ci: Fix dogfood installation by forcing default configurations (#557)

* ci: Fix dogfood installation by forcing default configurations The dpkg prompt to override config files was appearing, but this will auto-approve it. * Add CAP_NET_BIND_SERVICE to allow listening on :443
2025-07-18 14:17:22 +00:00 · 2022-03-24 14:02:09 -06:00
parent bf00487174
commit d371a66447
2 changed files with 2 additions and 2 deletions
--- a/.github/workflows/coder.yaml
+++ b/.github/workflows/coder.yaml
@ -336,7 +336,7 @@ jobs:
          gcloud config set project coder-dogfood
          gcloud config set compute/zone us-central1-a
          gcloud compute scp ./dist/coder_*_linux_amd64.deb coder:/tmp/coder.deb
-          gcloud compute ssh coder -- sudo dpkg -i /tmp/coder.deb
+          gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
          gcloud compute ssh coder -- sudo systemctl daemon-reload

      - name: Start
--- a/coder.service
+++ b/coder.service
@ -17,7 +17,7 @@ ProtectHome=read-only
 PrivateTmp=yes
 PrivateDevices=yes
 SecureBits=keep-caps
-AmbientCapabilities=CAP_IPC_LOCK
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
 CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
 NoNewPrivileges=yes
 ExecStart=/usr/bin/coder start