caddy-shortcuts: regression after Forgejo port nuked 4 sites #120

New issue

Closed

opened 2026-05-25 05:26:41 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-25 05:26:41 +00:00

Owner

Copy link

After the port in #118, the first runner-side dispatch deleted 4 valid sites files (api.caddy, eco-jobs-tracker.caddy, eco-mcp.caddy, galaxy-gen.caddy) even though at least eco-jobs-tracker and galaxy-gen have a valid coily.yaml on Forgejo with tailnet.shortcut set.

Local repro of the new script crashed with TypeError: list indices must be integers or slices, not str — the Forgejo contents endpoint returned a list shape for some repo (presumably a directory match) and the script wasn't defending against that.

Fixes in this commit:

1. fetch_config now requires result["type"] == "file" before treating the response as a file payload.
2. reconcile refuses to delete more than half the existing sites in one run — a guardrail against future enumeration regressions silently nuking everything.
3. Dropped FORGEJO_TOKEN from the regenerate step: Forgejo's auto-injected GITHUB_TOKEN is scoped to the current repo only and can't read siblings; the script now relies on public-repo reads. Private repos with shortcuts won't render until a broader-scope token is set up (separate follow-up).
4. New coily caddy-shortcuts dry_run=1 verb (Makefile target) for local testing.

After the port in #118, the first runner-side dispatch deleted 4 valid sites files (`api.caddy`, `eco-jobs-tracker.caddy`, `eco-mcp.caddy`, `galaxy-gen.caddy`) even though at least eco-jobs-tracker and galaxy-gen have a valid `coily.yaml` on Forgejo with `tailnet.shortcut` set. Local repro of the new script crashed with `TypeError: list indices must be integers or slices, not str` — the Forgejo `contents` endpoint returned a list shape for some repo (presumably a directory match) and the script wasn't defending against that. Fixes in this commit: 1. `fetch_config` now requires `result["type"] == "file"` before treating the response as a file payload. 2. `reconcile` refuses to delete more than half the existing sites in one run — a guardrail against future enumeration regressions silently nuking everything. 3. Dropped `FORGEJO_TOKEN` from the regenerate step: Forgejo's auto-injected `GITHUB_TOKEN` is scoped to the current repo only and can't read siblings; the script now relies on public-repo reads. Private repos with shortcuts won't render until a broader-scope token is set up (separate follow-up). 4. New `coily caddy-shortcuts dry_run=1` verb (Makefile target) for local testing.

coilysiren referenced this issue from a commit 2026-05-25 05:27:04 +00:00

fix(caddy-shortcuts): defend against list shapes, guardrail mass-deletes (closes https://forgejo.coilysiren.me/coilysiren/infrastructure/issues/120)

coilysiren closed this issue 2026-05-25 05:27:04 +00:00

coilysiren referenced this issue 2026-05-25 05:30:21 +00:00

caddy-shortcuts: render shortcuts from private Forgejo sibling repos #121

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-294

tangled-knot

dispatch/issue-216

No results found.

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/infrastructure#120

No description provided.