Skip to content

ci: disable earthly TLS in bot workflows (settings-hash parity with CI) #1693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
skylar-simoncelli wants to merge 3 commits into
base: main
Choose a base branch
from
Open

ci: disable earthly TLS in bot workflows (settings-hash parity with CI) #1693

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c0f125a
ci: disable earthly TLS in bot workflows (settings-hash parity with CI)
skylar-simoncelli Jun 12, 2026
f96d740
Merge branch 'main' into skylar/bot-workflows-earthly-tls
skylar-simoncelli Jun 12, 2026
1d61c23
Merge branch 'main' into skylar/bot-workflows-earthly-tls
justinfrevert Jun 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .github/workflows/rebuild-chainspec-bot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,16 @@ jobs:
username: MidnightCI
password: ${{ secrets.MIDNIGHTCI_PACKAGES_READ }}

# Self-hosted-runner-specific: earthly's managed buildkitd defaults to TLS
# but no certs are provisioned on the runner. Beyond fixing this job's own
# TLS failure, this keeps the buildkit settings hash byte-identical with
# every other self-hosted earthly caller (see continuous-integration.yml) —
# a mismatched hash makes earthly force-recreate the shared buildkitd,
# cancelling every in-flight build on the box.
- name: Disable earthly TLS (self-hosted runner has no certs)
run: |
echo " tls_enabled: false" >> .earthly/config.yml

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use the same self-hosted Earthly config as CI

On self-hosted runners, the other Earthly workflows source .envrc before invoking Earthly (for example .github/workflows/continuous-integration.yml:648), and .envrc:29-30 switches them to .earthly/config.selfhosted.yml, which includes both tls_enabled: false and buildkit_additional_args: ["-m", "180Gb"] (.earthly/config.selfhosted.yml:15-20). This bot still runs with EARTHLY_CONFIG: .earthly/config.yml, so appending only TLS leaves its BuildKit settings hash different from CI and the chainspec bot can still force-recreate the shared earthly-buildkitd on each run. Use the same self-hosted config (or source .envrc) for the bot invocation instead of patching the default config.

Useful? React with 👍 / 👎.


- name: Run rebuild-chainspec
env:
EARTHLY_CONFIG: .earthly/config.yml
Expand Down
10 changes: 10 additions & 0 deletions .github/workflows/rebuild-metadata-bot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,16 @@ jobs:
username: MidnightCI
password: ${{ secrets.MIDNIGHTCI_PACKAGES_READ }}

# Self-hosted-runner-specific: earthly's managed buildkitd defaults to TLS
# but no certs are provisioned on the runner. Beyond fixing this job's own
# TLS failure, this keeps the buildkit settings hash byte-identical with
# every other self-hosted earthly caller (see continuous-integration.yml) —
# a mismatched hash makes earthly force-recreate the shared buildkitd,
# cancelling every in-flight build on the box.
- name: Disable earthly TLS (self-hosted runner has no certs)
run: |
echo " tls_enabled: false" >> .earthly/config.yml

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 22, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Use the same self-hosted Earthly config as CI

On self-hosted runners, the other Earthly workflows source .envrc before invoking Earthly (for example .github/workflows/continuous-integration.yml:184), and .envrc:29-30 switches them to .earthly/config.selfhosted.yml, which includes both tls_enabled: false and buildkit_additional_args: ["-m", "180Gb"] (.earthly/config.selfhosted.yml:15-20). This bot still runs with EARTHLY_CONFIG: .earthly/config.yml, so appending only TLS leaves its BuildKit settings hash different from CI and the metadata bot can still force-recreate the shared earthly-buildkitd on each run. Use the same self-hosted config (or source .envrc) for the bot invocation instead of patching the default config.

Useful? React with 👍 / 👎.


- name: Run rebuild-metadata
env:
EARTHLY_CONFIG: .earthly/config.yml
Expand Down
Loading