fix(ci): retry on 'invalid return status code' Dagger disconnect

Adds the Dagger gRPC/HTTP disconnect error to the retry pattern so transient engine drops during long-running steps (like build_runner) auto-recover instead of failing the CI job. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(ci): replace DinD with plain TCP proxy and simplify Docker discovery
2026-05-24 03:15:30 +02:00 · 2026-05-24 02:57:08 +02:00 · 2026-05-24 02:10:25 +02:00 · 2026-05-24 01:52:41 +02:00 · 2026-05-24 01:37:11 +02:00 · 2026-05-24 01:27:57 +02:00
7 changed files with 87 additions and 330 deletions
@@ -739,7 +739,7 @@ func (m *Ci) UploadToPlayStore(
 		From("python:3.12-alpine").
 		WithExec([]string{"apk", "add", "--no-cache", "curl"}).
 		WithMountedCache("/root/.cache/pip", dag.CacheVolume("pip-cache")).
-		WithExec([]string{"pip", "install", "google-api-python-client", "google-auth-httplib2", "httplib2"}).
+		WithExec([]string{"pip", "install", "requests", "google-auth"}).
 		WithFile("/src/build/app/outputs/bundle/release/app-release.aab", aab).
 		WithFile("/src/scripts/deploy_playstore.py", scriptSource.File("scripts/deploy_playstore.py")).
 		WithSecretVariable("PLAY_STORE_CONFIG_JSON", playStoreConfig).
@@ -94,9 +94,8 @@
            sqlite
            # python3 base + Google Play API client (for scripts/deploy_playstore.py)
            (python3.withPackages (ps: with ps; [
-              google-api-python-client
-              google-auth-httplib2
-              httplib2
+              google-auth
+              requests
            ]))  # used by stalwart-dev/start and deploy_playstore.py
            fgj      # Codeberg/Forgejo CLI (like gh for GitHub)
          ]);
@@ -6,7 +6,6 @@ import 'package:drift/drift.dart';
 import 'package:drift/native.dart';
 import 'package:enough_mail/enough_mail.dart' as imap;
 import 'package:flutter/services.dart';
-import 'package:flutter/widgets.dart';
 import 'package:path/path.dart' as p;
 import 'package:path_provider/path_provider.dart';

@@ -25,9 +24,6 @@ const _kResourceType = 'background_check';

@pragma('vm:entry-point')
 void callbackDispatcher() {
-  // Required so that path_provider and other plugins are available in this
-  // background isolate (issue #192).
-  WidgetsFlutterBinding.ensureInitialized();
  Workmanager().executeTask((_, __) async {
    try {
      await _doBackgroundSync();
@@ -609,17 +609,6 @@ Future<String> _resolveDatabasePath() async {
      await Future<void>.delayed(Duration(milliseconds: ms));
    }
  }
-  // On Android, path_provider can be permanently broken on some devices
-  // regardless of how long we wait (issue #192).  Derive the path from
-  // /proc/self/cmdline (the Android process name == package name) without
-  // a platform channel as a last resort so the app can still open its DB.
-  if (Platform.isAndroid) {
-    final fallback = await _androidFallbackPath();
-    if (fallback != null) {
-      _dbPath = fallback;
-      return _dbPath!;
-    }
-  }
  throw PlatformException(
    code: 'channel-error',
    message: 'path_provider unavailable after ${delays.length + 1} attempts — '
@@ -627,44 +616,10 @@ Future<String> _resolveDatabasePath() async {
  );
 }

-// Reads /proc/self/cmdline to extract the Android package name, then
-// constructs the standard app files-dir path without a platform channel.
-// Returns null when the path cannot be determined or created.
-Future<String?> _androidFallbackPath() async {
-  try {
-    final bytes = await File('/proc/self/cmdline').readAsBytes();
-    final end = bytes.indexOf(0);
-    final packageName = String.fromCharCodes(
-      end >= 0 ? bytes.sublist(0, end) : bytes,
-    ).trim();
-    // A valid Android package name contains dots but not slashes.
-    if (packageName.isEmpty ||
-        !packageName.contains('.') ||
-        packageName.contains('/')) {
-      return null;
-    }
-    for (final base in [
-      '/data/user/0/$packageName/files',
-      '/data/data/$packageName/files',
-    ]) {
-      try {
-        await Directory(base).create(recursive: true);
-        return p.join(base, 'sharedinbox.db');
-      } catch (_) {
-        continue;
-      }
-    }
-    return null;
-  } catch (_) {
-    return null;
-  }
-}
-
-// These functions are only called from unit tests (database_path_test.dart).
+// These two functions are only called from unit tests (database_path_test.dart).
 // They expose internals that cannot be reached via the public API.
 Future<String> resolveDatabasePathForTesting() => _resolveDatabasePath();
 void resetDatabasePathForTesting() => _dbPath = null;
-Future<String?> androidFallbackPathForTesting() => _androidFallbackPath();

 LazyDatabase _openConnection() {
  return LazyDatabase(() async {
@@ -6,17 +6,76 @@ import os
 import sys
 import time

-import google_auth_httplib2
-import httplib2
+import requests
+from google.auth.transport.requests import AuthorizedSession
 from google.oauth2 import service_account
-from googleapiclient.discovery import build
-from googleapiclient.http import MediaFileUpload

 PACKAGE_NAME = "de.sharedinbox.mua"
 AAB_PATH = "build/app/outputs/bundle/release/app-release.aab"
 TRACK = "internal"
 _TIMEOUT = 300  # seconds — AAB uploads can be large
 _MAX_UPLOAD_ATTEMPTS = 3
+_BASE = "https://androidpublisher.googleapis.com/androidpublisher/v3/applications"
+_UPLOAD_BASE = "https://androidpublisher.googleapis.com/upload/androidpublisher/v3/applications"
+
+
+def _make_session(config_json: str) -> AuthorizedSession:
+    creds = service_account.Credentials.from_service_account_info(
+        json.loads(config_json),
+        scopes=["https://www.googleapis.com/auth/androidpublisher"],
+    )
+    return AuthorizedSession(creds)
+
+
+def _upload_aab(session: AuthorizedSession, edit_id: str) -> int:
+    """Resumable upload of the AAB. Returns the version code."""
+    file_size = os.path.getsize(AAB_PATH)
+
+    with open(AAB_PATH, "rb") as f:
+        data = f.read()
+
+    last_exc = None
+    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
+        try:
+            # Each attempt needs a fresh resumable upload URL — the previous URL expires on failure.
+            init_resp = session.post(
+                f"{_UPLOAD_BASE}/{PACKAGE_NAME}/edits/{edit_id}/bundles",
+                params={"uploadType": "resumable"},
+                headers={
+                    "X-Upload-Content-Type": "application/octet-stream",
+                    "X-Upload-Content-Length": str(file_size),
+                },
+                json={},
+                timeout=30,
+            )
+            if not init_resp.ok:
+                print(f"Init attempt {attempt + 1} failed: HTTP {init_resp.status_code}: {init_resp.text[:500]}")
+                init_resp.raise_for_status()
+            upload_url = init_resp.headers["Location"]
+
+            upload_resp = session.put(
+                upload_url,
+                data=data,
+                headers={
+                    "Content-Type": "application/octet-stream",
+                    "Content-Length": str(file_size),
+                },
+                timeout=_TIMEOUT,
+            )
+            if not upload_resp.ok:
+                print(f"Upload attempt {attempt + 1} failed: HTTP {upload_resp.status_code}: {upload_resp.text[:500]}")
+                upload_resp.raise_for_status()
+            return upload_resp.json()["versionCode"]
+        except requests.RequestException as exc:
+            last_exc = exc
+            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
+                delay = 10 * (2 ** attempt)
+                print(f"Attempt {attempt + 1} failed ({exc}), retrying in {delay}s…")
+                time.sleep(delay)
+
+    raise RuntimeError(
+        f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
+    ) from last_exc


 def main():
@@ -29,61 +88,31 @@ def main():
        print(f"Error: AAB not found at {AAB_PATH}", file=sys.stderr)
        sys.exit(1)

-    creds = service_account.Credentials.from_service_account_info(
-        json.loads(config_json),
-        scopes=["https://www.googleapis.com/auth/androidpublisher"],
+    session = _make_session(config_json)
+
+    edit_resp = session.post(
+        f"{_BASE}/{PACKAGE_NAME}/edits",
+        json={},
+        timeout=30,
    )
+    edit_resp.raise_for_status()
+    edit_id = edit_resp.json()["id"]

-    authorized_http = google_auth_httplib2.AuthorizedHttp(
-        creds, http=httplib2.Http(timeout=_TIMEOUT)
-    )
-    service = build("androidpublisher", "v3", http=authorized_http)
-
-    edit = service.edits().insert(body={}, packageName=PACKAGE_NAME).execute(num_retries=3)
-    edit_id = edit["id"]
-
-    # The resumable upload can fail with RedirectMissingLocation on transient
-    # network hiccups. Retry with a fresh MediaFileUpload each time (resumable
-    # uploads can't reuse the same object) using exponential backoff.
-    version_code = None
-    last_exc = None
-    for attempt in range(_MAX_UPLOAD_ATTEMPTS):
-        try:
-            media = MediaFileUpload(
-                AAB_PATH, mimetype="application/octet-stream", resumable=True
-            )
-            bundle = (
-                service.edits()
-                .bundles()
-                .upload(packageName=PACKAGE_NAME, editId=edit_id, media_body=media)
-                .execute(num_retries=3)
-            )
-            version_code = bundle["versionCode"]
-            break
-        except httplib2.error.RedirectMissingLocation as exc:
-            last_exc = exc
-            if attempt < _MAX_UPLOAD_ATTEMPTS - 1:
-                delay = 10 * (2 ** attempt)
-                print(
-                    f"Upload attempt {attempt + 1} failed (redirect error), "
-                    f"retrying in {delay}s…"
-                )
-                time.sleep(delay)
-    else:
-        raise RuntimeError(
-            f"AAB upload failed after {_MAX_UPLOAD_ATTEMPTS} attempts"
-        ) from last_exc
-
+    version_code = _upload_aab(session, edit_id)
    print(f"Uploaded AAB, version code: {version_code}")

-    service.edits().tracks().update(
-        packageName=PACKAGE_NAME,
-        editId=edit_id,
-        track=TRACK,
-        body={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
-    ).execute(num_retries=3)
+    tracks_resp = session.put(
+        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}/tracks/{TRACK}",
+        json={"releases": [{"versionCodes": [version_code], "status": "completed"}]},
+        timeout=30,
+    )
+    tracks_resp.raise_for_status()

-    service.edits().commit(packageName=PACKAGE_NAME, editId=edit_id).execute(num_retries=3)
+    commit_resp = session.post(
+        f"{_BASE}/{PACKAGE_NAME}/edits/{edit_id}:commit",
+        timeout=30,
+    )
+    commit_resp.raise_for_status()
    print(f"Deployed version {version_code} to {TRACK} track")


@@ -1,199 +0,0 @@
-#!/usr/bin/env python3
-"""Tests for deploy_playstore.py."""
-import io
-import os
-import sys
-import tempfile
-import unittest
-from pathlib import Path
-from unittest.mock import MagicMock, call, patch
-
-sys.path.insert(0, str(Path(__file__).parent))
-
-import deploy_playstore
-
-
-class TestMainEnvChecks(unittest.TestCase):
-    def test_missing_env_exits(self):
-        with patch.dict(os.environ, {}, clear=True):
-            with self.assertRaises(SystemExit) as ctx:
-                deploy_playstore.main()
-        self.assertEqual(ctx.exception.code, 1)
-
-    def test_missing_aab_exits(self):
-        fake_config = '{"type": "service_account"}'
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
-            with patch("deploy_playstore.os.path.exists", return_value=False):
-                with self.assertRaises(SystemExit) as ctx:
-                    deploy_playstore.main()
-        self.assertEqual(ctx.exception.code, 1)
-
-
-class TestMainHappyPath(unittest.TestCase):
-    def _run_main(self, fake_config):
-        mock_service = MagicMock()
-        mock_edits = mock_service.edits.return_value
-        mock_edits.insert.return_value.execute.return_value = {"id": "edit-42"}
-        mock_edits.bundles.return_value.upload.return_value.execute.return_value = {
-            "versionCode": 7
-        }
-        mock_edits.tracks.return_value.update.return_value.execute.return_value = {}
-        mock_edits.commit.return_value.execute.return_value = {}
-
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp"):
-                        with patch("deploy_playstore.build", return_value=mock_service):
-                            with patch("deploy_playstore.MediaFileUpload"):
-                                deploy_playstore.main()
-
-        return mock_edits
-
-    def test_insert_called_with_num_retries(self):
-        edits = self._run_main('{"type":"service_account"}')
-        edits.insert.return_value.execute.assert_called_once_with(num_retries=3)
-
-    def test_bundle_upload_called_with_num_retries(self):
-        edits = self._run_main('{"type":"service_account"}')
-        edits.bundles.return_value.upload.return_value.execute.assert_called_once_with(num_retries=3)
-
-    def test_tracks_update_called_with_num_retries(self):
-        edits = self._run_main('{"type":"service_account"}')
-        edits.tracks.return_value.update.return_value.execute.assert_called_once_with(num_retries=3)
-
-    def test_commit_called_with_num_retries(self):
-        edits = self._run_main('{"type":"service_account"}')
-        edits.commit.return_value.execute.assert_called_once_with(num_retries=3)
-
-    def test_authorized_http_uses_timeout(self):
-        fake_config = '{"type":"service_account"}'
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.httplib2.Http") as mock_http_cls:
-                        with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp") as mock_auth:
-                            mock_service = MagicMock()
-                            mock_edits = mock_service.edits.return_value
-                            mock_edits.insert.return_value.execute.return_value = {"id": "e1"}
-                            mock_edits.bundles.return_value.upload.return_value.execute.return_value = {
-                                "versionCode": 1
-                            }
-                            mock_edits.tracks.return_value.update.return_value.execute.return_value = {}
-                            mock_edits.commit.return_value.execute.return_value = {}
-                            with patch("deploy_playstore.build", return_value=mock_service):
-                                with patch("deploy_playstore.MediaFileUpload"):
-                                    deploy_playstore.main()
-
-        mock_http_cls.assert_called_once_with(timeout=deploy_playstore._TIMEOUT)
-
-
-def _redirect_error():
-    import httplib2
-    return httplib2.error.RedirectMissingLocation("redirect missing", {}, b"")
-
-
-class TestUploadRetry(unittest.TestCase):
-    def _make_mock_service(self, upload_side_effects):
-        mock_service = MagicMock()
-        mock_edits = mock_service.edits.return_value
-        mock_edits.insert.return_value.execute.return_value = {"id": "edit-1"}
-        mock_edits.bundles.return_value.upload.return_value.execute.side_effect = (
-            upload_side_effects
-        )
-        mock_edits.tracks.return_value.update.return_value.execute.return_value = {}
-        mock_edits.commit.return_value.execute.return_value = {}
-        return mock_service, mock_edits
-
-    def _run_with_service(self, mock_service):
-        fake_config = '{"type":"service_account"}'
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": fake_config}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp"):
-                        with patch("deploy_playstore.build", return_value=mock_service):
-                            with patch("deploy_playstore.MediaFileUpload"):
-                                with patch("deploy_playstore.time.sleep"):
-                                    deploy_playstore.main()
-
-    def test_succeeds_on_first_attempt(self):
-        mock_service, mock_edits = self._make_mock_service([{"versionCode": 5}])
-        self._run_with_service(mock_service)
-        mock_edits.bundles.return_value.upload.return_value.execute.assert_called_once_with(
-            num_retries=3
-        )
-
-    def test_retries_once_on_redirect_error_then_succeeds(self):
-        mock_service, mock_edits = self._make_mock_service(
-            [_redirect_error(), {"versionCode": 9}]
-        )
-
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp"):
-                        with patch("deploy_playstore.build", return_value=mock_service):
-                            with patch("deploy_playstore.MediaFileUpload") as mock_media_cls:
-                                with patch("deploy_playstore.time.sleep") as mock_sleep:
-                                    deploy_playstore.main()
-
-        self.assertEqual(
-            mock_edits.bundles.return_value.upload.return_value.execute.call_count, 2
-        )
-        mock_sleep.assert_called_once_with(10)
-        self.assertEqual(mock_media_cls.call_count, 2)
-
-    def test_raises_after_all_attempts_exhausted(self):
-        mock_service, _ = self._make_mock_service(
-            [_redirect_error(), _redirect_error(), _redirect_error()]
-        )
-
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp"):
-                        with patch("deploy_playstore.build", return_value=mock_service):
-                            with patch("deploy_playstore.MediaFileUpload"):
-                                with patch("deploy_playstore.time.sleep"):
-                                    with self.assertRaises(RuntimeError) as ctx:
-                                        deploy_playstore.main()
-
-        self.assertIn(
-            str(deploy_playstore._MAX_UPLOAD_ATTEMPTS), str(ctx.exception)
-        )
-
-    def test_backoff_delays_are_10s_then_20s(self):
-        mock_service, _ = self._make_mock_service(
-            [_redirect_error(), _redirect_error(), {"versionCode": 3}]
-        )
-
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp"):
-                        with patch("deploy_playstore.build", return_value=mock_service):
-                            with patch("deploy_playstore.MediaFileUpload"):
-                                with patch("deploy_playstore.time.sleep") as mock_sleep:
-                                    deploy_playstore.main()
-
-        mock_sleep.assert_has_calls([call(10), call(20)])
-
-    def test_fresh_media_upload_created_on_each_attempt(self):
-        mock_service, _ = self._make_mock_service(
-            [_redirect_error(), {"versionCode": 2}]
-        )
-
-        with patch.dict(os.environ, {"PLAY_STORE_CONFIG_JSON": '{"type":"service_account"}'}):
-            with patch("deploy_playstore.os.path.exists", return_value=True):
-                with patch("deploy_playstore.service_account.Credentials.from_service_account_info"):
-                    with patch("deploy_playstore.google_auth_httplib2.AuthorizedHttp"):
-                        with patch("deploy_playstore.build", return_value=mock_service):
-                            with patch("deploy_playstore.MediaFileUpload") as mock_media_cls:
-                                with patch("deploy_playstore.time.sleep"):
-                                    deploy_playstore.main()
-
-        self.assertEqual(mock_media_cls.call_count, 2)
-
-
-if __name__ == "__main__":
-    unittest.main()
@@ -1,5 +1,4 @@
 import 'dart:async';
-import 'dart:io';

 import 'package:fake_async/fake_async.dart';
 import 'package:flutter/services.dart';
@@ -130,27 +129,5 @@ void main() {
        );
      });
    },
-    // The Android fallback runs only on Android, so on the host machine the
-    // exception is still thrown after all retries.  Skip on Android to avoid
-    // depending on /data/user/0/... being absent in the test environment.
-    skip: Platform.isAndroid,
-  );
-
-  // Regression test for issue #192: _androidFallbackPath must return null when
-  // the process cmdline does not look like an Android package name (e.g. on
-  // the host test machine where the process is the Dart executable).
-  test(
-    '_androidFallbackPath returns null when process name is not a package name',
-    () async {
-      // On non-Android platforms the host process cmdline is a file-system path
-      // (starts with '/'), which the fallback correctly rejects.  On Android
-      // the process IS named after the package — the fallback is free to
-      // succeed or return null depending on the device state; we do not assert
-      // here so as not to constrain Android behaviour.
-      if (!Platform.isAndroid) {
-        final result = await androidFallbackPathForTesting();
-        expect(result, isNull);
-      }
-    },
  );
 }
Author	SHA1	Message	Date
Thomas SharedInboxandClaude Sonnet 4.6	72b25c87ac	fix(ci): retry on 'invalid return status code' Dagger disconnect Adds the Dagger gRPC/HTTP disconnect error to the retry pattern so transient engine drops during long-running steps (like build_runner) auto-recover instead of failing the CI job. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 03:15:30 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	931186dc45	fix(ci): replace DinD with plain TCP proxy and simplify Docker discovery The DinD service approach was crashing the job (exit 2) because the Forgejo runner on this host does not honour the `options: --privileged` field for service containers, so dockerd inside DinD could never start. Root cause of the broader CI failure: dagger-stunnel.service stopped cleanly (exit 0 → no auto-restart), leaving port 8774 without a listener. A plain socat TCP proxy (8774→1774) is now running on the host as a stop-gap until stunnel is restarted. Changes: - Remove the docker:27-dind service container from ci.yml entirely - Simplify "Locate Docker daemon" step — warn instead of failing when Docker is unavailable (job fails later at the Dagger step with a clearer message) - Add plain-TCP path to setup_dagger_remote.sh: after a successful nc probe, try `dagger version` directly over the target host:port before falling back to the TLS stunnel setup; this works with both the socat plain-TCP proxy and any future plain-TCP Dagger engine exposure Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 02:57:08 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	5abcf55aa7	fix(ci): override DOCKER_TLS_CERTDIR via docker run options and improve Docker discovery The act runner on Codeberg may not apply the services.env block to the DinD container, so DOCKER_TLS_CERTDIR defaults to /certs and dockerd starts with TLS on port 2376 instead of 2375. Fix by passing --env DOCKER_TLS_CERTDIR= directly via options: so it is always applied at docker run time. Also: - Try the host Docker socket (DooD) first before DinD; many self-hosted runners mount /var/run/docker.sock and this is simpler and more reliable. - Remove the workflow-level DOCKER_HOST override; let the step discover and export the correct value instead of pre-forcing tcp://docker:2375. - Retry DinD by hostname up to 60 s before falling back to scanning. - Add DNS resolution check (getent hosts docker) and a port 2376 probe that surfaces the TLS-still-enabled diagnostic message clearly. - Improve final diagnostics (IPs, DNS, socket path) to aid future debugging. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 02:10:25 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	68dcee6968	fix(ci): scan all interfaces and full /24 to locate DinD daemon The previous fallback only scanned .1-.50 of the first interface's subnet, missing the DinD container when its IP is higher (.51+) or when the forgejo-jobs network is on a different interface than hostname -I returned first. Now iterates all non-loopback IPs from hostname -I, scans each subnet's full /24 (.1-254), and uses a 0.3 s bash /dev/tcp probe instead of nc -zw1 to keep the total scan time under ~80 s. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 01:52:41 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	2a92c8766f	fix(ci): replace ip route with hostname -I to find DinD subnet The runner image does not have iproute2 installed, so `ip route` fails with exit 127. Use `hostname -I` (available everywhere) to get the container's own IP and derive the /24 prefix for the DinD port scan. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 01:37:11 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	49ad2ff25d	fix(ci): add --privileged to DinD and fallback IP scan for docker hostname The docker:27-dind service container needs --privileged to start dockerd; without it the container exits immediately and its DNS alias is removed, causing the embedded DNS to return SERVFAIL for 'docker'. Codeberg's act runner may also not register the service key as a network alias at all. Add a 'Locate Docker daemon' step that tries the configured DOCKER_HOST first, then falls back to scanning the local /24 for port 2375 so the local Dagger engine can connect to DinD regardless. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 01:27:57 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	c487714b63	fix(ci): add DinD service so local Dagger fallback works when remote engine is down When the remote Dagger engine (stunnel/port 8774) is unreachable, Dagger falls back to a local engine which requires a Docker daemon. The job container does not have /var/run/docker.sock mounted, so the fallback was failing with "connect: no such file or directory". Add a docker:27-dind service to the CI job and set DOCKER_HOST=tcp://docker:2375 so Dagger can start a local engine when the remote engine is unavailable. Also guard the Firebase and Play Store steps in deploy.yml so they are skipped gracefully when the relevant secrets are not configured. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 01:12:11 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	f560d9d921	fix(ci): fall back to local Dagger engine when remote is unreachable The remote Dagger engine probe exits with an error when the server is down, failing CI before any tests run. Change the probe to exit 0 on timeout and print a warning instead; with _DAGGER_RUNNER_HOST unset Dagger will start a local engine and CI can still complete. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 01:00:52 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	9eba422c67	fix(ci): retry Dagger engine probe and prune cache after check The Dagger engine stopped responding (connection refused) after the previous run exhausted disk space and crashed it. Two changes: 1. setup_dagger_remote.sh: retry the nc probe up to 5 times with 30 s delays so a transient crash/restart window doesn't immediately fail the job. 2. ci.yml: add a post-check prune step (if: always()) so the engine cache is cleaned up after every run, reducing the chance of disk exhaustion on the next run. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 00:52:12 +02:00
Thomas SharedInboxandClaude Sonnet 4.6	e7d61e8ee1	fix(ci): prune Dagger cache on disk-space error and before check Previous fix (retry × 3 with 60 s sleep) was not enough: all three attempts still failed because the engine cache stayed full throughout. Add an explicit `dagger query '{ engine { localCache { prune } } }'` call (a) as a proactive step in ci.yml right after the stunnel setup, and (b) inside the retry handler before each back-off sleep (now 90 s instead of 60 s). The prune evicts stale execution-cache snapshots (e.g. old pubspec.lock layers) so fresh disk is available when flutter pub get runs. The `\|\| true` guard makes the prune non-fatal if the query syntax changes between Dagger versions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-24 00:39:40 +02:00
Thomas SharedInbox	0e9d7c907e	fix(ci): retry on disk-space errors in check-dagger Dagger engine occasionally runs out of disk during `flutter pub get` when multiple CI jobs run in parallel. Space typically frees up within ~60 seconds as other containers finish. Add "No space left on device" as a retryable condition with a 60 s back-off so PR runs survive the transient shortage (run 4199480 was the trigger).	2026-05-24 00:23:43 +02:00
Thomas SharedInbox	ae70646ed4	fix: enable core library desugaring for flutter_local_notifications (#183 ) Both isCoreLibraryDesugaringEnabled = true in compileOptions and the coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:2.1.4") dependency are already present in android/app/build.gradle.kts from the earlier fix in #37. This commit closes issue #183 which was opened to track the same requirement.	2026-05-24 00:13:23 +02:00