mirror of
https://github.com/garrytan/gstack.git
synced 2026-05-06 05:35:46 +02:00
Merge remote-tracking branch 'origin/main' into garrytan/plan-tune-skill
Conflicts resolved: - VERSION / package.json: keep 0.19.0.0 (our MINOR bump stays above main's new 0.18.3.0 — community wave v0.18.3.0 + our plan-tune v0.19.0.0 both ship, ours on top). - CHANGELOG.md: preserved both entries in order — v0.19.0.0 (plan-tune) above v0.18.3.0 (community wave). No version gaps. - .github/docker/Dockerfile.ci: main's Hetzner-mirror swap is a better root cause fix than my retry-only patch (route-local for Ubicloud runners, avoids archive.ubuntu.com entirely). Combined: main's mirror swap PLUS my defense-in-depth layers on top (apt retries config, --retry-connrefused on curl, and outer shell-loop retries for apt-get update). Mirror swap solves the root cause; retries handle the rare case where even Hetzner blips. Main added: - v0.18.3.0 (#1028): community wave — Windows cookie import, OpenCode install, permission-prompt cleanup, $B server persistence across Bash calls, cookie picker fix, OpenClaw frontmatter fix. - Dockerfile.ci Hetzner mirror swap (from the same wave). Regenerated all SKILL.md files after merge so they reflect main's design-* template changes AND our question-tuning preamble additions. Full free test suite: 1162 pass, 0 fail, 113 skip across 29 files, 7903 expect() calls. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
@@ -4,18 +4,33 @@ FROM ubuntu:24.04
|
||||
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# Make apt/curl resilient to transient Ubuntu mirror failures.
|
||||
# archive.ubuntu.com periodically returns connection refused on individual
|
||||
# regional IPs; without retry logic a single failed fetch nukes the build.
|
||||
# Switch apt sources to Hetzner's public mirror.
|
||||
# Ubicloud runners (Hetzner FSN1-DC21) hit reliable connection timeouts to
|
||||
# archive.ubuntu.com:80 — observed 90+ second outages on multiple builds.
|
||||
# Hetzner's mirror is publicly accessible from any cloud and route-local for
|
||||
# Ubicloud, so this fixes both reliability and latency. Ubuntu 24.04 uses
|
||||
# the deb822 sources format at /etc/apt/sources.list.d/ubuntu.sources.
|
||||
#
|
||||
# Using HTTP (not HTTPS) intentionally: the base ubuntu:24.04 image ships
|
||||
# without ca-certificates, so HTTPS apt fails with "No system certificates
|
||||
# available." Apt's security model verifies via GPG-signed Release files,
|
||||
# not TLS, so HTTP here is no weaker than the upstream defaults.
|
||||
RUN sed -i \
|
||||
-e 's|http://archive.ubuntu.com/ubuntu|http://mirror.hetzner.com/ubuntu/packages|g' \
|
||||
-e 's|http://security.ubuntu.com/ubuntu|http://mirror.hetzner.com/ubuntu/packages|g' \
|
||||
/etc/apt/sources.list.d/ubuntu.sources
|
||||
|
||||
# Also make apt itself resilient — per-package retries + generous timeouts.
|
||||
# Hetzner's mirror is reliable but individual packages can still blip; the
|
||||
# retry config means a single failed fetch doesn't nuke the whole build.
|
||||
RUN printf 'Acquire::Retries "5";\nAcquire::http::Timeout "30";\nAcquire::https::Timeout "30";\n' \
|
||||
> /etc/apt/apt.conf.d/80-retries
|
||||
|
||||
# System deps (apt retries are wired in above, but also retry the whole step
|
||||
# in case apt-get update itself can't reach any mirror)
|
||||
# System deps (retry apt-get update — even Hetzner can blip occasionally)
|
||||
RUN for i in 1 2 3; do \
|
||||
apt-get update && apt-get install -y --no-install-recommends \
|
||||
git curl unzip ca-certificates jq bc gpg && break || \
|
||||
(echo "apt-get retry $i/3 after failure"; sleep 10); \
|
||||
(echo "apt retry $i/3 after failure"; sleep 10); \
|
||||
done \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
|
||||
Reference in New Issue
Block a user