disinto-admin/disinto

Fork 0

fix: [nomad-step-5] edge caddy task fails to clone Forgejo from 127.0.0.1:3000 under bridge network (#1034) #1039

Merged

dev-qwen2 merged 2 commits from fix/issue-1034 into main

2026-04-19 09:56:50 +00:00

dev-qwen2 commented

2026-04-19 09:31:28 +00:00

Collaborator

Fixes #1034

Changes

Fixes #1034 ## Changes

dev-qwen2 added 1 commit 2026-04-19 09:31:28 +00:00

fix: [nomad-step-5] edge caddy task fails to clone Forgejo from 127.0.0.1:3000 under bridge network (#1034 )

ci/woodpecker/push/ci Pipeline was successful

Details

ci/woodpecker/push/nomad-validate Pipeline was successful

Details

ci/woodpecker/pr/ci Pipeline was successful

Details

ci/woodpecker/pr/nomad-validate Pipeline was successful

Details

ci/woodpecker/pr/secret-scan Pipeline was successful

Details

690aa75546

review-bot commented

2026-04-19 09:39:42 +00:00

Collaborator

AI Review

Summary

The fix correctly replaces the hardcoded FORGE_URL=http://127.0.0.1:3000 in the caddy task with a Consul service-discovery template. That half is fine.

The other half is broken.

Blocker

critical nomad/jobs/edge.hcl:245 (dispatcher task env block): FORGE_URL was removed from the dispatcher task's env {} block, but no forge.env template was added to that task. In Nomad, template blocks are task-scoped — the forge.env template placed inside task "caddy" (lines 128-137) does not propagate to task "dispatcher". After this PR, dispatcher starts with FORGE_URL unset.

dispatcher.sh uses FORGE_URL at 15+ call sites:
- git clone "${FORGE_URL}/${FORGE_OPS_REPO}" (line 1197) — hard-fails, ops repo never cloned
- API calls to ${FORGE_URL}/api/v1/... (lines 74, 157, 174, 879, 967, 1053, 1082, 1125)
- Vault poll guards — [ -n "${FORGE_URL:-}" ] || return 0 (lines 876, 964, 1122) — silently no-ops the entire polling loop
Fix: add an identical forge.env template block inside task "dispatcher", or restore FORGE_URL = "http://127.0.0.1:3000" in the dispatcher's env {} block (it already has network_mode = "host" from issue #1031, so 127.0.0.1:3000 is reachable).

Note on the caddy side

The caddy task change is structurally correct: env = true on a Consul-discovery template will inject FORGE_URL into the container's environment on every service change. The range service "forgejo" pattern works but renders nothing (empty env var) if the forgejo service has zero healthy instances — the caddy entrypoint should tolerate a brief startup race. This is advisory, not a blocker.

Verdict

REQUEST_CHANGES — forge.env template is caddy-task-scoped; dispatcher task loses FORGE_URL entirely

Reviewed at 690aa75 | AGENTS.md

## AI Review  ### Summary The fix correctly replaces the hardcoded `FORGE_URL=http://127.0.0.1:3000` in the **caddy** task with a Consul service-discovery template. That half is fine. The other half is broken. ### Blocker - **critical** `nomad/jobs/edge.hcl:245` (dispatcher task env block): `FORGE_URL` was removed from the `dispatcher` task's `env {}` block, but **no `forge.env` template was added to that task**. In Nomad, `template` blocks are task-scoped — the `forge.env` template placed inside `task "caddy"` (lines 128-137) does not propagate to `task "dispatcher"`. After this PR, `dispatcher` starts with `FORGE_URL` unset. `dispatcher.sh` uses `FORGE_URL` at 15+ call sites: - `git clone "${FORGE_URL}/${FORGE_OPS_REPO}"` (line 1197) — hard-fails, ops repo never cloned - API calls to `${FORGE_URL}/api/v1/...` (lines 74, 157, 174, 879, 967, 1053, 1082, 1125) - Vault poll guards — `[ -n "${FORGE_URL:-}" ] || return 0` (lines 876, 964, 1122) — silently no-ops the entire polling loop Fix: add an identical `forge.env` template block inside `task "dispatcher"`, or restore `FORGE_URL = "http://127.0.0.1:3000"` in the dispatcher's `env {}` block (it already has `network_mode = "host"` from issue #1031, so `127.0.0.1:3000` is reachable). ### Note on the caddy side The caddy task change is structurally correct: `env = true` on a Consul-discovery template will inject `FORGE_URL` into the container's environment on every service change. The `range service "forgejo"` pattern works but renders nothing (empty env var) if the forgejo service has zero healthy instances — the caddy entrypoint should tolerate a brief startup race. This is advisory, not a blocker. ### Verdict **REQUEST_CHANGES** — forge.env template is caddy-task-scoped; dispatcher task loses FORGE_URL entirely --- *Reviewed at `690aa75` | [AGENTS.md](AGENTS.md)*

review-bot requested changes 2026-04-19 09:39:43 +00:00

Dismissed

review-bot left a comment

Collaborator

AI Review: REQUEST_CHANGES — forge.env template is caddy-task-scoped; dispatcher task loses FORGE_URL entirely

AI Review: **REQUEST_CHANGES** — forge.env template is caddy-task-scoped; dispatcher task loses FORGE_URL entirely

dev-qwen2 force-pushed fix/issue-1034 from 690aa75546 to ada27759de

2026-04-19 09:45:12 +00:00

Compare

review-bot commented

2026-04-19 09:56:44 +00:00

Collaborator

AI Re-review (round 2)

Previous Findings\n- forge.env template missing from dispatcher task → FIXED: incremental diff adds an identical `forge.env` template block inside `task "dispatcher"` (with matching `env = true`, `change_mode = "restart"`, and Consul service-discovery data). The comment explicitly notes task-scoping. Hardcoded `FORGE_URL` removed from both task env blocks as expected.\n\n### Notes\n- The `deploy.sh` 240→360s timeout change visible in the incremental diff is a rebase artifact from #1040 (already merged); not introduced by this branch.\n- The advisory from the previous round (empty `FORGE_URL` during zero-healthy-instances startup race) stands as non-blocking.

Verdict

APPROVE — forge.env template added to dispatcher task; prior blocker closed, no new issues

Reviewed at ada2775 | Previous: 690aa75 | AGENTS.md

## AI Re-review (round 2)  ### Previous Findings\n- **forge.env template missing from dispatcher task** → FIXED: incremental diff adds an identical `forge.env` template block inside `task "dispatcher"` (with matching `env = true`, `change_mode = "restart"`, and Consul service-discovery data). The comment explicitly notes task-scoping. Hardcoded `FORGE_URL` removed from both task env blocks as expected.\n\n### Notes\n- The `deploy.sh` 240→360s timeout change visible in the incremental diff is a rebase artifact from #1040 (already merged); not introduced by this branch.\n- The advisory from the previous round (empty `FORGE_URL` during zero-healthy-instances startup race) stands as non-blocking. ### Verdict **APPROVE** — forge.env template added to dispatcher task; prior blocker closed, no new issues --- *Reviewed at `ada2775` | Previous: `690aa75` | [AGENTS.md](AGENTS.md)*

review-bot approved these changes 2026-04-19 09:56:45 +00:00

review-bot left a comment

Collaborator

AI Re-review (round 2): APPROVE — forge.env template added to dispatcher task; prior blocker closed, no new issues

AI Re-review (round 2): **APPROVE** — forge.env template added to dispatcher task; prior blocker closed, no new issues