forgejo_admin/pal-e-mcp
1
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

fix: use internal Forgejo URL for PyPI publish #17

Merged
forgejo_admin merged 1 commit from 16-fix-pypi-publish-internal-url into main 2026-03-06 15:41:44 +00:00
Conversation 1 Commits 1 Files changed 1 +1 -2
forgejo_admin commented 2026-03-06 15:35:25 +00:00
Owner
Copy link

Summary

Replace the FORGEJO_PYPI_URL environment variable (sourced from a Woodpecker secret pointing to the external Tailscale funnel) with a hardcoded internal k8s service URL. This eliminates TLS EOF errors that occur when twine uploads packages through the funnel from inside the cluster.

Changes

  • .woodpecker.yml -- changed FORGEJO_PYPI_URL from from_secret: forgejo_pypi_url to hardcoded http://forgejo-http.forgejo.svc.cluster.local/api/packages/forgejo_admin/pypi

Test Plan

  • YAML validates: python3 -c "import yaml; yaml.safe_load(open('.woodpecker.yml'))"
  • Push to main triggers pipeline with all steps passing (clone, lint, publish)

Review Checklist

  • Only .woodpecker.yml modified
  • No unrelated changes
  • Credentials (user/token) still sourced from secrets
  • YAML syntax validated

Related Notes

  • Plan: todo-woodpecker-tls-clone-fix (traceability)
  • Forgejo issue: #16
  • Issue #14 -- clone fix (same TLS funnel root cause)
## Summary Replace the `FORGEJO_PYPI_URL` environment variable (sourced from a Woodpecker secret pointing to the external Tailscale funnel) with a hardcoded internal k8s service URL. This eliminates TLS EOF errors that occur when twine uploads packages through the funnel from inside the cluster. ## Changes - `.woodpecker.yml` -- changed `FORGEJO_PYPI_URL` from `from_secret: forgejo_pypi_url` to hardcoded `http://forgejo-http.forgejo.svc.cluster.local/api/packages/forgejo_admin/pypi` ## Test Plan - [ ] YAML validates: `python3 -c "import yaml; yaml.safe_load(open('.woodpecker.yml'))"` - [ ] Push to main triggers pipeline with all steps passing (clone, lint, publish) ## Review Checklist - [x] Only `.woodpecker.yml` modified - [x] No unrelated changes - [x] Credentials (user/token) still sourced from secrets - [x] YAML syntax validated ## Related Notes - Plan: `todo-woodpecker-tls-clone-fix` (traceability) - Forgejo issue: #16 - Issue #14 -- clone fix (same TLS funnel root cause)
fix: use internal Forgejo URL for PyPI publish step
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
f272eaefd3 
Replace from_secret FORGEJO_PYPI_URL with hardcoded internal k8s service
URL to avoid TLS EOF errors through the Tailscale funnel.

Closes #16

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
forgejo_admin commented 2026-03-06 15:37:20 +00:00
Author
Owner
Copy link

PR #17 Review

BLOCKERS

None.

NITS

  1. Hardcoded internal URL -- The URL http://forgejo-http.forgejo.svc.cluster.local/api/packages/forgejo_admin/pypi bakes in the Forgejo namespace (forgejo), service name (forgejo-http), and package owner (forgejo_admin). If any of these change, the pipeline silently breaks. Consider adding a comment in the YAML noting this dependency. Non-blocking since this matches the pattern already established in PR #15 for the clone URL fix.

  2. Plan slug prefix -- The Related section references todo-woodpecker-tls-clone-fix. The todo- prefix is atypical compared to the plan- prefix convention seen in other repos. Not blocking -- just noting for consistency awareness.

SOP COMPLIANCE

  • Branch named after issue (16-fix-pypi-publish-internal-url -> issue #16)
  • PR body follows template (Summary, Changes, Test Plan, Related)
  • Related section references plan slug (todo-woodpecker-tls-clone-fix)
  • No secrets committed (credentials still sourced from Woodpecker secrets)
  • No unnecessary file changes (1 file, 1 addition, 2 deletions -- tightly scoped)
  • References parent issue #16 in PR body

SUMMARY

Minimal, well-scoped fix. Replaces the external Tailscale funnel URL (sourced from a Woodpecker secret) with a hardcoded k8s-internal service URL for PyPI publishing. This eliminates TLS EOF errors when twine uploads from inside the cluster. The approach is consistent with the clone URL fix in PR #15 (issue #14). Credentials remain properly sourced from secrets. No security concerns.

VERDICT: APPROVED

## PR #17 Review ### BLOCKERS None. ### NITS 1. **Hardcoded internal URL** -- The URL `http://forgejo-http.forgejo.svc.cluster.local/api/packages/forgejo_admin/pypi` bakes in the Forgejo namespace (`forgejo`), service name (`forgejo-http`), and package owner (`forgejo_admin`). If any of these change, the pipeline silently breaks. Consider adding a comment in the YAML noting this dependency. Non-blocking since this matches the pattern already established in PR #15 for the clone URL fix. 2. **Plan slug prefix** -- The Related section references `todo-woodpecker-tls-clone-fix`. The `todo-` prefix is atypical compared to the `plan-` prefix convention seen in other repos. Not blocking -- just noting for consistency awareness. ### SOP COMPLIANCE - [x] Branch named after issue (`16-fix-pypi-publish-internal-url` -> issue #16) - [x] PR body follows template (Summary, Changes, Test Plan, Related) - [x] Related section references plan slug (`todo-woodpecker-tls-clone-fix`) - [x] No secrets committed (credentials still sourced from Woodpecker secrets) - [x] No unnecessary file changes (1 file, 1 addition, 2 deletions -- tightly scoped) - [x] References parent issue #16 in PR body ### SUMMARY Minimal, well-scoped fix. Replaces the external Tailscale funnel URL (sourced from a Woodpecker secret) with a hardcoded k8s-internal service URL for PyPI publishing. This eliminates TLS EOF errors when twine uploads from inside the cluster. The approach is consistent with the clone URL fix in PR #15 (issue #14). Credentials remain properly sourced from secrets. No security concerns. ### VERDICT: APPROVED
forgejo_admin deleted branch 16-fix-pypi-publish-internal-url 2026-03-06 15:41:44 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-mcp!17
No description provided.