ci: Fix dogfood installation by forcing default configurations (#557)

* ci: Fix dogfood installation by forcing default configurations The dpkg prompt to override config files was appearing, but this will auto-approve it. * Add CAP_NET_BIND_SERVICE to allow listening on :443
coder · Mar 24, 2022 · d371a66 · d371a66
1 parent bf00487
commit d371a66
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml
@@ -336,7 +336,7 @@ jobs:
           gcloud config set project coder-dogfood
           gcloud config set compute/zone us-central1-a
           gcloud compute scp ./dist/coder_*_linux_amd64.deb coder:/tmp/coder.deb
-          gcloud compute ssh coder -- sudo dpkg -i /tmp/coder.deb
+          gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
           gcloud compute ssh coder -- sudo systemctl daemon-reload
 
       - name: Start

diff --git a/coder.service b/coder.service
@@ -17,7 +17,7 @@ ProtectHome=read-only
 PrivateTmp=yes
 PrivateDevices=yes
 SecureBits=keep-caps
-AmbientCapabilities=CAP_IPC_LOCK
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
 NoNewPrivileges=yes
 ExecStart=/usr/bin/coder start