--- name: Phase 1 task 1.8 decisions description: Key implementation decisions and divergences from spec made during task 1.8 (Gitea CI dry-run workflow) type: project --- # Phase 1 task 1.8 — Gitea CI dry-run workflow decisions ## Core decisions **No `docker/build-push-action`**: Used plain `docker build -t trm-directus:ci .` instead of `docker/build-push-action`. **Why**: `build-push-action` with the docker-container Buildx driver exports the image into a separate buildkitd cache that is NOT accessible to a subsequent `docker run`. The dry-run step needs the image in the local Docker daemon. The processor workflow uses `build-push-action` but it has no post-build dry-run step. **How to apply**: Any Directus workflow variant that needs to run the image after building must use plain `docker build`, not `build-push-action`. **`--network host` + `DB_HOST=localhost`**: Service container is bound via `ports: ['5432:5432']` to the runner's loopback (127.0.0.1:5432). The `docker run` container uses `--network host` to share that namespace, making Postgres reachable as `localhost:5432`. **Why**: The spec draft had a bug — it used `--network host` but set `DB_HOST: postgres`. With host networking, service containers are NOT reachable by their service name; only `localhost` works. The service name (`postgres`) is only resolvable in bridge-network mode. **How to apply**: Always use `DB_HOST=localhost` when pairing `--network host` with a `services:` port-mapped container. **`health-retries 20`**: Raised from spec's default of 10. **Why**: The timescaledb-ha image has a slower startup than plain postgres (init script runs TimescaleDB preload). 10 retries at 5s = 50s max wait; 20 retries = 100s, safer margin. **Portainer step uses `curl -fsS`**: Added `-f` (fail on HTTP error) and `-sS` (silent but show errors). **Why**: Bare `curl -X POST` exits 0 even on a 4xx/5xx response. `-f` makes curl exit non-zero on server errors, so a misconfigured webhook URL surfaces as a workflow failure rather than a silent no-op. **`--health-cmd` includes `-d directus`**: Spec draft had `pg_isready -U directus` without `-d directus`. Added the `-d` flag for precision. **Deliberate divergences from processor workflow**: - No `actions/setup-node`, no `corepack enable`, no `pnpm install` — Directus is not a Node project; no TypeScript to compile or test. - No `docker/setup-buildx-action` — Buildx with docker-container driver sequesters images from `docker run`. - No typecheck/lint/test steps — Phase 1 has no extensions. Phase 5 will add these. - Added `services:` block — processor has no service dependency. - Separate build + dry-run + push steps instead of single `build-push-action`. - `runs-on: ubuntu-22.04` (pinned) vs processor's `ubuntu-latest` (floating).