The DinD service approach was crashing the job (exit 2) because the
Forgejo runner on this host does not honour the `options: --privileged`
field for service containers, so dockerd inside DinD could never start.
Root cause of the broader CI failure: dagger-stunnel.service stopped
cleanly (exit 0 → no auto-restart), leaving port 8774 without a
listener. A plain socat TCP proxy (8774→1774) is now running on the
host as a stop-gap until stunnel is restarted.
Changes:
- Remove the docker:27-dind service container from ci.yml entirely
- Simplify "Locate Docker daemon" step — warn instead of failing when
Docker is unavailable (job fails later at the Dagger step with a
clearer message)
- Add plain-TCP path to setup_dagger_remote.sh: after a successful nc
probe, try `dagger version` directly over the target host:port before
falling back to the TLS stunnel setup; this works with both the socat
plain-TCP proxy and any future plain-TCP Dagger engine exposure
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The remote Dagger engine probe exits with an error when the server is
down, failing CI before any tests run. Change the probe to exit 0 on
timeout and print a warning instead; with _DAGGER_RUNNER_HOST unset
Dagger will start a local engine and CI can still complete.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The Dagger engine stopped responding (connection refused) after the
previous run exhausted disk space and crashed it. Two changes:
1. setup_dagger_remote.sh: retry the nc probe up to 5 times with 30 s
delays so a transient crash/restart window doesn't immediately fail
the job.
2. ci.yml: add a post-check prune step (if: always()) so the engine
cache is cleaned up after every run, reducing the chance of disk
exhaustion on the next run.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add -qq to apt-get update/install in Dagger toolchain to suppress
verbose package-list output (hundreds of lines on cold cache)
- Wrap sdkmanager in silent-on-success pattern — only shows output
on failure, like the build_runner and flutter pub get steps
- Set debug = warning in stunnel config to suppress LOG5 (info/notice)
startup lines while keeping LOG4 (warning) and above
- Add org.gradle.welcome=never to android/gradle.properties to
suppress the "Welcome to Gradle N.NN!" banner
- Filter SKIPPED Gradle tasks, Gradle Daemon startup messages, and
gcloud support-page promo lines in run_firebase_test.sh
Errors and warnings are preserved in all cases.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Connection drops consistently at ~50s suggest NAT/firewall idle timeout.
Keepalive probes every 10s on the remote side prevent the RST.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
