fix(forgejo): raise git-op timeouts + lower gc.auto to stop push-mirror timeouts

The tripit Forgejo->GitHub push-mirror silently stalled: `git cat-file --batch-all-objects` over the NFS-backed repo exceeded the default git deadline once ~4500 loose objects accumulated (gc.auto's 6700 threshold hadn't fired), so pushes stopped reaching GitHub and prod deploys stalled. Raise [git.timeout] (DEFAULT/MIRROR/GC) so a slow object enumeration can't abort the mirror, and set [git.config] gc.auto=1000 so post-push autogc + the git_gc_repos cron keep repos packed (the real fix). A one-off forced gc already unblocked tripit; this prevents recurrence across all repos. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-20 08:08:50 +00:00 · 2026-06-20 08:08:50 +00:00 · 910d589205
commit 910d589205
parent 45bed1c133
1 changed files with 28 additions and 0 deletions
--- a/stacks/forgejo/main.tf
+++ b/stacks/forgejo/main.tf
@ -205,6 +205,34 @@ resource "kubernetes_deployment" "forgejo" {
            name  = "FORGEJO__repository__DISABLE_DOWNLOAD_SOURCE_ARCHIVES"
            value = "true"
          }
+          # --- Mirror / git-op resilience (2026-06-19 incident). The tripit
+          # push-mirror to GitHub silently stopped: `git cat-file --batch-all-objects`
+          # over the NFS-backed repo blew the default git-op deadline (~360s) once
+          # loose objects piled up (~4500). Forgejo's git_gc_repos cron only runs
+          # `gc --auto`, whose 6700-loose threshold hadn't fired, so the repo stayed
+          # unpacked and enumeration kept slowing until the mirror aborted with
+          # "context deadline exceeded". Two-part durable fix:
+          #   1) raise git-op timeouts so a slow enumeration never aborts a
+          #      mirror/gc ([git.timeout], seconds);
+          #   2) lower gc.auto so post-push autogc + the cron keep repos PACKED —
+          #      the real fix ([git.config] gc.auto).
+          # Dotted section/key names use the _0X2E_ env-to-ini escape.
+          env {
+            name  = "FORGEJO__git_0X2E_timeout__DEFAULT"
+            value = "3600"
+          }
+          env {
+            name  = "FORGEJO__git_0X2E_timeout__MIRROR"
+            value = "3600"
+          }
+          env {
+            name  = "FORGEJO__git_0X2E_timeout__GC"
+            value = "1800"
+          }
+          env {
+            name  = "FORGEJO__git_0X2E_config__gc_0X2E_auto"
+            value = "1000"
+          }
          # --- Open-signup bot prevention + mailer (appended so the diff vs the
          # pre-signup deployment stays purely additive). ---
          # Cloudflare Turnstile captcha on the registration form (widget