developer/galaxy-game
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Cleanup after host-mode runner: drop TLS-skip env and GeoIP image bake #4

Merged
developer merged 3 commits from feature/cleanup-tls-and-geoip into development 2026-05-14 04:31:28 +00:00
Conversation 0 Commits 3 Files Changed 7
+9 -50
7 changed files with 9 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/dev-deploy.yaml
-6
View File
@@ -24,12 +24,6 @@ on:
- '.gitea/workflows/dev-deploy.yaml' - '.gitea/workflows/dev-deploy.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
deploy: deploy:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/go-unit.yaml
-9
View File
@@ -30,15 +30,6 @@ on:
- '.gitea/workflows/go-unit.yaml' - '.gitea/workflows/go-unit.yaml'
- '!**/*.md' - '!**/*.md'
env:
# The Gitea host serves https://gitea.iliadenisov.ru with a cert
# signed by host-Caddy's internal CA. The runner-image's CA bundle
# does not include that root, so actions/checkout fails on `git
# fetch`. Disabling SSL verify is acceptable for this LAN-only
# infrastructure; the long-term fix is to mount the Caddy root CA
# into the runner image.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/integration.yaml
-6
View File
@@ -37,12 +37,6 @@ on:
- '.gitea/workflows/integration.yaml' - '.gitea/workflows/integration.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
integration: integration:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/prod-build.yaml
-6
View File
@@ -21,12 +21,6 @@ on:
- '.gitea/workflows/prod-build.yaml' - '.gitea/workflows/prod-build.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
.gitea/workflows/ui-test.yaml
+8 -7
View File
@@ -16,12 +16,6 @@ on:
- '.gitea/workflows/ui-test.yaml' - '.gitea/workflows/ui-test.yaml'
- '!**/*.md' - '!**/*.md'
env:
# See go-unit.yaml for the rationale; this disables TLS verify for
# actions/checkout against the LAN Gitea host signed by host-Caddy's
# internal CA.
GIT_SSL_NO_VERIFY: "true"
jobs: jobs:
test: test:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -51,8 +45,15 @@ jobs:
run: pnpm install --frozen-lockfile run: pnpm install --frozen-lockfile
- name: Install Playwright browsers - name: Install Playwright browsers
# `--with-deps` would shell out to `sudo apt-get install` for
# the system .so libraries, which the host-mode runner cannot
# run non-interactively. The host has the deps installed once,
# globally; we only need to fetch the browser binaries here.
# If a future run fails with missing libraries, install them
# on the host via `pnpm exec playwright install-deps` (one
# shot, requires sudo).
working-directory: ui/frontend working-directory: ui/frontend
run: pnpm exec playwright install --with-deps run: pnpm exec playwright install
- name: Run Vitest - name: Run Vitest
working-directory: ui/frontend working-directory: ui/frontend
tools/dev-deploy/docker-compose.yml
+1 -5
View File
@@ -125,11 +125,7 @@ services:
target: ${GALAXY_DEV_GAME_STATE_DIR} target: ${GALAXY_DEV_GAME_STATE_DIR}
bind: bind:
create_host_path: true create_host_path: true
# The GeoIP database is baked into the backend image (see - ../../pkg/geoip/test-data/test-data/GeoIP2-Country-Test.mmdb:/var/lib/galaxy/geoip.mmdb:ro
# tools/local-dev/backend.Dockerfile); a bind-mount is not used
# here because the source path resolves inside the runner
# workspace volume and the host Docker daemon cannot see it,
# which produced an "is a directory" error in CI.
networks: networks:
- galaxy-internal - galaxy-internal
healthcheck: healthcheck:
tools/local-dev/backend.Dockerfile
-11
View File
@@ -24,16 +24,6 @@ COPY pkg/transcoder/ ./pkg/transcoder/
COPY pkg/util/ ./pkg/util/ COPY pkg/util/ ./pkg/util/
COPY backend/ ./backend/ COPY backend/ ./backend/
# Bake the GeoIP test database into the build context so downstream
# stages can copy it into the runtime image. The path is the
# `MaxMind-DB` git submodule under `pkg/geoip/test-data/`; the file is
# the smallest country DB MaxMind publishes and is what every other
# dev-stack uses. Baking it lets dev-deploy skip the bind-mount that
# fails on runner-workspace volumes the host Docker daemon cannot see.
RUN mkdir -p /out/var/lib/galaxy
COPY pkg/geoip/test-data/test-data/GeoIP2-Country-Test.mmdb \
/out/var/lib/galaxy/geoip.mmdb
RUN <<'EOF' cat > go.work RUN <<'EOF' cat > go.work
go 1.26.2 go 1.26.2
@@ -77,6 +67,5 @@ EXPOSE 8080
EXPOSE 8081 EXPOSE 8081
COPY --from=builder /out/backend /usr/local/bin/backend COPY --from=builder /out/backend /usr/local/bin/backend
COPY --from=builder /out/var/lib/galaxy/geoip.mmdb /var/lib/galaxy/geoip.mmdb
ENTRYPOINT ["/usr/local/bin/backend"] ENTRYPOINT ["/usr/local/bin/backend"]