fix(ci): point Gitea Actions runners at public instance URL

The in-cluster service DNS (`gitea.git.svc.cluster.local`) is not resolvable from build containers running with `network: host`. The runner config has an `extra_hosts` mapping for this name, but `host` networking shares the host's network namespace and bypasses the container-level hosts file — which silently nullifies the mapping. Symptom: every Gitea Actions run on `dharma-el` (and any other neuron-technologies repo that has CI defined) failed at the first `actions/checkout` step with `Could not resolve host: gitea.git.svc.cluster.local`. CI had never actually validated for that org. Fix: register both the `will` and `neuron-technologies` runners with the public URL `https://git.neuralplatform.ai`. The runner polls Gitea over Cloudflare, and the build container's clone URL is derived from the runner's instance URL, so it inherits a name the build container can resolve. Also bumped `config-version` annotations on both runner deployments to force a rolling restart — the init container needs to re-register with the new URL. Trade-off: the runner now polls Gitea over Cloudflare instead of directly on the cluster network. Latency cost is small relative to build time, and the failure mode is gone.
2026-05-04 15:52:10 -05:00
2 changed files with 13 additions and 6 deletions
@@ -8,7 +8,7 @@ metadata:
  labels:
    app: gitea-runner
  annotations:
-    config-version: "2026-05-04-docker-sock-fix"
+    config-version: "2026-05-04-public-instance-url"
 spec:
  replicas: 1
  selector:
@@ -19,7 +19,7 @@ spec:
      labels:
        app: gitea-runner
      annotations:
-        config-version: "2026-05-04-docker-sock-fix"
+        config-version: "2026-05-04-public-instance-url"
    spec:
      securityContext:
        runAsNonRoot: false
@@ -92,7 +92,7 @@ metadata:
  labels:
    app: neuron-technologies-runner
  annotations:
-    config-version: "2026-05-04-docker-sock-fix"
+    config-version: "2026-05-04-public-instance-url"
 spec:
  replicas: 2
  selector:
@@ -103,7 +103,7 @@ spec:
      labels:
        app: neuron-technologies-runner
      annotations:
-        config-version: "2026-05-04-docker-sock-fix"
+        config-version: "2026-05-04-public-instance-url"
    spec:
      securityContext:
        runAsNonRoot: false
@@ -17,7 +17,13 @@ spec:
    creationPolicy: Owner
    template:
      data:
-        GITEA_INSTANCE_URL: "http://gitea.git.svc.cluster.local:3000"
+        # Public URL — the in-cluster name (gitea.git.svc.cluster.local) is
+        # not resolvable from build containers running with `network: host`,
+        # which causes `git fetch` to fail at the very first checkout step.
+        # The runner polls Gitea over Cloudflare; the latency cost is small
+        # and the build container's clone URL is derived from this instance,
+        # so it has to be a name the build container can resolve.
+        GITEA_INSTANCE_URL: "https://git.neuralplatform.ai"
        GITEA_RUNNER_REGISTRATION_TOKEN: "{{ .runner_token }}"
  data:
    - secretKey: runner_token
@@ -41,7 +47,8 @@ spec:
    creationPolicy: Owner
    template:
      data:
-        GITEA_INSTANCE_URL: "http://gitea.git.svc.cluster.local:3000"
+        # Public URL — see commentary on the gitea-runner-secret above.
+        GITEA_INSTANCE_URL: "https://git.neuralplatform.ai"
        GITEA_RUNNER_REGISTRATION_TOKEN: "{{ .runner_token }}"
  data:
    - secretKey: runner_token