fix: container CI pipeline — DinD checkout, SSH, and Dockerfile fixes #26

Closed

mik-tf wants to merge 6 commits from development_fix_container_ci into development

pull from: development_fix_container_ci

merge into: lhumina_code:development

lhumina_code:development

lhumina_code:development_base_image

lhumina_code:development_timur

lhumina_code:development_kristof

lhumina_code:main

Conversation 1 Commits 6 Files changed 2 +32 -59

mik-tf commented 2026-02-26 05:17:28 +00:00

Owner

Copy link

Summary

Fix the container build CI pipeline (build-container.yaml) to work e2e in Forgejo Actions with Docker-in-Docker.

Changes

build-container.yaml:

• Replace actions/checkout@v4 with manual git clone (alpine musl/glibc incompatibility)
• Add nodejs to apk add (Docker actions are JS-based and need Node)
• Pass SSH_PRIVATE_KEY via env: block to preserve multiline key
• Use ~/.ssh/config with StrictHostKeyChecking accept-new instead of ssh-keyscan

Dockerfile:

• Clone zinit for zinit_sdk path dependency before cargo build
• Fix binary name (hero_services_server, not hero_zero)
• Remove aspirational hero_zero install-service loop (binary doesn't exist yet)
• Simplify to build and package the actual workspace binaries

Confirmed Working

Run 352 — all steps pass, image pushed to registry:

• forge.ourworld.tf/lhumina_code/hero_zero:dev
• forge.ourworld.tf/lhumina_code/hero_zero:latest

Closes #25

## Summary Fix the container build CI pipeline (build-container.yaml) to work e2e in Forgejo Actions with Docker-in-Docker. ### Changes **build-container.yaml:** - Replace `actions/checkout@v4` with manual `git clone` (alpine musl/glibc incompatibility) - Add `nodejs` to `apk add` (Docker actions are JS-based and need Node) - Pass SSH_PRIVATE_KEY via `env:` block to preserve multiline key - Use `~/.ssh/config` with `StrictHostKeyChecking accept-new` instead of `ssh-keyscan` **Dockerfile:** - Clone zinit for `zinit_sdk` path dependency before cargo build - Fix binary name (`hero_services_server`, not `hero_zero`) - Remove aspirational `hero_zero install-service` loop (binary doesn't exist yet) - Simplify to build and package the actual workspace binaries ### Confirmed Working Run 352 — all steps pass, image pushed to registry: - `forge.ourworld.tf/lhumina_code/hero_zero:dev` - `forge.ourworld.tf/lhumina_code/hero_zero:latest` Closes #25

mik-tf added 1 commit 2026-02-26 05:17:28 +00:00

fix: replace actions/checkout with git clone in container build CI ... 6149d0c847

actions/checkout@v4 fails in docker:24-dind (alpine) due to
glibc/musl mismatch. Replace with manual git clone using
FORGEJO_TOKEN for auth. Also removes nodejs dependency since
checkout action is no longer used.

Fixes both build-container and create-release jobs.

Closes #25

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf added 1 commit 2026-02-26 05:19:23 +00:00

fix: pass SSH_PRIVATE_KEY via env block to preserve newlines ... 5158b1a887

Direct ${{ secrets }} interpolation in run blocks mangles multi-line
SSH keys. Pass via env: block instead, matching the pattern used in
build.yaml which works.

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf added 1 commit 2026-02-26 05:21:30 +00:00

fix: improve SSH setup — skip ssh-keyscan, add debug output ... 3ca3e2b267

ssh-keyscan may hang in DinD container. Use ssh config with
StrictHostKeyChecking instead. Add error output to identify
which step fails.

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf added 1 commit 2026-02-26 05:25:41 +00:00

fix: add nodejs to apk install — Docker actions require Node ... ff901bdb3b

docker/setup-buildx-action, docker/login-action, and
docker/build-push-action are JavaScript actions that need
Node.js in the runner. Without it, they fail with exit 127
("node: not found").

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf added 1 commit 2026-02-26 05:27:44 +00:00

fix: clone zinit in Dockerfile for zinit_sdk path dependency ... 2a4a2fd98b

The workspace Cargo.toml has a path dependency on
../zinit/crates/zinit_sdk. In the Docker build context this
resolves to /build/zinit/ which must be cloned before cargo
build can proceed.

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf added 1 commit 2026-02-26 05:31:54 +00:00

fix: update Dockerfile to build actual workspace binaries ... 2a02b76fc1

The Dockerfile referenced a hero_zero binary that doesn't exist
in this workspace. The workspace produces hero_services_server,
hero_services, and hero_services_ui. Updated to build and copy
the actual binaries.

Simplified the builder stage — removed aspirational hero_zero
install-service loop and zinit install steps that depend on
non-existent binaries.

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf changed title from WIP: fix: make container build CI pipeline work e2e to fix: container CI pipeline — DinD checkout, SSH, and Dockerfile fixes 2026-02-26 05:35:37 +00:00

mik-tf referenced this pull request 2026-02-26 05:41:21 +00:00

Expand Dockerfile to full multi-service container image #27

mik-tf referenced this pull request 2026-02-27 14:26:44 +00:00

Combined deploy — all PRs merged + Dockerfile.prod + TFGrid deployment #43

mik-tf closed this pull request 2026-02-27 14:52:31 +00:00

mik-tf commented 2026-02-27 14:52:32 +00:00

Author

Owner

Copy link

Superseded by #43 (combined deploy branch with all PRs merged).

Superseded by #43 (combined deploy branch with all PRs merged).

All checks were successful

Hide all checks

Build and Test / build (pull_request) Successful in 6m21s

Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_services!26

No description provided.