diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index bde57ab..49884d8 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -11,16 +11,6 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 60 - services: - docker: - image: docker:27-dind - env: - DOCKER_TLS_CERTDIR: "" - # Pass --env directly to docker run to override the image-level default - # (DOCKER_TLS_CERTDIR=/certs) regardless of whether the env: field above - # is honoured by the act runner version on this host. - options: --privileged --env DOCKER_TLS_CERTDIR= - steps: - uses: actions/checkout@v4 with: @@ -42,13 +32,13 @@ jobs: - name: Locate Docker daemon for local Dagger engine run: | - # Skip if remote Dagger engine is already configured + # Skip if remote Dagger engine is already configured (preferred path) if [ -n "${_DAGGER_RUNNER_HOST:-}" ]; then echo "Remote Dagger engine configured, no local Docker needed." exit 0 fi - # 1. Host Docker socket (DooD) — available when runner mounts /var/run/docker.sock + # Try host Docker socket (DooD) if runner mounts it if [ -S /var/run/docker.sock ]; then if DOCKER_HOST=unix:///var/run/docker.sock docker info >/dev/null 2>&1; then echo "Docker available via host socket." @@ -57,53 +47,10 @@ jobs: fi fi - # 2. DinD service hostname — retry up to 60 s to allow the inner daemon to start - for attempt in $(seq 1 6); do - if DOCKER_HOST=tcp://docker:2375 docker info >/dev/null 2>&1; then - echo "Docker available at tcp://docker:2375" - echo "DOCKER_HOST=tcp://docker:2375" >> "$GITHUB_ENV" - exit 0 - fi - echo "DinD not ready (attempt $attempt/6), waiting 10 s..." >&2 - sleep 10 - done - - # 3. DNS-based discovery: resolve 'docker' and probe it directly - DOCKER_IP=$(getent hosts docker 2>/dev/null | awk '{print $1; exit}') - if [ -n "$DOCKER_IP" ]; then - echo "docker resolves to $DOCKER_IP" >&2 - if (timeout 2 bash -c "echo >/dev/tcp/${DOCKER_IP}/2375" 2>/dev/null); then - echo "Found Docker daemon at $DOCKER_IP:2375" - echo "DOCKER_HOST=tcp://$DOCKER_IP:2375" >> "$GITHUB_ENV" - exit 0 - fi - if (timeout 2 bash -c "echo >/dev/tcp/${DOCKER_IP}/2376" 2>/dev/null); then - echo "ERROR: Docker at $DOCKER_IP answers on 2376 (TLS) but not 2375. TLS was not disabled." >&2 - fi - fi - - # 4. Scan all local /24 subnets for any host on port 2375 - echo "Scanning network for DinD on port 2375..." >&2 - for MY_IP in $(hostname -I); do - case "$MY_IP" in 127.*) continue ;; esac - PREFIX=$(echo "$MY_IP" | cut -d. -f1-3) - for i in $(seq 1 254); do - ip="${PREFIX}.${i}" - if (timeout 0.2 bash -c "echo >/dev/tcp/${ip}/2375" 2>/dev/null); then - echo "Found Docker daemon at $ip:2375" - echo "DOCKER_HOST=tcp://$ip:2375" >> "$GITHUB_ENV" - exit 0 - fi - done - done - - # Diagnostics before giving up - echo "=== Docker discovery diagnostics ===" >&2 - echo "hostname -I: $(hostname -I)" >&2 - echo "docker DNS: $(getent hosts docker 2>/dev/null || echo 'not resolved')" >&2 - echo "docker.sock: $(ls -la /var/run/docker.sock 2>/dev/null || echo 'not present')" >&2 - echo "ERROR: Could not locate Docker daemon" >&2 - exit 1 + echo "WARNING: No remote Dagger engine and no local Docker found." >&2 + echo " - Remote engine: check DAGGER_STUNNEL_URL secret and that the host proxy is running." >&2 + echo " - Local Docker: runner does not expose /var/run/docker.sock." >&2 + echo "CI will likely fail at the Dagger step." >&2 - name: Prune Dagger cache before check env: diff --git a/scripts/setup_dagger_remote.sh b/scripts/setup_dagger_remote.sh index 0163c98..fd40219 100755 --- a/scripts/setup_dagger_remote.sh +++ b/scripts/setup_dagger_remote.sh @@ -19,7 +19,7 @@ PROBE_DELAY=30 for attempt in $(seq 1 $MAX_PROBE_ATTEMPTS); do echo "Probing $host:$port (attempt $attempt/$MAX_PROBE_ATTEMPTS)..." if nc -zw 5 "$host" "$port" 2>/dev/null; then - echo "Found active Dagger server on $host:$port" + echo "Found active server on $host:$port" break fi if [ "$attempt" -eq "$MAX_PROBE_ATTEMPTS" ]; then @@ -31,7 +31,25 @@ for attempt in $(seq 1 $MAX_PROBE_ATTEMPTS); do sleep $PROBE_DELAY done -# 2. Setup TLS credentials (passed as env vars from secrets) +# 2a. Try plain TCP connection first (works when server is a plain TCP proxy, no TLS) +echo "Trying plain TCP Dagger connection at tcp://$host:$port..." +if _DAGGER_RUNNER_HOST="tcp://$host:$port" \ + _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port" \ + timeout 8 dagger version >/dev/null 2>&1; then + echo "Plain TCP Dagger connection succeeded — no TLS stunnel needed." + if [ -n "${GITHUB_ENV:-}" ]; then + echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV" + echo "_DAGGER_RUNNER_HOST=tcp://$host:$port" >> "$GITHUB_ENV" + else + export _EXPERIMENTAL_DAGGER_RUNNER_HOST="tcp://$host:$port" + export _DAGGER_RUNNER_HOST="tcp://$host:$port" + echo "Dagger configured at tcp://$host:$port (plain TCP)" + fi + exit 0 +fi +echo "Plain TCP connection not available; trying TLS stunnel..." + +# 2b. Setup TLS credentials (passed as env vars from secrets) mkdir -p /tmp/dagger-tls echo "$DAGGER_CA_CERT" > /tmp/dagger-tls/ca.crt echo "$DAGGER_CLIENT_CERT" > /tmp/dagger-tls/client.crt