From ee4ccacab0c84357a3b2660dc427a213f4d5301e Mon Sep 17 00:00:00 2001
From: jwinterm <johnwmurphy@gmail.com>
Date: Tue, 19 May 2026 15:01:59 -0400
Subject: [PATCH 1/2] iOS sim: skip artifact upload, just copy .app to
 workspace/dist
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Mac runner spawns each job in a Docker container (via Docker Desktop).
The container has its own /etc/hosts and DNS — the host's hosts entries
don't propagate. DNS for git.such.software resolves to the public IP,
the container can't NAT-hairpin back to its own WAN IP, ECONNREFUSED.

actions/upload-artifact is doubly silly when the runner IS the Gitea
server. Copy the .zip to $GITHUB_WORKSPACE/dist/ instead. That dir
is mounted from the host, so it persists at:
  /Users/such-git/.cache/act/<runner-id>/hostexecutor/dist/

Find latest:
  find /Users/such-git/.cache/act -name 'hash_wallet_ios_sim_*.zip'     -exec ls -lt {} + 2>/dev/null | head

Step also echoes the exact path + a find command in the build log.
---
 .github/workflows/build-ios-sim.yml | 30 +++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build-ios-sim.yml b/.github/workflows/build-ios-sim.yml
index 4a0d6fa6..3bb2b934 100644
--- a/.github/workflows/build-ios-sim.yml
+++ b/.github/workflows/build-ios-sim.yml
@@ -272,9 +272,27 @@ jobs:
           cd build/ios/iphonesimulator
           zip -r hash_wallet_ios_sim_${{ github.sha }}.zip Runner.app
 
-      - name: Upload .app artifact
-        uses: actions/upload-artifact@v3
-        with:
-          name: hash-wallet-ios-sim-${{ github.sha }}
-          path: build/ios/iphonesimulator/hash_wallet_ios_sim_*.zip
-          retention-days: 14
+      # actions/upload-artifact pushes to Gitea's API over HTTPS. From inside
+      # the Docker container on the Mac runner, that resolves to the public IP
+      # and fails on NAT hairpin. Since the runner and Gitea are the same
+      # machine, just copy the .app to a host-visible dir instead. github.workspace
+      # is a path mounted from the host, so anything written there survives the
+      # container teardown and is accessible from the Mac filesystem at:
+      #   ~/.cache/act/<runner-id>/hostexecutor/dist/
+      - name: Save .app to workspace/dist (host-accessible)
+        run: |
+          set -x
+          DIST_DIR="${{ github.workspace }}/dist"
+          mkdir -p "$DIST_DIR"
+          cp "build/ios/iphonesimulator/hash_wallet_ios_sim_${{ github.sha }}.zip" "$DIST_DIR/"
+          echo
+          echo "============================================================"
+          echo "Build artifact saved to workspace/dist/"
+          echo
+          echo "On the Mac filesystem, find it at:"
+          echo "  /Users/such-git/.cache/act/<recent>/hostexecutor/dist/hash_wallet_ios_sim_${{ github.sha }}.zip"
+          echo
+          echo "Or just:"
+          echo "  find /Users/such-git/.cache/act -name 'hash_wallet_ios_sim_${{ github.sha }}.zip' 2>/dev/null"
+          echo "============================================================"
+          ls -la "$DIST_DIR/"
-- 
2.50.1 (Apple Git-155)


From 6c765a6e0e24ca4d42c38a0d39ce028b68d91364 Mon Sep 17 00:00:00 2001
From: jwinterm <johnwmurphy@gmail.com>
Date: Tue, 19 May 2026 15:30:13 -0400
Subject: [PATCH 2/2] iOS sim: write /etc/hosts at job runtime so
 upload-artifact can reach Gitea
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Mac runner doesn't honor changes to the host's /etc/hosts (whether
because of act_runner sandboxing, container isolation, or DNS caching).
Instead of fighting that, override /etc/hosts INSIDE the runner's job
environment, right before the upload step.

Resolution priority:
  1. host.docker.internal — magic name in Docker Desktop containers
     that resolves to the Mac host. Use this if available.
  2. 127.0.0.1 — works for host-mode runners (runs natively on Mac).

NODE_TLS_REJECT_UNAUTHORIZED=0 (already set) bypasses the self-signed
cert Gitea presents on its internal listener.

Brought back actions/upload-artifact so the .app lands in Gitea's
Actions UI like APK + AAB.
---
 .github/workflows/build-ios-sim.yml | 57 ++++++++++++++++++-----------
 1 file changed, 35 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/build-ios-sim.yml b/.github/workflows/build-ios-sim.yml
index 3bb2b934..80eade0e 100644
--- a/.github/workflows/build-ios-sim.yml
+++ b/.github/workflows/build-ios-sim.yml
@@ -272,27 +272,40 @@ jobs:
           cd build/ios/iphonesimulator
           zip -r hash_wallet_ios_sim_${{ github.sha }}.zip Runner.app
 
-      # actions/upload-artifact pushes to Gitea's API over HTTPS. From inside
-      # the Docker container on the Mac runner, that resolves to the public IP
-      # and fails on NAT hairpin. Since the runner and Gitea are the same
-      # machine, just copy the .app to a host-visible dir instead. github.workspace
-      # is a path mounted from the host, so anything written there survives the
-      # container teardown and is accessible from the Mac filesystem at:
-      #   ~/.cache/act/<runner-id>/hostexecutor/dist/
-      - name: Save .app to workspace/dist (host-accessible)
+      # Make git.such.software resolve to something the runner can actually
+      # reach. Independent of whether the Mac's /etc/hosts has an entry,
+      # we override at job runtime — inside whatever environment this step
+      # actually runs in (native shell, Docker container, etc.). Try
+      # host.docker.internal first (Docker Desktop's host gateway). Fall
+      # back to 127.0.0.1 (works for host-mode runners).
+      - name: Force git.such.software to resolve locally
         run: |
           set -x
-          DIST_DIR="${{ github.workspace }}/dist"
-          mkdir -p "$DIST_DIR"
-          cp "build/ios/iphonesimulator/hash_wallet_ios_sim_${{ github.sha }}.zip" "$DIST_DIR/"
-          echo
-          echo "============================================================"
-          echo "Build artifact saved to workspace/dist/"
-          echo
-          echo "On the Mac filesystem, find it at:"
-          echo "  /Users/such-git/.cache/act/<recent>/hostexecutor/dist/hash_wallet_ios_sim_${{ github.sha }}.zip"
-          echo
-          echo "Or just:"
-          echo "  find /Users/such-git/.cache/act -name 'hash_wallet_ios_sim_${{ github.sha }}.zip' 2>/dev/null"
-          echo "============================================================"
-          ls -la "$DIST_DIR/"
+          echo "=== before ==="
+          cat /etc/hosts | tail -10 || true
+          getent hosts git.such.software 2>/dev/null || nslookup git.such.software 2>/dev/null || true
+
+          if getent hosts host.docker.internal >/dev/null 2>&1; then
+            TARGET=host.docker.internal
+          else
+            TARGET=127.0.0.1
+          fi
+          echo "Pointing git.such.software → $TARGET"
+          # Remove any prior entry, append ours. sudo if available, plain
+          # write otherwise (root in containers, or NOPASSWD sudo).
+          if command -v sudo >/dev/null; then
+            sudo sh -c "sed -i.bak '/git\\.such\\.software/d' /etc/hosts; echo '$TARGET git.such.software' >> /etc/hosts"
+          else
+            sed -i.bak '/git\.such\.software/d' /etc/hosts
+            echo "$TARGET git.such.software" >> /etc/hosts
+          fi
+          echo "=== after ==="
+          cat /etc/hosts | tail -5
+          getent hosts git.such.software || nslookup git.such.software || true
+
+      - name: Upload .app artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: hash-wallet-ios-sim-${{ github.sha }}
+          path: build/ios/iphonesimulator/hash_wallet_ios_sim_*.zip
+          retention-days: 14
-- 
2.50.1 (Apple Git-155)