applications/magicciv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
magicciv/scripts/lib/forge-remote.sh

35 lines
1.5 KiB
Bash
Raw Permalink Normal View History

fix(cloud-dx): repoint forge from dead mc-forge droplet to live forge.mc.uvlava.com The dedicated mc-forge droplet (159.203.170.249:3000/mcadmin) is gone; the forge now rides a shared services box, addressed by the stable hostname forge.mc.uvlava.com/applications. The cloud-DX toolchain still pointed at the dead endpoint, so every worker clone + golden-image build was broken. - scripts/lib/forge-remote.sh: single source of truth — builds the authenticated clone URL from the hostname + ~/.vault/services-forge-token (relocation-proof; no hardcoded IP). Exports MC_FORGE_GIT_REMOTE. - cloud-bringup.sh / dist.sh: source the helper instead of the dead mc_forge_creds + 159.203 URL. Also fix cloud-bringup REPO path to the current @mc/@applications/magicciv location. - settings.local.json autoMode trust block: name the new forge host + 'mc' DO project (was 159.203 + 'mc:dev'), else cloud provisioning is denied as exfil. - cloud-dx-do.md: document the new forge + token. Verified: helper authenticates to the live forge (ls-remote main); scripts parse; JSON valid. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 01:39:54 -04:00
#!/usr/bin/env bash
# Single source of truth for the MC forge git remote used to clone this repo onto
# cloud build/worker boxes. SOURCE it (it `return`s); it exports MC_FORGE_GIT_REMOTE.
#
# Uses the stable HOSTNAME (forge.mc.uvlava.com), never a hardcoded IP — the forge
# is no longer its own droplet, it rides a shared services box and can be moved
# between hosts; the DNS name is the contract, an IP is not. (Old dead endpoint
# was 159.203.170.249:3000/mcadmin — gone.)
#
# Auth = the services forge token (read-only clone is all a worker needs). The
# token is injected into the URL in-process only; callers pass MC_FORGE_GIT_REMOTE
# via PKR_VAR_*/TF_VAR_* ENV (never on argv), per cloud-dx-do.md's creds rule.
#
# Overridable for testing: MC_FORGE_HOST, MC_FORGE_ORG, MC_FORGE_TOKEN_FILE.
: "${MC_FORGE_HOST:=forge.mc.uvlava.com}"
: "${MC_FORGE_ORG:=applications}"
: "${MC_FORGE_TOKEN_FILE:=$HOME/.vault/services-forge-token}"
if [ ! -r "$MC_FORGE_TOKEN_FILE" ]; then
echo "forge-remote: no forge token at $MC_FORGE_TOKEN_FILE" >&2
return 1 2>/dev/null || exit 1
fi
_mc_forge_token="$(cat "$MC_FORGE_TOKEN_FILE")"
if [ -z "$_mc_forge_token" ]; then
echo "forge-remote: forge token file is empty: $MC_FORGE_TOKEN_FILE" >&2
unset _mc_forge_token
return 1 2>/dev/null || exit 1
fi
# Gitea accepts the token as the basic-auth password with user "oauth2".
export MC_FORGE_GIT_REMOTE="https://oauth2:${_mc_forge_token}@${MC_FORGE_HOST}/${MC_FORGE_ORG}/magicciv.git"
unset _mc_forge_token
Reference in a new issue Copy permalink