fix(ci): wrap GitLab dind TLS env in docker context so buildx accepts it

The build-backend and build-frontend jobs were failing immediately after identity verification finally allocated runners: $ docker buildx create --use --name multiarch --driver docker-container ERROR: could not create a builder instance with TLS data loaded from environment. Please use `docker context create <context-name>` to create a context for current environment and then create a builder instance with context set to <context-name> The dind service exports DOCKER_HOST=tcp://docker:2376 + DOCKER_TLS_CERTDIR=/certs, but buildx --driver docker-container doesn't read TLS from those env vars directly. Documented GitLab fix: create an empty `docker context` (which inherits the current TLS env), then bind buildx to that context name as a positional arg. After this lands, the multi-arch buildx jobs should actually build and push amd64 + arm64 images to registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest Surfaced by the post-verification pipeline at https://gitlab.com/bigbodycobain/Shadowbroker/-/pipelines/2550501798 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
chore(ci): bump comment in .gitlab-ci.yml to verify post-verification runner allocation (#329 )
2026-06-09 07:43:59 +02:00 · 2026-05-25 01:57:02 -06:00 · 2026-05-25 01:54:08 -06:00 · 2026-05-25 01:16:12 -06:00 · 2026-05-24 21:55:54 -06:00
2 changed files with 12 additions and 4 deletions
@@ -13,6 +13,10 @@
 #   2. Reverse-mirrors main back to GitHub (only if commits land directly
 #      on GitLab) so the two sources stay in sync.
 #
+# Pipelines on this repo were instant-failing for free-tier accounts until
+# identity verification was added — the May 2026 bump in this comment is
+# the marker commit that confirms runner allocation after verification.
+#
 # Auth notes:
 #   - The image build/push uses $CI_JOB_TOKEN, which GitLab provides
 #     automatically. No credentials need to be configured.
@@ -48,7 +52,11 @@ variables:
    - docker info
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_JOB_TOKEN" "$CI_REGISTRY"
    - docker run --privileged --rm tonistiigi/binfmt --install all
-    - docker buildx create --use --name multiarch --driver docker-container
+    # buildx --driver docker-container can't read TLS from the env vars
+    # the GitLab dind service exports. Wrap them in a docker context and
+    # bind buildx to it. See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#use-docker-buildx
+    - docker context create tls-env
+    - docker buildx create --use --name multiarch --driver docker-container tls-env

 # ── Backend image ────────────────────────────────────────────────────────
 build-backend:
@@ -43,8 +43,8 @@
    "ShadowBroker_0.9.8_x64_en-US.msi": "fe22f9d51e4360d74c18a7250c2fbb9ed4fa4c7a884b3ac0d04a21115466386b"
  },
  "v0.9.81": {
-    "ShadowBroker_v0.9.81.zip": "af8c87ccdece8fbb9aadc6be63cce10d3fcba74e6d87ef83289dda6d555fd270",
-    "ShadowBroker_0.9.81_x64-setup.exe": "4e866fa0423c0c2470ed32f4809167a7815dc23ee7762b69e95681c1f3a28250",
-    "ShadowBroker_0.9.81_x64_en-US.msi": "8977c9a1c54e1f0d030436be9c4e3d81d766cc0080699eb747649095f360c7ff"
+    "ShadowBroker_v0.9.81.zip": "f81f454bdc88e9a32c351df38212b8cfa624704d65764b971bb091eef62259c6",
+    "ShadowBroker_0.9.81_x64-setup.exe": "25e9a95d0d8ce959a7d08fe8e7406772ae24b596652793e81d1de5d02510a5a6",
+    "ShadowBroker_0.9.81_x64_en-US.msi": "34e655fc0c0f195ee4ac978f228a4b2b9d5565253b8771aca9ef4693409e9e70"
  }
 }
Author	SHA1	Message	Date
BigBodyCobain	d1b3fae2fa	fix(ci): wrap GitLab dind TLS env in docker context so buildx accepts it The build-backend and build-frontend jobs were failing immediately after identity verification finally allocated runners: $ docker buildx create --use --name multiarch --driver docker-container ERROR: could not create a builder instance with TLS data loaded from environment. Please use `docker context create <context-name>` to create a context for current environment and then create a builder instance with context set to <context-name> The dind service exports DOCKER_HOST=tcp://docker:2376 + DOCKER_TLS_CERTDIR=/certs, but buildx --driver docker-container doesn't read TLS from those env vars directly. Documented GitLab fix: create an empty `docker context` (which inherits the current TLS env), then bind buildx to that context name as a positional arg. After this lands, the multi-arch buildx jobs should actually build and push amd64 + arm64 images to registry.gitlab.com/bigbodycobain/shadowbroker/backend:latest registry.gitlab.com/bigbodycobain/shadowbroker/frontend:latest Surfaced by the post-verification pipeline at https://gitlab.com/bigbodycobain/Shadowbroker/-/pipelines/2550501798 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 01:57:02 -06:00
Shadowbroker	c8a8fc56f8	chore(ci): bump comment in .gitlab-ci.yml to verify post-verification runner allocation (#329 ) Pipelines on the GitLab mirror have been instant-failing with 0 jobs and no started_at since the project was created — classic "shared runners not allocated to unverified free-tier accounts" pattern. The account is now identity-verified; this trivial comment bump exists solely to fire a fresh pipeline that confirms runners now pick up the build-backend and build-frontend jobs. If the resulting pipeline produces real jobs that build the multi-arch images and push them to registry.gitlab.com/bigbodycobain/shadowbroker/{backend,frontend}, the GitLab install path is at full parity with the GitHub one. Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 01:54:08 -06:00
Shadowbroker	e6aba86ce1	chore(release): update v0.9.81 SHA256 digests after rebuild (#328 ) Re-cut v0.9.81 binaries from current main (which now includes the private gate + DM hashchain spool from #326 and the gate-directory test from #327). All three artifacts were signed with the same minisign updater key as the original v0.9.81 release, so existing v0.9.81 installs on Tauri auto-update accept the new bundles. Updated hashes (verified against released assets): - ShadowBroker_v0.9.81.zip f81f454bdc88e9a32c351df38212b8cfa624704d65764b971bb091eef62259c6 - ShadowBroker_0.9.81_x64-setup.exe 25e9a95d0d8ce959a7d08fe8e7406772ae24b596652793e81d1de5d02510a5a6 - ShadowBroker_0.9.81_x64_en-US.msi 34e655fc0c0f195ee4ac978f228a4b2b9d5565253b8771aca9ef4693409e9e70 Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-25 01:16:12 -06:00
Shadowbroker	d5609ac02f	test(infonet): cover gate directory renderer (landing + command variants) (#327 ) Adds the focused test Codex wrote alongside the gate-directory UI work that already shipped in #326 (the `renderGateDirectory` helper used both under the Infonet logo on the landing screen and as the output of the `gates` command in the terminal). The renderer itself is already on origin/main; this PR just ships the test so CI catches regressions to the dual-variant render. Verified locally: - frontend npm run test:ci -- src/__tests__/mesh/infonetShellGateDirectory.test.tsx → 1/1 pass Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-24 21:55:54 -06:00