ZDDC/.forgejo at 430ea8371e3c65234af4c958a2feda96887ac091 - VARASYS/ZDDC

History

ZDDC 703449adc5 ci(deploy-release): force-sync codeberg + verify tags before chart bump Today v0.0.19 surfaced a real failure mode: varasys → codeberg push- mirror is `sync_on_commit: true`, but a transient codeberg 504 mid- push left 2 of 8 tags un-replicated. BMC chart's Dockerfile fetches zddc-server-v<X.Y.Z> from codeberg (no egress to git.varasys.io), so the bumped chart fired BMC pipelines that immediately failed at `git fetch refs/tags/zddc-server-v0.0.19`. Mirror's next periodic push (8h default) would self-heal — but by then dev was broken. Make the stable-cut deterministic: before bumping the chart, force the push-mirror via the Forgejo API and poll codeberg until all 8 lockstep tags are visible. Fail the job (and skip the chart bump) if codeberg is genuinely unreachable after 5 min — operator triages manually rather than triggering downstream builds against a stale codeberg. Uses ${{ github.token }} (Forgejo Actions auto-injected) for the push_mirrors-sync API call. If that token turns out to lack admin scope on this repo (Forgejo specifics around runner-token perms vary), the failure will be a clear 401/403 on the curl — switch to a dedicated CHART_FORGEJO_TOKEN-style secret then. Local repro: FORGEJO_TOKEN=$FORGEJO_TOKEN curl -X POST \ -H "Authorization: token $FORGEJO_TOKEN" \ https://git.varasys.io/api/v1/repos/VARASYS/ZDDC/push_mirrors-sync Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-20 11:10:55 -05:00
..
scripts	fix(build,ci): auto-commit embedded refresh on beta cuts; pin chart to HEAD	2026-05-05 20:48:09 -05:00
workflows	ci(deploy-release): force-sync codeberg + verify tags before chart bump	2026-05-20 11:10:55 -05:00

ZDDC 703449adc5 ci(deploy-release): force-sync codeberg + verify tags before chart bump

Today v0.0.19 surfaced a real failure mode: varasys → codeberg push-
mirror is `sync_on_commit: true`, but a transient codeberg 504 mid-
push left 2 of 8 tags un-replicated. BMC chart's Dockerfile fetches
zddc-server-v<X.Y.Z> from codeberg (no egress to git.varasys.io),
so the bumped chart fired BMC pipelines that immediately failed at
`git fetch refs/tags/zddc-server-v0.0.19`. Mirror's next periodic
push (8h default) would self-heal — but by then dev was broken.

Make the stable-cut deterministic: before bumping the chart, force
the push-mirror via the Forgejo API and poll codeberg until all 8
lockstep tags are visible. Fail the job (and skip the chart bump)
if codeberg is genuinely unreachable after 5 min — operator triages
manually rather than triggering downstream builds against a stale
codeberg.

Uses ${{ github.token }} (Forgejo Actions auto-injected) for the
push_mirrors-sync API call. If that token turns out to lack admin
scope on this repo (Forgejo specifics around runner-token perms
vary), the failure will be a clear 401/403 on the curl — switch
to a dedicated CHART_FORGEJO_TOKEN-style secret then.

Local repro:
  FORGEJO_TOKEN=$FORGEJO_TOKEN curl -X POST \
    -H "Authorization: token $FORGEJO_TOKEN" \
    https://git.varasys.io/api/v1/repos/VARASYS/ZDDC/push_mirrors-sync

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-20 11:10:55 -05:00

scripts

fix(build,ci): auto-commit embedded refresh on beta cuts; pin chart to HEAD

2026-05-05 20:48:09 -05:00

workflows

ci(deploy-release): force-sync codeberg + verify tags before chart bump

2026-05-20 11:10:55 -05:00