Switch hero_books TOML to Unix socket #36

Closed

mik-tf wants to merge 6 commits from development_hero_books_socket into development

pull from: development_hero_books_socket

merge into: lhumina_code:development

lhumina_code:development

lhumina_code:development_base_image

lhumina_code:development_timur

lhumina_code:development_kristof

lhumina_code:main

Conversation 1 Commits 6 Files changed 16 +653 -104

mik-tf commented 2026-02-26 18:09:23 +00:00

Owner

Copy link

Summary

• Change hero_books exec from --port 8883 to --bind unix:__HERO_VAR__/sockets/hero_books.sock
• Remove ports = [8883] — hero_proxy handles external routing
• Aligns hero_books with all other 21 services that use Unix sockets internally

Closes #35
Requires: hero_books#68 (binary must support --bind unix:)

Test plan

• hero_books#68 merged first
• Validate hero_books starts and listens on socket
• Verify hero_proxy routes /hero_books/ to the socket
• Test in production container

## Summary - Change hero_books exec from `--port 8883` to `--bind unix:__HERO_VAR__/sockets/hero_books.sock` - Remove `ports = [8883]` — hero_proxy handles external routing - Aligns hero_books with all other 21 services that use Unix sockets internally Closes #35 Requires: hero_books#68 (binary must support `--bind unix:`) ## Test plan - [ ] hero_books#68 merged first - [ ] Validate hero_books starts and listens on socket - [ ] Verify hero_proxy routes `/hero_books/` to the socket - [ ] Test in production container

mik-tf added 5 commits 2026-02-26 18:09:23 +00:00

fix: correct Dockerfile binary names, CI pipeline, and add entrypoint ... 05b6c3ff98

- Dockerfile: fix binary names (hero_services_openrpc, not hero_zero),
  build zinit workspace, use rust:slim-bookworm runtime with g++ for
  services that need C++ at install time
- CI workflow: manual git clone (actions/checkout fails in alpine DinD),
  explicit dockerd startup, SSH key via env block to prevent multiline
  mangling, StrictHostKeyChecking accept-new
- Entrypoint: start zinit_openrpc, wait for socket, launch
  hero_services_openrpc with user profile. Generic SSH key permission
  fix for any mounted key type.

Co-Authored-By: mik-tf <mik@threefold.io>

fix: use flock to prevent race condition on shared repo installs ... a9b13c11a6

When multiple services share the same git repo (e.g. zinit_openrpc
and zinit_http both use geomind_code/zinit), their install oneshots
race on the same directory. The second install starts milliseconds
after the first finishes and fails with exit 128 (git lock conflict).

Wrap clone_or_update_sh in flock so concurrent installs serialize
their git operations on the same repo directory.

Fixes #33

Co-Authored-By: mik-tf <mik@threefold.io>

feat: add production container with pre-built service binaries ... 0f01466789

Production Dockerfile (Dockerfile.prod) compiles ALL hero service
binaries at build time, producing a slim debian:bookworm-slim image
with no Rust toolchain or SSH keys needed at runtime.

- docker/build-services.sh: clones and builds 12 service repos
- docker/strip-build-sections.sh: removes [build]/[install] TOML
  sections so orchestrator starts services without install oneshots
- build-prod-container.yaml: CI workflow for production image builds

Co-Authored-By: mik-tf <mik@threefold.io>

fix: preserve pre-built binaries in production mode ... e422ebe918

- stop_and_clean: skip binary deletion when no services have [build]
  sections (production containers with pre-baked binaries)
- build-services.sh: add build_cargo() for repos needing direct cargo
  builds (hero_os: skip WASM/Dioxus frontend), fix status tracking
- strip-build-sections.sh: also remove "install" from profile actions
  to prevent orchestrator from writing install oneshots

Tested: 19/21 services running in production container.
Remaining: hero_indexer (TOML naming mismatch) and hero_books (blocked
by hero_indexer dependency).

Co-Authored-By: mik-tf <mik@threefold.io>

fix: split hero_indexer into openrpc/http to match repo binary names ... d2f96f7aed

The hero_indexer repo now builds hero_indexer_openrpc + hero_indexer_http
(not a single hero_indexer binary). Split the TOML accordingly and update
all depends_on references in hero_books, hero_indexer_ui, hero_osis_openrpc.

Refs #29

Co-Authored-By: mik-tf <mik@threefold.io>

mik-tf force-pushed development_hero_books_socket from 7fac639031 to 3bf8866d01 2026-02-26 18:12:49 +00:00 Compare

mik-tf changed title from WIP: Switch hero_books TOML to Unix socket to Switch hero_books TOML to Unix socket 2026-02-26 18:23:44 +00:00

mik-tf referenced this pull request 2026-02-27 14:26:44 +00:00

Combined deploy — all PRs merged + Dockerfile.prod + TFGrid deployment #43

mik-tf closed this pull request 2026-02-27 14:52:37 +00:00

mik-tf commented 2026-02-27 14:52:38 +00:00

Author

Owner

Copy link

Superseded by #43 (combined deploy branch with all PRs merged).

Superseded by #43 (combined deploy branch with all PRs merged).

All checks were successful

Hide all checks

Build and Test / build (pull_request) Successful in 5m25s

Details

Pull request closed

This pull request cannot be reopened because the branch was deleted.

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

lhumina_code/hero_services!36

No description provided.