akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
3261f5d7a10e0f1833fc56e68e802253d263c5e3
Charon/docs/plans/docker_compose_ci_fix_summary.md
GitHub Actions 60c3336725 COMMIT_MESSAGE_START 
fix(docker): update GeoLite2-Country.mmdb checksum + automation

Fixes critical Docker build failure caused by upstream GeoLite2 database
update without corresponding Dockerfile checksum update.

**Root Cause:**
- GeoLite2-Country.mmdb file updated upstream
- Dockerfile still referenced old SHA256 checksum
- Build aborted at checksum verification (line 352)
- Cascade "blob not found" errors for all COPY commands

**Changes:**
- Update Dockerfile ARG GEOLITE2_COUNTRY_SHA256 to current value
- Add automated weekly checksum update workflow (.github/workflows/update-geolite2.yml)
- Implement error handling: retry logic, format validation, failure notifications
- Document rollback decision matrix with 10 failure scenarios
- Create comprehensive maintenance guide (docs/maintenance/geolite2-checksum-update.md)
- Update CHANGELOG.md and README.md with maintenance references

**Verification:**
- Checksum verified against current upstream file: 436135ee...
- Pre-commit hooks: PASSED (EOF/whitespace auto-fixed)
- Trivy security scan: PASSED (no critical/high issues)
- Dockerfile syntax: VALID
- GitHub Actions YAML: VALID
- No hardcoded secrets or injection vulnerabilities

**Automation Features:**
- Weekly scheduled checks (Monday 2 AM UTC)
- Auto-PR creation when checksum changes
- GitHub issue creation on workflow failure
- Comprehensive error handling and retry logic

**Impact:**
- Unblocks all CI/CD Docker image builds
- Enables publishing to GHCR/Docker Hub
- Prevents future checksum failures via automation
- Zero application code changes (no regression risk)

**Documentation:**
- Implementation plan: docs/plans/geolite2_checksum_fix_spec.md
- QA report: docs/reports/qa_geolite2_checksum_fix.md
- Maintenance guide: docs/maintenance/geolite2-checksum-update.md

**Supervisor Recommendations Implemented:**
- #1: Checksum freshness verification before update
- #3: Rollback decision criteria (10 scenarios)
- #4: Automated workflow error handling

Resolves: https://github.com/Wikid82/Charon/actions/runs/21584236523/job/62188372617
COMMIT_MESSAGE_END
2026-02-02 13:31:56 +00:00

84 lines
2.2 KiB
Markdown
Raw Blame History

# Docker Compose CI Fix - Quick Reference
**Document**: [Full Remediation Plan](docker_compose_ci_fix.md)
**Status**: Ready for Implementation
**Priority**: CRITICAL
---
## Problem
E2E tests failing with:
```
charon-app Error pull access denied for sha256, repository does not exist
```
## Root Cause
The workflow passes **bare SHA256 digest** to Docker Compose:
```yaml
CHARON_E2E_IMAGE_DIGEST: sha256:057a9998...
```
Docker tries to pull from a repository named "sha256" (doesn't exist).
## Solution
Use the **local tag** that already exists after `docker load`:
### Change 1: Workflow
**File**: `.github/workflows/e2e-tests.yml` (line 158)
```diff
- CHARON_E2E_IMAGE_DIGEST: ${{ needs.build.outputs.image_digest }}
+ # Use local tag for pre-built image (loaded from artifact)
+ CHARON_E2E_IMAGE: charon:e2e-test
```
### Change 2: Compose File
**File**: `.docker/compose/docker-compose.playwright-ci.yml` (lines 31-37)
```diff
- # CI default (digest-pinned via workflow output):
- # CHARON_E2E_IMAGE_DIGEST=ghcr.io/wikid82/charon:nightly@sha256:<digest>
- # Local override (tag-based):
+ # CI default: Uses pre-built image loaded from artifact
+ # Set via workflow: CHARON_E2E_IMAGE=charon:e2e-test
+ # Local development: Uses locally built image
+ # Override with: CHARON_E2E_IMAGE=charon:local-dev
- image: ${CHARON_E2E_IMAGE_DIGEST:-${CHARON_E2E_IMAGE:-charon:e2e-test}}
+ image: ${CHARON_E2E_IMAGE:-charon:e2e-test}
```
## Why This Works
| Step | Current (Broken) | Fixed |
|------|-----------------|-------|
| Build | Tags as `charon:e2e-test` | Same |
| Load | Image available as `charon:e2e-test` | Same |
| Compose | Tries to use `sha256:...` ❌ | Uses `charon:e2e-test` ✅ |
## Verification
```bash
# After changes, run locally:
export CHARON_E2E_IMAGE=charon:e2e-test
docker compose -f .docker/compose/docker-compose.playwright-ci.yml config | grep "image:"
# Should output:
# image: charon:e2e-test
```
## Testing
1. Create PR with both changes
2. Monitor `e2e-tests.yml` workflow
3. Verify "Start test environment" step succeeds
4. Confirm health check passes
---
**See [docker_compose_ci_fix.md](docker_compose_ci_fix.md) for full analysis and implementation details.**
Reference in New Issue View Git Blame Copy Permalink