fix: override clone URL to use internal Forgejo service #15

Merged

forgejo_admin merged 1 commit from 14-fix-woodpecker-clone-url into main 2026-03-06 15:29:08 +00:00

Conversation 1 Commits 1 Files changed 1 +6

forgejo_admin commented 2026-03-06 15:24:24 +00:00

Owner

Copy link

Summary

• Override Woodpecker's default clone URL to use the internal Forgejo k8s service, bypassing the Tailscale funnel that causes TLS EOF errors during git clone.

Changes

• .woodpecker.yml: added clone section with woodpeckerci/plugin-git image and remote set to http://forgejo-http.forgejo.svc.cluster.local/forgejo_admin/pal-e-docs-mcp.git. No changes to existing steps, when filters, or secrets.

Test Plan

• Push to main triggers a successful pipeline (clone step passes)
• YAML validated: python3 -c "import yaml; yaml.safe_load(open('.woodpecker.yml'))"
• No regressions in lint or publish steps

Review Checklist

• Passed automated review-fix loop
• No secrets committed
• No unnecessary file changes
• Commit messages are descriptive

Related Notes

• todo-woodpecker-tls-clone-fix -- documented root cause
• project-pal-e-platform -- platform stability
• Forgejo issue: #14

## Summary - Override Woodpecker's default clone URL to use the internal Forgejo k8s service, bypassing the Tailscale funnel that causes TLS EOF errors during git clone. ## Changes - `.woodpecker.yml`: added `clone` section with `woodpeckerci/plugin-git` image and `remote` set to `http://forgejo-http.forgejo.svc.cluster.local/forgejo_admin/pal-e-docs-mcp.git`. No changes to existing steps, when filters, or secrets. ## Test Plan - [ ] Push to main triggers a successful pipeline (clone step passes) - [ ] YAML validated: `python3 -c "import yaml; yaml.safe_load(open('.woodpecker.yml'))"` - [ ] No regressions in lint or publish steps ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related Notes - `todo-woodpecker-tls-clone-fix` -- documented root cause - `project-pal-e-platform` -- platform stability - Forgejo issue: #14

forgejo_admin added 1 commit 2026-03-06 15:24:24 +00:00

fix: override clone URL to use internal Forgejo service ... d68ebc6318

Woodpecker's clone plugin gets the repo URL from Forgejo's API, which
returns the external https://forgejo.tail5b443a.ts.net URL. Git's HTTP
transport hits a TLS EOF when connecting through the Tailscale funnel.
Override with the internal k8s service URL to bypass the funnel.

Closes #14

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

forgejo_admin commented 2026-03-06 15:26:49 +00:00

Author

Owner

Copy link

PR #15 Review

BLOCKERS

None.

NITS

1. Hardcoded repo in clone URL -- The remote value http://forgejo-http.forgejo.svc.cluster.local/forgejo_admin/pal-e-docs-mcp.git is specific to this repo. Any other repo with the same TLS clone issue will need its own clone override. Consider whether Woodpecker supports environment variable interpolation in clone settings (e.g., ${CI_REPO}) to make this portable. Not a blocker -- just something to keep in mind if this pattern spreads to many repos.

2. HTTP (not HTTPS) for internal traffic -- Using plain HTTP for intra-cluster communication is standard and correct here, since the traffic stays within the k8s cluster. Just calling it out as an intentional, reasonable choice.

SOP COMPLIANCE

• Branch named after issue (14-fix-woodpecker-clone-url references #14)
• PR body has Summary, Changes, Test Plan, Related sections
• Related section references context notes and issue #14
• No secrets or credentials committed
• No unnecessary file changes (1 file, 6 lines, tightly scoped)
• Commit message is descriptive (fix: override clone URL to use internal Forgejo service)

VERDICT: APPROVED

Clean, minimal fix. The clone override correctly bypasses the Tailscale funnel TLS issue by routing git clone through the internal k8s service. Six lines, one file, no side effects.

## PR #15 Review ### BLOCKERS None. ### NITS 1. **Hardcoded repo in clone URL** -- The `remote` value `http://forgejo-http.forgejo.svc.cluster.local/forgejo_admin/pal-e-docs-mcp.git` is specific to this repo. Any other repo with the same TLS clone issue will need its own clone override. Consider whether Woodpecker supports environment variable interpolation in clone settings (e.g., `${CI_REPO}`) to make this portable. Not a blocker -- just something to keep in mind if this pattern spreads to many repos. 2. **HTTP (not HTTPS) for internal traffic** -- Using plain HTTP for intra-cluster communication is standard and correct here, since the traffic stays within the k8s cluster. Just calling it out as an intentional, reasonable choice. ### SOP COMPLIANCE - [x] Branch named after issue (`14-fix-woodpecker-clone-url` references #14) - [x] PR body has Summary, Changes, Test Plan, Related sections - [x] Related section references context notes and issue #14 - [x] No secrets or credentials committed - [x] No unnecessary file changes (1 file, 6 lines, tightly scoped) - [x] Commit message is descriptive (`fix: override clone URL to use internal Forgejo service`) ### VERDICT: APPROVED Clean, minimal fix. The clone override correctly bypasses the Tailscale funnel TLS issue by routing git clone through the internal k8s service. Six lines, one file, no side effects.

forgejo_admin merged commit 56a893976d into main 2026-03-06 15:29:08 +00:00

forgejo_admin deleted branch 14-fix-woodpecker-clone-url 2026-03-06 15:29:08 +00:00

forgejo_admin referenced this pull request from a commit 2026-03-06 15:29:09 +00:00

fix: override clone URL to use internal Forgejo service (#15)

forgejo_admin referenced this pull request 2026-03-06 15:37:20 +00:00

fix: use internal Forgejo URL for PyPI publish #17

forgejo_admin referenced this pull request 2026-03-14 22:24:41 +00:00

chore: remove per-repo clone URL override from .woodpecker.yml #39

forgejo_admin referenced this pull request from a commit 2026-03-14 22:25:03 +00:00

chore: remove per-repo clone URL override from .woodpecker.yml

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

domain:backend

  

domain:devops

  

domain:frontend

  

status:approved

QA passed, awaiting merge approval

  

status:in-progress

Dev agent is actively working

  

status:needs-fix

QA found issues, back to dev

  

status:qa

PR submitted, awaiting QA review

  

type:bug

Bug fix

  

type:devops

Infrastructure/CI/config work

  

type:feature

New functionality

No labels

domain:backend

domain:devops

domain:frontend

status:approved

status:in-progress

status:needs-fix

status:qa

type:bug

type:devops

type:feature

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

forgejo_admin/pal-e-mcp!15

No description provided.