From f9beb7ad4030fb54a3be4beb0e96d4a7cc14bf93 Mon Sep 17 00:00:00 2001
From: Kevin Riehl <kevinriehl@gmail.com>
Date: Wed, 13 May 2026 12:46:11 -0700
Subject: [PATCH] fix(ci): better diagnostics for Harbor pre-check
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Mirror the backend fix — the curl exit code 6 (DNS failure) was
propagating as a bare step failure with no useful message. Echo the
URL, strip protocol prefix from HARBOR_HOST defensively, and turn
each curl outcome into a clear error or warning.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 40 ++++++++++++++++++++++++++++++----------
 1 file changed, 30 insertions(+), 10 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 7a6f12c..f0c49cc 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -111,16 +111,36 @@ jobs:
           HARBOR_USERNAME: ${{ secrets.MOVIELOOP_USERNAME }}
           HARBOR_PASSWORD: ${{ secrets.MOVIELOOP_PASSWORD }}
         run: |
-          set -eu
-          url="https://${HARBOR_HOST}/api/v2.0/projects/${HARBOR_PROJECT}/repositories/${IMAGE_NAME}/artifacts/${VERSION}/tags"
-          code=$(curl -s -o /dev/null -w "%{http_code}" -u "${HARBOR_USERNAME}:${HARBOR_PASSWORD}" "${url}")
-          if [ "$code" = "200" ]; then
-            echo "::error::Tag ${HARBOR_PROJECT}/${IMAGE_NAME}:${VERSION} already exists in Harbor. Bump package.json before merging."
-            exit 1
-          fi
-          if [ "$code" != "404" ]; then
-            echo "::warning::Unexpected status ${code} checking ${url} — proceeding."
-          fi
+          set -u
+          # Defensive: strip protocol prefix and trailing slash in case the
+          # HARBOR_HOST secret was pasted as a full URL.
+          host="${HARBOR_HOST#https://}"
+          host="${host#http://}"
+          host="${host%/}"
+          url="https://${host}/api/v2.0/projects/${HARBOR_PROJECT}/repositories/${IMAGE_NAME}/artifacts/${VERSION}/tags"
+          echo "Checking: ${url}"
+          code=$(curl -s -o /dev/null -w "%{http_code}" -u "${HARBOR_USERNAME}:${HARBOR_PASSWORD}" "${url}" || echo "000")
+          echo "HTTP status: ${code}"
+          case "$code" in
+            200)
+              echo "::error::Tag ${HARBOR_PROJECT}/${IMAGE_NAME}:${VERSION} already exists in Harbor. Bump package.json before merging."
+              exit 1
+              ;;
+            404)
+              echo "Version ${VERSION} not yet published — proceeding."
+              ;;
+            000)
+              echo "::error::curl could not reach https://${host} (likely DNS or network). Check that the HARBOR_HOST secret is a bare hostname (no https://, no trailing slash) and that this runner can resolve it."
+              exit 1
+              ;;
+            401|403)
+              echo "::error::Harbor auth failed (HTTP ${code}). Check MOVIELOOP_USERNAME / MOVIELOOP_PASSWORD and that the robot account has read access on project '${HARBOR_PROJECT}'."
+              exit 1
+              ;;
+            *)
+              echo "::warning::Unexpected status ${code} from Harbor — proceeding."
+              ;;
+          esac
 
       - name: Log in to Harbor
         env: