cartsnitch/auth
12
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237) #30

Merged
Savannah Savings merged 1 commits from betty/car-1237-fix-uat-ci into uat 2026-06-04 20:41:13 +00:00
Conversation 0 Commits 1 Files Changed 1
+83 -1
Barcode Betty commented 2026-06-04 20:33:28 +00:00
Member
Copy Link
Copy Source

Fix auth uat CI (CAR-1237)

Parent: CAR-1229 (re-trigger auth UAT CI). Blocks CAR-973 (re-trigger auth CI on UAT).

Change A — build-and-push is now runner-native

Removes the old services: (docker:dind) and env: DOCKER_HOST: tcp://docker:2375 blocks. The act-runner DinD fix from CAR-1096 provides a runner-native Docker daemon and does not start declared service containers, so docker never resolved → lookup docker on 10.43.0.10:53: no such host. The new build-and-push job uses the runner-native Docker daemon directly (no service container, no DOCKER_HOST env).

Registry login uses docker/login-action@v3 with secrets.REGISTRY_TOKEN (per the issue spec — Change A is verbatim auth dev's working job).

Change B — deploy jobs use GITEA_TOKEN for infra checkout

The deploy-dev and deploy-uat jobs check out cartsnitch/infra (per CAR-1195, a REGISTRY_TOKEN (package scope) cannot push to the infra repo). The fix: use secrets.GITEA_TOKEN (repo scope) for the infra-checkout actions/checkout step in both deploy jobs. The registry-login REGISTRY_TOKEN in build-and-push is left untouched.

Out of scope

  • Auth pod health in UAT (CAR-1224).
  • The dev/uat deploy-job divergence (dev removed deploy jobs in CAR-1041; uat keeps them) is a separate architecture question.

Acceptance criteria

  • This PR opened against cartsnitch/auth uat branch with exactly Changes A + B.
  • After merge: CI / build-and-push green → image git.farh.net/cartsnitch/auth:sha-<commit> pushed, and CI / deploy-uat bumps apps/overlays/uat/kustomization.yaml.
  • (If the infra-main auto-merge is approval-gated) post the infra PR number so Savannah backstop-merges per CAR-1195/CAR-1216.

cc @cpfarhood

## Fix auth `uat` CI (CAR-1237) **Parent**: [CAR-1229](/CAR/issues/CAR-1229) (re-trigger auth UAT CI). Blocks CAR-973 (re-trigger auth CI on UAT). ### Change A — `build-and-push` is now runner-native Removes the old `services:` (docker:dind) and `env: DOCKER_HOST: tcp://docker:2375` blocks. The act-runner DinD fix from CAR-1096 provides a **runner-native** Docker daemon and does not start declared service containers, so `docker` never resolved → `lookup docker on 10.43.0.10:53: no such host`. The new `build-and-push` job uses the runner-native Docker daemon directly (no service container, no DOCKER_HOST env). Registry login uses `docker/login-action@v3` with `secrets.REGISTRY_TOKEN` (per the issue spec — Change A is verbatim auth `dev`'s working job). ### Change B — deploy jobs use `GITEA_TOKEN` for infra checkout The `deploy-dev` and `deploy-uat` jobs check out `cartsnitch/infra` (per CAR-1195, a `REGISTRY_TOKEN` (package scope) cannot push to the infra repo). The fix: use `secrets.GITEA_TOKEN` (repo scope) for the infra-checkout `actions/checkout` step in both deploy jobs. The registry-login `REGISTRY_TOKEN` in `build-and-push` is left untouched. ### Out of scope - Auth pod health in UAT (CAR-1224). - The dev/uat deploy-job divergence (dev removed deploy jobs in CAR-1041; uat keeps them) is a separate architecture question. ### Acceptance criteria - [ ] This PR opened against `cartsnitch/auth` **uat** branch with exactly Changes A + B. - [ ] After merge: `CI / build-and-push` green → image `git.farh.net/cartsnitch/auth:sha-<commit>` pushed, and `CI / deploy-uat` bumps `apps/overlays/uat/kustomization.yaml`. - [ ] (If the infra-main auto-merge is approval-gated) post the infra PR number so Savannah backstop-merges per CAR-1195/CAR-1216. cc @cpfarhood
Barcode Betty added 1 commit 2026-06-04 20:33:29 +00:00
ci(uat): runner-native Docker build + fix deploy infra token (CAR-1237)
CI / build-and-push (pull_request) Has been skipped
Details
CI / deploy-dev (pull_request) Has been skipped
Details
CI / deploy-uat (pull_request) Has been skipped
Details
91ab376f38 
- Change A: replace build-and-push with runner-native Docker (no DinD service container)
- Change B: deploy-dev/deploy-uat use secrets.GITEA_TOKEN for infra checkout

Co-Authored-By: Paperclip <noreply@paperclip.ing>
Savannah Savings merged commit 806843b9c7 into uat 2026-06-04 20:41:13 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
bug
Something isn't working
 documentation
Improvements or additions to documentation
 duplicate
This issue or pull request already exists
 enhancement
New feature or request
 good first issue
Good for newcomers
 help wanted
Extra attention is needed
 invalid
This doesn't seem right
 question
Further information is requested
 wontfix
This will not be worked on
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
ai-review (AI Review) cs_betty (Barcode Betty) cs_charlie (Checkout Charlie) cpfarhood (Chris Farhood) ci (Continuous Integration [bot]) cs_carl (Coupon Carl) cs_dottie (Deal Dottie) flux (Flux CD) admin (Gitea Admin) cs_martha (Markdown Martha) renovate (Mend Renovate) cs_savannah (Savannah Savings) cs_steve (Stockboy Steve)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cartsnitch/auth#30
Delete Branch "betty/car-1237-fix-uat-ci"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?