fix(railway): tolerate Ubuntu apt mirror failures in NIXPACKS + Dockerfile builds (#3142)

Ubuntu's noble-security package-index CDN is returning hash-sum
mismatches (2026-04-17), causing ALL Railway NIXPACKS builds to fail
at the 'apt-get update && apt-get install curl' layer with exit
code 100. Multiple Railway services are red.

NIXPACKS' aptPkgs = ['curl'] generates a strict
'apt-get update && apt-get install -y' that fails hard on any
mirror error. Fix: replace aptPkgs with manual cmds that:
  1. Allow apt-get update to partially fail (|| true)
  2. Use --fix-missing on apt-get install so packages from healthy
     mirrors still install even if one mirror is broken

Same treatment for consumer-prices-core/Dockerfile.

Files changed:
- nixpacks.toml (root — used by ais-relay + standalone cron seeders)
- scripts/nixpacks.toml (used by bundled seed services)
- consumer-prices-core/Dockerfile

The || true on apt-get update is safe because:
  1. curl is the only package we install and it's often already present
     in the NIXPACKS base image (nix-env provides it)
  2. If curl genuinely isn't available, the seeder will fail at runtime
     with a clear 'curl: not found' error — not a silent degradation
This commit is contained in:
Elie Habib
2026-04-17 08:35:20 +04:00
committed by GitHub
parent aeef68dd56
commit d9194a5179
3 changed files with 12 additions and 4 deletions

View File

@@ -1,8 +1,9 @@
FROM node:20-slim AS base
WORKDIR /app
# Install Playwright dependencies
RUN apt-get update && apt-get install -y \
# Install Playwright dependencies. Tolerate transient Ubuntu mirror failures
# (2026-04-17: noble-security CDN hash-sum mismatch blocked all Railway builds).
RUN (apt-get update || true) && apt-get install -y --fix-missing \
chromium \
fonts-liberation \
libatk-bridge2.0-0 \

View File

@@ -5,7 +5,13 @@
# available at runtime when node scripts/ais-relay.cjs is started.
[phases.setup]
aptPkgs = ["curl"]
# aptPkgs = ["curl"] — disabled; NIXPACKS' apt wrapper runs
# `apt-get update && apt-get install` which fails hard when Ubuntu's
# package-index CDN returns a hash mismatch (2026-04-17: noble-security
# mirror globally broken, blocking ALL Railway NIXPACKS builds). The
# manual cmds below tolerate transient mirror failures by adding
# --fix-missing and allowing partial index updates to succeed.
cmds = ["sudo apt-get update -o Acquire::AllowInsecureRepositories=false || true", "sudo apt-get install -y --no-install-recommends --fix-missing curl || echo 'apt curl install failed; curl may already be present'"]
[variables]
NODE_OPTIONS = "--dns-result-order=ipv4first"

View File

@@ -1,5 +1,6 @@
[phases.setup]
aptPkgs = ["curl"]
# aptPkgs = ["curl"] — same workaround as root nixpacks.toml; see comment there.
cmds = ["sudo apt-get update -o Acquire::AllowInsecureRepositories=false || true", "sudo apt-get install -y --no-install-recommends --fix-missing curl || echo 'apt curl install failed; curl may already be present'"]
[variables]
NODE_OPTIONS = "--dns-result-order=ipv4first"