diff --git a/config/gitea-act-runner/README.md b/config/gitea-act-runner/README.md index 7794f11c..42309ae1 100644 --- a/config/gitea-act-runner/README.md +++ b/config/gitea-act-runner/README.md @@ -6,3 +6,7 @@ | `config-5701-standard.yaml` | 5701 (`gitea-runner-1`) | `ubuntu-latest` / `ubuntu-22.04` / `ubuntu-20.04` — default pool | Deploy with `bash scripts/dev-vm/apply-act-runner-config.sh` from the repo root (LAN). Full procedure: `docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md`. + +**Networking:** keep **`container.network` empty** (`""` in YAML). That lets act_runner attach workflow **`services:`** to the same per-job Docker network as the job container. **`network: bridge`** breaks **`postgres`** (and similar) hostnames → Prisma **P1001**. + +**CI env:** in workflows with **`services: postgres:`**, set **`DATABASE_URL`** to **`...@postgres:5432/...`** (service id as host), not **`localhost`**. diff --git a/config/gitea-act-runner/config-5700-heavy.yaml b/config/gitea-act-runner/config-5700-heavy.yaml index 1ba59101..f9100922 100644 --- a/config/gitea-act-runner/config-5700-heavy.yaml +++ b/config/gitea-act-runner/config-5700-heavy.yaml @@ -25,7 +25,10 @@ cache: external_server: "" container: - network: bridge + # Empty: per-job user-defined network (GitHub Actions-compatible). Required so + # workflow `services:` (postgres, redis, …) share DNS with the job container. + # `network: bridge` = docker0 only → Prisma P1001 / "Can't reach postgres:5432". + network: "" privileged: false options: "--cpus=4 --memory=10g --pids-limit=8192" workdir_parent: /var/lib/act_runner/workdir diff --git a/config/gitea-act-runner/config-5701-standard.yaml b/config/gitea-act-runner/config-5701-standard.yaml index de42b8d8..127e975e 100644 --- a/config/gitea-act-runner/config-5701-standard.yaml +++ b/config/gitea-act-runner/config-5701-standard.yaml @@ -26,7 +26,8 @@ cache: external_server: "" container: - network: bridge + # Same as config-5700-heavy.yaml — keep empty for `services:` support. + network: "" privileged: false options: "--cpus=2 --memory=4g --pids-limit=512" workdir_parent: /var/lib/act_runner/workdir diff --git a/config/gitea-workflow-templates/README.md b/config/gitea-workflow-templates/README.md index 9c993825..319c8a77 100644 --- a/config/gitea-workflow-templates/README.md +++ b/config/gitea-workflow-templates/README.md @@ -11,3 +11,14 @@ Copy one of these into **your repo** as `.gitea/workflows/.yml`, See [docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](../../docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md) for repo ↔ VM mapping. **Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../../docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md). + +## Postgres / Prisma in Actions (self-hosted `act_runner`) + +When a workflow declares **`services: postgres:`** (GitHub Actions style): + +1. **`DATABASE_URL`** (and Prisma) should use host **`postgres`** (the service id), **not** **`127.0.0.1`** / **`localhost`** — the job runs in Docker on the runner. +2. Runners managed from this repo must keep **`container.network`** **empty** in **`config/gitea-act-runner/config-*.yaml`** so act_runner creates a **per-job** network. See **`docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md`** troubleshooting (**P1001**). + +Examples in this monorepo: **`the-order/.github/workflows/ci.yml`**, **`dbis_core/.github/workflows/ci.yml`**. Copy the same pattern into other Gitea repos (e.g. treasury / DealFlow) that run migrations in CI. + +**If you install Postgres inside the job container** (e.g. `apt-get install postgresql` + `127.0.0.1`), avoid PostgreSQL’s anonymous dollar-quote **`DO $$ ... $$`** inside **bash double-quoted** `run:` lines — **`$$`** is the shell PID. Prefer a **`pg_roles` existence check** + plain **`CREATE ROLE`**, or use a **`$tag$ ... $tag$`** block inside a **single-quoted** heredoc so bash never expands dollars. diff --git a/dbis_core b/dbis_core index 97a1cb1b..8da6bd8b 160000 --- a/dbis_core +++ b/dbis_core @@ -1 +1 @@ -Subproject commit 97a1cb1b96fb16eb5c2df4b36786d206f9584f1e +Subproject commit 8da6bd8b2abbd18303a10b5a01171f245601365d diff --git a/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md b/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md index ca76d1ef..12b6818e 100644 --- a/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md +++ b/docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md @@ -33,7 +33,7 @@ Deploy to both CTs and restart daemons (LAN, repo root): bash scripts/dev-vm/apply-act-runner-config.sh ``` -Job containers use **bridge** networking and **`privileged: false`** on both runners; resource caps differ by design (**5700**: 4 CPU / 10 GiB RAM; **5701**: 2 CPU / 4 GiB RAM). +Job containers use **`privileged: false`**. **`container.network`** must be **empty** (per-job Docker network) so workflow **`services:`** (Postgres, etc.) resolve; **`network: bridge`** isolates the job from service containers (Prisma **P1001**). Resource caps: **5700** 4 CPU / 10 GiB RAM; **5701** 2 CPU / 4 GiB RAM (`container.options`). --- @@ -101,7 +101,9 @@ Canonical validation/deploy workflows use **`runs-on: ubuntu-latest-heavy`** so ## Cache -Both runners keep **built-in Actions cache** enabled. Optional next step: point **`cache.external_server`** at a shared cache URL in both YAML files so npm/docker layers dedupe across runners (requires a reachable cache service). +Both runners keep **built-in Actions cache** enabled. If job logs show **`connect ETIMEDOUT`** to the cache port, set **`cache.host`** to the runner’s **LAN IP** (reachable from job containers) and **`cache.port`** to a fixed port; publish that port on the host if the runner is itself containerized (see [Gitea act_runner cache](https://docs.gitea.com/usage/actions/act-runner#configuring-cache-when-starting-a-runner-using-the-docker-image)). + +Optional: point **`cache.external_server`** at a shared cache URL in both YAML files so npm layers dedupe across runners (requires a reachable cache service). --- @@ -124,6 +126,7 @@ bash scripts/dev-vm/act-runner-resource-snapshot.sh | Old **offline** duplicate runners after re-register | Delete via Admin API or: **`bash scripts/dev-vm/delete-offline-gitea-actions-runners.sh --dry-run`** then **`--apply`** (needs **`GITEA_TOKEN`**). Not removable by SSH alone — Gitea stores runner rows in its DB. | | Runner exits / register errors | **`curl`** from the CT to **`GITEA_RUNNER_INSTANCE`**. Re-register with a fresh admin token after **`RUNNER_FORCE_REREGISTER=1`**. | | Docker steps fail | Docker installed on the CT; **`act_runner`** runs as **root** in the default unit. | +| Prisma **P1001** / “Can't reach … **`postgres:5432`**” with **`services: postgres`** | Repo **`DATABASE_URL`** must use host **`postgres`** (not **`localhost`**). On runners, **`container.network`** in **`/etc/act_runner/config.yaml`** must be **empty** (`""`), not **`bridge`**. Apply: **`bash scripts/dev-vm/apply-act-runner-config.sh`**. | --- diff --git a/docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md b/docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md index e5a8ecb1..0b78f04a 100644 --- a/docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md +++ b/docs/04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md @@ -4,6 +4,8 @@ Each **application repo** should carry **its own** `.gitea/workflows/*.yml` so p **Canonical integration:** [Phoenix deploy API](../../phoenix-deploy-api/server.js) + [`deploy-targets.json`](../../phoenix-deploy-api/deploy-targets.json). +**Postgres / Prisma in Actions (self-hosted runners):** use **`...@postgres:5432`** (service hostname) and keep **`container.network`** empty on **`act_runner`** — [GITEA_ACT_RUNNER_SETUP.md](GITEA_ACT_RUNNER_SETUP.md) (troubleshooting **P1001**). + **Operator checklist:** [docs/00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](../00-meta/GITEA_CD_OPERATOR_CHECKLIST.md) **Parity report (local clone):** `bash scripts/verify/report-gitea-cd-parity.sh` diff --git a/the-order b/the-order index 8990270e..c7f98be0 160000 --- a/the-order +++ b/the-order @@ -1 +1 @@ -Subproject commit 8990270e70133f048eaf2548f10475b40828697d +Subproject commit c7f98be0cbb12fe3483a0fb9578863177fb11ec1