From dcdb0a15305903583b1f866095629d17394b9c4f Mon Sep 17 00:00:00 2001 From: Zbigniew Sobiecki Date: Mon, 23 Mar 2026 12:05:59 +0000 Subject: [PATCH] fix(ci): inject DATABASE_SSL=false into dev env file before restarting services MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PR #979 tightened DB SSL defaults to rejectUnauthorized: true, but the dev database uses a self-signed certificate. The deploy workflow already passed DATABASE_SSL=false to one-off migration containers via -e flags, but the long-running router and dashboard containers read their env from /opt/services/cascade-dev.env — which never had this variable set. Result: every router startup since that PR crashed at seedAgentDefinitions with "self-signed certificate in certificate chain" before the process could serve any traffic. Add an idempotent step (sed removes any existing line, echo appends the correct value) that runs once per deploy, before docker compose restarts both services. Since both containers share the same env_file, a single write fixes both the router and the dashboard. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/deploy-dev.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index fb15025f..ff804915 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -110,6 +110,11 @@ jobs: cascade-migrator:dev \ npx tsx tools/migrate-project-credentials-reencrypt.ts + - name: Configure DATABASE_SSL for dev (self-signed certificate) + run: | + sed -i '/^DATABASE_SSL=/d' /opt/services/cascade-dev.env + echo 'DATABASE_SSL=false' >> /opt/services/cascade-dev.env + - name: Pull and restart cascade-router-dev run: | cd /opt/services