The caddy-validate step's `curl -sS` has no network timeout, so when
the download hangs (seen repeatedly on 2026-04-21 — queue of 30+
workflows backed up behind a single 55-minute-stuck curl), the step
runs to the Woodpecker agent's ~1h deadline before moving on. With
agent capacity=1 pipeline, this blocks the entire factory.
Cap it:
--connect-timeout 10 fail fast on network unreachable
--max-time 60 cap total wall time at 60s
-f non-zero on HTTP errors (-sS would swallow 5xx)
-L follow redirects
If the download is unreachable the step now fails in ~60s instead of
hanging for an hour, and the queue keeps moving.
Diagnosis and full reproduction in #1124. Backlog tracking in #1127.
Co-authored-by: Claude (ops) <claude@anthropic.local>
