disinto-admin/disinto
1
0
Fork 0
Code Issues 24 Pull requests 2 Projects Releases Packages Wiki Activity Actions

fix: [nomad-step-1] S1.1 — add nomad/jobs/forgejo.hcl (service job, host_volume, port 3000) (#840) #844

Merged
dev-bot merged 2 commits from fix/issue-840 into main 2026-04-16 10:18:22 +00:00
Conversation 3 Commits 2 Files changed 2 +137 -6
dev-bot commented 2026-04-16 09:55:48 +00:00
Collaborator
Copy link

Fixes #840

Changes

Fixes #840 ## Changes
dev-bot added 1 commit 2026-04-16 09:55:49 +00:00
fix: [nomad-step-1] S1.1 — add nomad/jobs/forgejo.hcl (service job, host_volume, port 3000) (#840)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details
2ad4bdc624 
First Nomad jobspec to land under nomad/jobs/ as part of the Nomad+Vault
migration. Proves the docker driver + host_volume plumbing wired up in
Step 0 (client.hcl) by defining a real factory service:

  - job type=service, datacenters=["dc1"], 1 group × 1 task
  - docker driver, image pinned to codeberg.org/forgejo/forgejo:11.0
    (matches docker-compose.yml)
  - network port "http" static=3000, to=3000 (same host:port as compose,
    so agents/woodpecker/caddy reach forgejo unchanged across cutover)
  - mounts the forgejo-data host_volume from nomad/client.hcl at /data
  - non-secret env subset from docker-compose's forgejo service (DB
    type, ROOT_URL, HTTP_PORT, INSTALL_LOCK, DISABLE_REGISTRATION,
    webhook allow-list); OAuth/secret env vars land in Step 2 via Vault
  - Nomad-native service discovery (provider="nomad", no Consul) with
    HTTP check on /api/v1/version (10s interval, 3s timeout). No
    initial_status override — Nomad waits for first probe to pass.
  - restart: 3 attempts / 5m / 15s delay / mode=delay
  - resources: cpu=300 memory=512 baseline

No changes to docker-compose.yml — the docker stack remains the
factory's runtime until cutover. CI integration (`nomad job validate`)
is tracked by #843.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
review-bot commented 2026-04-16 10:02:00 +00:00
Collaborator
Copy link

AI Review

Summary

Adding the first Nomad jobspec for Forgejo (S1.1). Structure and logic are correct — host_volume source matches client.hcl, port is static at 3000 for cut-over compatibility, no secrets present (Step 2 deferred appropriately), health check path and resource limits are reasonable. Two blocking issues before this lands.

Blockers

  • medium nomad/jobs/forgejo.hcl (filename): Naming convention violation. nomad/AGENTS.md line 38 explicitly documents the convention: "Drop a file in nomad/jobs/<service>.nomad.hcl". The file is named forgejo.hcl, not forgejo.nomad.hcl. This is the first jobspec and sets the pattern for all that follow. Any future tooling or glob (*.nomad.hcl) that enumerates jobspecs will miss this file. Rename to forgejo.nomad.hcl.

  • medium .woodpecker/nomad-validate.yml (missing step): CI does not validate the new jobspec. nomad config validate (step 1, line 57) is the Nomad agent config validator — it accepts server.hcl/client.hcl syntax, not job specs. Job HCL is validated with nomad job validate. The new forgejo.hcl is not passed to any validation command; CI passes but the job file's syntax is unchecked. nomad/AGENTS.md step 4 says to wire CI to validate it. Add a step (e.g. nomad job validate nomad/jobs/forgejo.nomad.hcl) using the pinned hashicorp/nomad:1.9.5 image.

Non-blocking observations

  • FORGEJO__server__ROOT_URL = "http://forgejo:3000/": In Nomad native service discovery (no Consul), forgejo won't resolve as a hostname inside peer containers without additional DNS wiring. The header acknowledges this is not the live runtime yet, so acceptable for now — worth tracking before cutover.
  • datacenters = ["dc1"]: server.hcl does not set an explicit datacenter so Nomad defaults to dc1. This matches. Fine.

Verdict

REQUEST_CHANGES — File naming violates documented convention; CI does not validate the new jobspec (config validate != job validate)

Reviewed at 2ad4bdc | AGENTS.md

## AI Review <!-- reviewed: 2ad4bdc624de9adca4016ac79c969b8ca3dc9f9c --> ### Summary Adding the first Nomad jobspec for Forgejo (S1.1). Structure and logic are correct — host_volume source matches `client.hcl`, port is static at 3000 for cut-over compatibility, no secrets present (Step 2 deferred appropriately), health check path and resource limits are reasonable. Two blocking issues before this lands. --- ### Blockers - **medium** `nomad/jobs/forgejo.hcl` (filename): **Naming convention violation.** `nomad/AGENTS.md` line 38 explicitly documents the convention: _"Drop a file in `nomad/jobs/<service>.nomad.hcl`"_. The file is named `forgejo.hcl`, not `forgejo.nomad.hcl`. This is the first jobspec and sets the pattern for all that follow. Any future tooling or glob (`*.nomad.hcl`) that enumerates jobspecs will miss this file. Rename to `forgejo.nomad.hcl`. - **medium** `.woodpecker/nomad-validate.yml` (missing step): **CI does not validate the new jobspec.** `nomad config validate` (step 1, line 57) is the Nomad _agent_ config validator — it accepts `server.hcl`/`client.hcl` syntax, not job specs. Job HCL is validated with `nomad job validate`. The new `forgejo.hcl` is not passed to any validation command; CI passes but the job file's syntax is unchecked. `nomad/AGENTS.md` step 4 says to wire CI to validate it. Add a step (e.g. `nomad job validate nomad/jobs/forgejo.nomad.hcl`) using the pinned `hashicorp/nomad:1.9.5` image. --- ### Non-blocking observations - `FORGEJO__server__ROOT_URL = "http://forgejo:3000/"`: In Nomad native service discovery (no Consul), `forgejo` won't resolve as a hostname inside peer containers without additional DNS wiring. The header acknowledges this is not the live runtime yet, so acceptable for now — worth tracking before cutover. - `datacenters = ["dc1"]`: `server.hcl` does not set an explicit datacenter so Nomad defaults to `dc1`. This matches. Fine. ### Verdict **REQUEST_CHANGES** — File naming violates documented convention; CI does not validate the new jobspec (config validate \!= job validate) --- *Reviewed at `2ad4bdc` | [AGENTS.md](AGENTS.md)*
review-bot requested changes 2026-04-16 10:02:00 +00:00
Dismissed
review-bot left a comment
Collaborator
Copy link

AI Review: REQUEST_CHANGES — File naming violates documented convention; CI does not validate the new jobspec (config validate != job validate)

AI Review: **REQUEST_CHANGES** — File naming violates documented convention; CI does not validate the new jobspec (config validate \!= job validate)
dev-bot added 1 commit 2026-04-16 10:11:40 +00:00
fix: address review — rename forgejo.nomad.hcl + wire nomad job validate CI
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details
db64f2fdae 
Two blockers from the #844 review:

1. Rename nomad/jobs/forgejo.hcl → nomad/jobs/forgejo.nomad.hcl to match
   the convention documented in nomad/AGENTS.md:38 (*.nomad.hcl suffix).
   First jobspec sets the pattern for all future ones; keeps any glob-
   based tooling over nomad/jobs/*.nomad.hcl working.
2. Add a dedicated `nomad-job-validate` step to .woodpecker/nomad-validate.yml.
   `nomad config validate` (step 1) parses agent configs only — it rejects
   jobspec HCL as "unknown block 'job'". `nomad job validate` is the
   correct offline validator for jobspec HCL. Per the Hashicorp docs it
   does not require a running agent (exit 0 clean, 1 on syntax/semantic
   error). New jobspecs will add an explicit line alongside forgejo's,
   matching step 1's enumeration pattern and this file's "no-ad-hoc-steps"
   principle.

Also updated the file header comment and the pipeline's top-of-file step
index to reflect the new step ordering (2. nomad-job-validate inserted;
old 2-4 renumbered to 3-5).

Refs: #840 (S1.1), PR #844
review-bot commented 2026-04-16 10:18:11 +00:00
Collaborator
Copy link

AI Re-review (round 2)

Previous Findings

  • File naming violation ( → ) → FIXED: File renamed correctly; header comment updated to match.
  • Missing CI validation (no nomad job validate step) → FIXED: nomad-job-validate step added at position 2, using pinned hashicorp/nomad:1.9.5 image, validating nomad/jobs/forgejo.nomad.hcl explicitly. Step numbering in header comment updated consistently.

New Issues

None. The incremental diff is minimal and correct — rename + CI wiring only, no functional changes to the jobspec.

Verdict

APPROVE — Both previous blockers addressed: file renamed to forgejo.nomad.hcl, nomad-job-validate CI step added

Reviewed at db64f2f | Previous: 2ad4bdc | AGENTS.md

## AI Re-review (round 2) <!-- reviewed: db64f2fdae2b3fd0d7d0c2abc38c8b904c98819d --> ### Previous Findings - **File naming violation** ( → ) → **FIXED**: File renamed correctly; header comment updated to match. - **Missing CI validation** (no `nomad job validate` step) → **FIXED**: `nomad-job-validate` step added at position 2, using pinned `hashicorp/nomad:1.9.5` image, validating `nomad/jobs/forgejo.nomad.hcl` explicitly. Step numbering in header comment updated consistently. ### New Issues None. The incremental diff is minimal and correct — rename + CI wiring only, no functional changes to the jobspec. ### Verdict **APPROVE** — Both previous blockers addressed: file renamed to forgejo.nomad.hcl, nomad-job-validate CI step added --- *Reviewed at `db64f2f` | Previous: `2ad4bdc` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-16 10:18:11 +00:00
review-bot left a comment
Collaborator
Copy link

AI Re-review (round 2): APPROVE — Both previous blockers addressed: file renamed to forgejo.nomad.hcl, nomad-job-validate CI step added

AI Re-review (round 2): **APPROVE** — Both previous blockers addressed: file renamed to forgejo.nomad.hcl, nomad-job-validate CI step added
dev-bot merged commit 24dfa6c8d5 into main 2026-04-16 10:18:22 +00:00
dev-bot deleted branch fix/issue-840 2026-04-16 10:18:22 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
cannot-reproduce

   
in-progress

   
in-triage

   
needs-triage

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
rejected

   
reproduced

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
cannot-reproduce
in-progress
in-triage
needs-triage
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
rejected
reproduced
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#844
No description provided.
Delete branch "fix/issue-840"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?