applications/magicciv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
magicciv/scripts/lib/forge-remote.sh
Natalie ab8fd4d707
Some checks are pending
ci / regression gate (push) Waiting to run
Details
fix(cloud-dx): repoint forge from dead mc-forge droplet to live forge.mc.uvlava.com 
The dedicated mc-forge droplet (159.203.170.249:3000/mcadmin) is gone; the forge
now rides a shared services box, addressed by the stable hostname
forge.mc.uvlava.com/applications. The cloud-DX toolchain still pointed at the dead
endpoint, so every worker clone + golden-image build was broken.

- scripts/lib/forge-remote.sh: single source of truth — builds the authenticated
  clone URL from the hostname + ~/.vault/services-forge-token (relocation-proof;
  no hardcoded IP). Exports MC_FORGE_GIT_REMOTE.
- cloud-bringup.sh / dist.sh: source the helper instead of the dead
  mc_forge_creds + 159.203 URL. Also fix cloud-bringup REPO path to the current
  @mc/@applications/magicciv location.
- settings.local.json autoMode trust block: name the new forge host + 'mc' DO
  project (was 159.203 + 'mc:dev'), else cloud provisioning is denied as exfil.
- cloud-dx-do.md: document the new forge + token.

Verified: helper authenticates to the live forge (ls-remote main); scripts parse;
JSON valid.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 01:39:54 -04:00

34 lines
1.5 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# Single source of truth for the MC forge git remote used to clone this repo onto
# cloud build/worker boxes. SOURCE it (it `return`s); it exports MC_FORGE_GIT_REMOTE.
#
# Uses the stable HOSTNAME (forge.mc.uvlava.com), never a hardcoded IP — the forge
# is no longer its own droplet, it rides a shared services box and can be moved
# between hosts; the DNS name is the contract, an IP is not. (Old dead endpoint
# was 159.203.170.249:3000/mcadmin — gone.)
#
# Auth = the services forge token (read-only clone is all a worker needs). The
# token is injected into the URL in-process only; callers pass MC_FORGE_GIT_REMOTE
# via PKR_VAR_*/TF_VAR_* ENV (never on argv), per cloud-dx-do.md's creds rule.
#
# Overridable for testing: MC_FORGE_HOST, MC_FORGE_ORG, MC_FORGE_TOKEN_FILE.
: "${MC_FORGE_HOST:=forge.mc.uvlava.com}"
: "${MC_FORGE_ORG:=applications}"
: "${MC_FORGE_TOKEN_FILE:=$HOME/.vault/services-forge-token}"
if [ ! -r "$MC_FORGE_TOKEN_FILE" ]; then
echo "forge-remote: no forge token at $MC_FORGE_TOKEN_FILE" >&2
return 1 2>/dev/null || exit 1
fi
_mc_forge_token="$(cat "$MC_FORGE_TOKEN_FILE")"
if [ -z "$_mc_forge_token" ]; then
echo "forge-remote: forge token file is empty: $MC_FORGE_TOKEN_FILE" >&2
unset _mc_forge_token
return 1 2>/dev/null || exit 1
fi
# Gitea accepts the token as the basic-auth password with user "oauth2".
export MC_FORGE_GIT_REMOTE="https://oauth2:${_mc_forge_token}@${MC_FORGE_HOST}/${MC_FORGE_ORG}/magicciv.git"
unset _mc_forge_token
Reference in a new issue View git blame Copy permalink