d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

fix(ci): act_runner empty network for services; docs; bump the-order/dbis_core
Some checks failed
Deploy to Phoenix / validate (push) Failing after 4s
Details
Deploy to Phoenix / deploy (push) Has been skipped
Details
Deploy to Phoenix / deploy-atomic-swap-dapp (push) Has been skipped
Details
Deploy to Phoenix / cloudflare (push) Has been skipped
Details

Browse Source 
- Keep container.network empty so workflow services share per-job Docker network.
- Document Postgres hostname and P1001 troubleshooting.
- Bump the-order and dbis_core submodule pointers (DATABASE_URL uses postgres host).

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
defiQUG
2026-05-11 21:05:41 -07:00
parent db06f6aa0f
commit f7e56f0a92
8 changed files with 30 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
config/gitea-act-runner/README.md
View File

@@ -6,3 +6,7 @@
| `config-5701-standard.yaml` | 5701 (`gitea-runner-1`) | `ubuntu-latest` / `ubuntu-22.04` / `ubuntu-20.04` — default pool |
Deploy with `bash scripts/dev-vm/apply-act-runner-config.sh` from the repo root (LAN). Full procedure: `docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md`.
**Networking:** keep **`container.network` empty** (`""` in YAML). That lets act_runner attach workflow **`services:`** to the same per-job Docker network as the job container. **`network: bridge`** breaks **`postgres`** (and similar) hostnames → Prisma **P1001**.
**CI env:** in workflows with **`services: postgres:`**, set **`DATABASE_URL`** to **`...@postgres:5432/...`** (service id as host), not **`localhost`**.

5
config/gitea-act-runner/config-5700-heavy.yaml
View File

@@ -25,7 +25,10 @@ cache:
external_server: ""
container:
network: bridge
# Empty: per-job user-defined network (GitHub Actions-compatible). Required so
# workflow `services:` (postgres, redis, …) share DNS with the job container.
# `network: bridge` = docker0 only → Prisma P1001 / "Can't reach postgres:5432".
network: ""
privileged: false
options: "--cpus=4 --memory=10g --pids-limit=8192"
workdir_parent: /var/lib/act_runner/workdir

3
config/gitea-act-runner/config-5701-standard.yaml
View File

@@ -26,7 +26,8 @@ cache:
external_server: ""
container:
network: bridge
# Same as config-5700-heavy.yaml — keep empty for `services:` support.
network: ""
privileged: false
options: "--cpus=2 --memory=4g --pids-limit=512"
workdir_parent: /var/lib/act_runner/workdir

11
config/gitea-workflow-templates/README.md
View File

@@ -11,3 +11,14 @@ Copy one of these into **your repo** as `.gitea/workflows/<workflow-name>.yml`,
See [docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](../../docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md) for repo ↔ VM mapping.
**Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../../docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md).
## Postgres / Prisma in Actions (self-hosted `act_runner`)
When a workflow declares **`services: postgres:`** (GitHub Actions style):
1. **`DATABASE_URL`** (and Prisma) should use host **`postgres`** (the service id), **not** **`127.0.0.1`** / **`localhost`** — the job runs in Docker on the runner.
2. Runners managed from this repo must keep **`container.network`** **empty** in **`config/gitea-act-runner/config-*.yaml`** so act_runner creates a **per-job** network. See **`docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md`** troubleshooting (**P1001**).
Examples in this monorepo: **`the-order/.github/workflows/ci.yml`**, **`dbis_core/.github/workflows/ci.yml`**. Copy the same pattern into other Gitea repos (e.g. treasury / DealFlow) that run migrations in CI.
**If you install Postgres inside the job container** (e.g. `apt-get install postgresql` + `127.0.0.1`), avoid PostgreSQLs anonymous dollar-quote **`DO $$ ... $$`** inside **bash double-quoted** `run:` lines — **`$$`** is the shell PID. Prefer a **`pg_roles` existence check** + plain **`CREATE ROLE`**, or use a **`$tag$ ... $tag$`** block inside a **single-quoted** heredoc so bash never expands dollars.

2
dbis_core

Submodule dbis_core updated: 97a1cb1b96...8da6bd8b2a

7
docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md
View File

@@ -33,7 +33,7 @@ Deploy to both CTs and restart daemons (LAN, repo root):
bash scripts/dev-vm/apply-act-runner-config.sh
```
Job containers use **bridge** networking and **`privileged: false`** on both runners; resource caps differ by design (**5700**: 4 CPU / 10 GiB RAM; **5701**: 2 CPU / 4 GiB RAM).
Job containers use **`privileged: false`**. **`container.network`** must be **empty** (per-job Docker network) so workflow **`services:`** (Postgres, etc.) resolve; **`network: bridge`** isolates the job from service containers (Prisma **P1001**). Resource caps: **5700** 4 CPU / 10 GiB RAM; **5701** 2 CPU / 4 GiB RAM (`container.options`).
---
@@ -101,7 +101,9 @@ Canonical validation/deploy workflows use **`runs-on: ubuntu-latest-heavy`** so
## Cache
Both runners keep **built-in Actions cache** enabled. Optional next step: point **`cache.external_server`** at a shared cache URL in both YAML files so npm/docker layers dedupe across runners (requires a reachable cache service).
Both runners keep **built-in Actions cache** enabled. If job logs show **`connect ETIMEDOUT`** to the cache port, set **`cache.host`** to the runners **LAN IP** (reachable from job containers) and **`cache.port`** to a fixed port; publish that port on the host if the runner is itself containerized (see [Gitea act_runner cache](https://docs.gitea.com/usage/actions/act-runner#configuring-cache-when-starting-a-runner-using-the-docker-image)).
Optional: point **`cache.external_server`** at a shared cache URL in both YAML files so npm layers dedupe across runners (requires a reachable cache service).
---
@@ -124,6 +126,7 @@ bash scripts/dev-vm/act-runner-resource-snapshot.sh
| Old **offline** duplicate runners after re-register | Delete via Admin API or: **`bash scripts/dev-vm/delete-offline-gitea-actions-runners.sh --dry-run`** then **`--apply`** (needs **`GITEA_TOKEN`**). Not removable by SSH alone — Gitea stores runner rows in its DB. |
| Runner exits / register errors | **`curl`** from the CT to **`GITEA_RUNNER_INSTANCE`**. Re-register with a fresh admin token after **`RUNNER_FORCE_REREGISTER=1`**. |
| Docker steps fail | Docker installed on the CT; **`act_runner`** runs as **root** in the default unit. |
| Prisma **P1001** / “Can't reach … **`postgres:5432`**” with **`services: postgres`** | Repo **`DATABASE_URL`** must use host **`postgres`** (not **`localhost`**). On runners, **`container.network`** in **`/etc/act_runner/config.yaml`** must be **empty** (`""`), not **`bridge`**. Apply: **`bash scripts/dev-vm/apply-act-runner-config.sh`**. |
---

2
docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md
View File

@@ -4,6 +4,8 @@ Each **application repo** should carry **its own** `.gitea/workflows/*.yml` so p
**Canonical integration:** [Phoenix deploy API](../../phoenix-deploy-api/server.js) + [`deploy-targets.json`](../../phoenix-deploy-api/deploy-targets.json).
**Postgres / Prisma in Actions (self-hosted runners):** use **`...@postgres:5432`** (service hostname) and keep **`container.network`** empty on **`act_runner`** — [GITEA_ACT_RUNNER_SETUP.md](GITEA_ACT_RUNNER_SETUP.md) (troubleshooting **P1001**).
**Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../00-meta/GITEA_CD_OPERATOR_CHECKLIST.md)
**Parity report (local clone):** `bash scripts/verify/report-gitea-cd-parity.sh`

2
the-order

Submodule the-order updated: 8990270e70...c7f98be0cb