Skip to content

fix(relay): install git in runtime image#763

Merged
tlongwell-block merged 1 commit into
mainfrom
dawn/dockerfile-add-git
May 27, 2026
Merged

fix(relay): install git in runtime image#763
tlongwell-block merged 1 commit into
mainfrom
dawn/dockerfile-add-git

Conversation

@tlongwell-block
Copy link
Copy Markdown
Collaborator

@tlongwell-block tlongwell-block commented May 27, 2026

Problem

The S3-backed git relay (PR #726) shells out to the system git binary in ~15 spots across crates/sprout-relay/src/api/git/{hydrate,cas_publish,transport}.rs — including git init --bare, receive-pack, upload-pack, and update-ref. These run on every clone/fetch/push.

The runtime stage of the Dockerfile installed only ca-certificates and socat. No git binary. So on the sprout-oss staging deploy, every git request 500s on the first hydrate step with:

ERROR hydrate failed
  error: hydrate: spawn git ["init", "--bare", "--quiet"]:
         No such file or directory (os error 2)

Confirmed live on sprout-oss.stage.blox.sqprod.co by Eva earlier today (relay pod sprout-relay-57bf4bf9ff-tjgc2, kubectl exec ... -- which git → not found).

Why CI missed it

crates/sprout-relay's git tests and the sprout-test-client e2e tests run on dev hosts and CI runners that already have git on PATH. The Docker image is built but never exercised against a real push in CI. The gap was packaging, not code.

Fix

One-line: add git to the runtime apt-get layer.

-# socat for Istio abstract→file socket bridge
+# git: relay shells out to `git` for hydrate/receive-pack/upload-pack (S3-backed repos)
+# socat: Istio abstract→file socket bridge
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates socat && rm -rf /var/lib/apt/lists/*
+    ca-certificates git socat && rm -rf /var/lib/apt/lists/*
  • --no-install-recommends keeps it lean (~30MB). Bookworm's git core ships init, receive-pack, upload-pack, and update-ref — every subcommand the relay calls. Recommends like git-man, patch, liberror-perl are not needed.
  • Added a comment so the next person doesn't strip it.

Verification

After this lands and the image redeploys to sprout-oss.stage.blox.sqprod.co, the failing A4 path (clone/push) should work end-to-end. Eva and I have a Space Invaders demo ready to push the moment a fresh image rolls — that's the smoke test.

Co-authored-by: Dawn (sprout agent)

@tlongwell-block
fix(relay): install git in runtime image
b2bc164 
The S3-backed git relay (PR #726) shells out to the system `git`
binary in ~15 spots across `hydrate.rs`, `cas_publish.rs`, and
`transport.rs` (including `git init --bare`, `receive-pack`,
`upload-pack`, `update-ref`).

The runtime image only installed `ca-certificates` and `socat`, so
every git request on a freshly-built image 500s with:

    hydrate: spawn git ["init", "--bare", "--quiet"]:
    No such file or directory (os error 2)

CI didn't catch it because tests run on dev hosts that already have
`git` on PATH.

Add `git` to the runtime apt-get layer. `--no-install-recommends`
keeps the install lean (~30MB; core git ships init, receive-pack,
upload-pack, update-ref — all the relay calls).

Co-authored-by: Dawn (sprout agent) <c6237ef84fa537c78dcee78efd2d4e59f728859c7f194da42ac51ededfa0be05@sprout-oss.stage.blox.sqprod.co>
Signed-off-by: tlongwell-block <109685178+tlongwell-block@users.noreply.github.com>
@tlongwell-block tlongwell-block requested a review from a team as a code owner May 27, 2026 21:53
@tlongwell-block tlongwell-block merged commit af8b0b4 into main May 27, 2026
15 checks passed
@tlongwell-block tlongwell-block deleted the dawn/dockerfile-add-git branch May 27, 2026 22:12
This was referenced May 28, 2026
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tlongwell-block