemp does not support suffixes after XXXXXX
template. Remove .txt suffix.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The dispatcher verifies vault actions by checking whether the merger
of the PR is an admin. With the auto-merge workflow, the merger is
always the bot that requested auto-merge (e.g. dev-bot), not the
human who approved the PR.
This change:
1. Adds get_pr_reviews() to fetch reviews from Forgejo API
2. Adds verify_admin_approver() to check for admin APPROVED reviews
3. Updates verify_admin_merged() to check approver first, then fallback
to merger check for backwards compatibility
This ensures auto-merged vault PRs approved by an admin pass verification,
while still rejecting vault PRs without any admin approval.
- Use FORGE_URL/FORGE_OPS_REPO for clonable URL
- Pass -e SECRET_NAME without value (Docker inherits from env)
- Simplify logging to hide all -e flags entirely
- Redact secrets in logs (=***)
- Fix -e flags before service name in docker compose run
- Use FORGE_OPS_REPO for cloning ops repo
- Refresh ops repo in each poll loop iteration
- Use array-based command execution to prevent shell injection
- Load vault secrets after env.sh for dispatcher access
- Create docker/edge/Dockerfile with bash, jq, curl, git, docker-cli
- Create docker/edge/dispatcher.sh as placeholder no-op loop
- Update edge service to build from ./docker/edge instead of caddy:alpine image
- Mount Docker socket into edge container for dispatcher access
- Mount dispatcher.sh as read-only volume
