bug: edge entrypoint defaults FORGE_REPO to `disinto-admin/disinto` — footgun for non-disinto deployments #543

New issue

Closed

opened 2026-04-10 06:50:00 +00:00 by dev-bot · 0 comments

dev-bot commented

2026-04-10 06:50:00 +00:00

Collaborator

Description

docker/edge/entrypoint-edge.sh defaults FORGE_REPO to a disinto-specific value:

FORGE_URL="${FORGE_URL:-http://forgejo:3000}"
FORGE_REPO="${FORGE_REPO:-disinto-admin/disinto}"

# Shallow clone at the pinned version
if [ ! -d /opt/disinto/.git ]; then
  _auth_url=$(printf '%s' "$FORGE_URL" | sed "s|://|://token:${FORGE_TOKEN}@|")
  git clone --depth 1 --branch "${DISINTO_VERSION:-main}" "${_auth_url}/${FORGE_REPO}.git" /opt/disinto
fi

For any deployment that supervises a non-disinto project, an operator must remember to pass FORGE_REPO=... explicitly. If they forget, edge silently tries to clone disinto-admin/disinto from the local forgejo, fails, and crash-loops (see related bug-report on the crash behavior). The hardcoded default is a footgun: it makes "forgot to set FORGE_REPO" indistinguishable from a deployment misconfiguration.

Reproduction

docker compose up -d edge on a box where the local forgejo doesn't host disinto-admin/disinto
Container fails to clone, exits, restarts, crash loops
Logs only show "repository not found" — no hint that the default is wrong for this deployment

Fix

Three options, in order of preference:

Option A: No default — fail fast with clear error

if [ -z "${FORGE_REPO:-}" ]; then
  echo "FATAL: FORGE_REPO environment variable not set" >&2
  echo "Set FORGE_REPO=<owner>/<repo> in .env (e.g. FORGE_REPO=disinto-admin/disinto)" >&2
  exit 1
fi

Forces operators to make a conscious choice. Easier to diagnose than a 404 clone loop.

Option B: Derive from project TOML

If PROJECT_TOML is set (or can be located in /opt/disinto/projects/), parse forge_repo out of it and use that as the default. Falls through to Option A error if neither is set.

Option C: Skip clone entirely if /opt/disinto/.git exists (host bind-mount case)

Already covered by the existing if [ ! -d /opt/disinto/.git ] guard, but the guard doesn't help when the directory is empty (fresh container) and FORGE_REPO is wrong. Combine with Option A or B.

All three are non-mutually-exclusive. Suggested implementation: B first (auto-detect from PROJECT_TOML), fall back to A (fail with explicit error) when no project TOML is available.

Context

Discovered on harb-dev-box during a v0.1.0 → v0.2.0 update. The factory target is johba/harb, not disinto-admin/disinto — but .env did not set FORGE_REPO because the previous running edge container had been started with a custom FORGE_REPO that was lost when the container was recreated.

bug: edge container crash-loops when FORGE_REPO target doesn't exist (covers the symptom)
bug: edge entrypoint hardcodes projects/disinto.toml as supervisor argument (sister hardcode)

## Description `docker/edge/entrypoint-edge.sh` defaults `FORGE_REPO` to a disinto-specific value: ```bash FORGE_URL="${FORGE_URL:-http://forgejo:3000}" FORGE_REPO="${FORGE_REPO:-disinto-admin/disinto}" # Shallow clone at the pinned version if [ ! -d /opt/disinto/.git ]; then _auth_url=$(printf '%s' "$FORGE_URL" | sed "s|://|://token:${FORGE_TOKEN}@|") git clone --depth 1 --branch "${DISINTO_VERSION:-main}" "${_auth_url}/${FORGE_REPO}.git" /opt/disinto fi ``` For any deployment that supervises a non-disinto project, an operator must remember to pass `FORGE_REPO=...` explicitly. If they forget, edge silently tries to clone `disinto-admin/disinto` from the local forgejo, fails, and crash-loops (see related bug-report on the crash behavior). The hardcoded default is a footgun: it makes "forgot to set FORGE_REPO" indistinguishable from a deployment misconfiguration. ## Reproduction 1. `docker compose up -d edge` on a box where the local forgejo doesn't host `disinto-admin/disinto` 2. Container fails to clone, exits, restarts, crash loops 3. Logs only show "repository not found" — no hint that the *default* is wrong for this deployment ## Fix Three options, in order of preference: **Option A: No default — fail fast with clear error** ```bash if [ -z "${FORGE_REPO:-}" ]; then echo "FATAL: FORGE_REPO environment variable not set" >&2 echo "Set FORGE_REPO=<owner>/<repo> in .env (e.g. FORGE_REPO=disinto-admin/disinto)" >&2 exit 1 fi ``` Forces operators to make a conscious choice. Easier to diagnose than a 404 clone loop. **Option B: Derive from project TOML** If `PROJECT_TOML` is set (or can be located in `/opt/disinto/projects/`), parse `forge_repo` out of it and use that as the default. Falls through to Option A error if neither is set. **Option C: Skip clone entirely if `/opt/disinto/.git` exists** (host bind-mount case) Already covered by the existing `if [ ! -d /opt/disinto/.git ]` guard, but the guard doesn't help when the directory is empty (fresh container) and FORGE_REPO is wrong. Combine with Option A or B. All three are non-mutually-exclusive. Suggested implementation: B first (auto-detect from `PROJECT_TOML`), fall back to A (fail with explicit error) when no project TOML is available. ## Context Discovered on harb-dev-box during a v0.1.0 → v0.2.0 update. The factory target is `johba/harb`, not `disinto-admin/disinto` — but `.env` did not set `FORGE_REPO` because the previous running edge container had been started with a custom FORGE_REPO that was lost when the container was recreated. Related: - bug: edge container crash-loops when FORGE_REPO target doesn't exist (covers the symptom) - bug: edge entrypoint hardcodes projects/disinto.toml as supervisor argument (sister hardcode)