fix: fix connecting to clickhouse from edge servers

[NathanFlurry]

Fixes RVT-4647

[cloudflare-workers-and-pages]

Deploying rivet with    Cloudflare Pages

Latest commit:	794228f
Status:	🚫  Build failed.

View logs

[greptile-apps]

PR Summary

Implements TLS support for ClickHouse connections from edge servers with a temporary certificate validation bypass.

• Added tokio-native-tls dependency in packages/common/pools/Cargo.toml for TLS connection handling
• Modified packages/common/pools/src/db/clickhouse.rs to use custom TLS configuration with danger_accept_invalid_certs (temporary fix for RVT-4649)
• Potential security concern: Using unwrap() on TLS builder could cause runtime panics
• Security risk: Accepting invalid certificates needs to be addressed before production deployment

_{2 file(s) reviewed, 1 comment(s)
Edit PR Review Bot Settings | Greptile}

[greptile-apps]

logic: Replace unwrap() with proper error handling to prevent potential panics

Suggested change

	.build()
	.unwrap();
	.build()
	.map_err(|e| Error::Global(Box::new(e)))?;

[NathanFlurry]

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

• chore(system-test): add tick log every second #2129
• fix: fix connecting to clickhouse from edge servers #2128 👈 (View in Graphite)
• fix(docker-compose): remove invalid health check from otel-collector #2127
• fix: ship actor logs to correct clickhouse database & table #2126
• fix(system-test): fix isolates use of hono #2124
• docs: add helm rollback troubleshooting guide #2123
• chore: bump version from 5.1.2 to 25.1.3 #2122
• chore: add load test for actor lifecycle containers #2110 : 1 other dependent PR (#2121 )
• feat(cli): add experimental rivet shell command #2113
• chore(cli): disable shell cmd for adapter in clean envs #2112
• fix: update actor kv keys #2120
• fix(pb): fix actor wf #2119
• fix: fdb tuples, actor lost kill #2118
• fix: get sqlite working on edge #2099
• fix: get sqlite working on edge #2097 : 1 other dependent PR (#2098 )
• fix: add otel to install scripts #2092
• chore: combine ds into pb #2089
• fix(docker): auto-create otel database #2088
• fix(runtime): remove forcing tokio core count to 2 #2087
• chore(runtime): add otel support to runtime #2085
• chore(hub-embed): disable all node-related code if hub building is disabled #2084
• chore: optimizations and such #2086
• feat: add grafana to docker compose #2083
• chore(pools): rewrite sqlite manager to run without locks using scc #2082
• fix: add metrics for wf engine #2076
• fix: various bug fixes #2069
• fix(ds): ds list #2066
• fix(job-runner): fix build pack in job-runner Dockerfile #2064
• fix(fdb): conflict ranges #2063
• chore: add basic load test #2060
• feat: add support for JSON5/JSONC config files #2059
• fix(docker): fix corepack not enabled error #2058
• fix(workflows): fix activity error backoff, in memory polling #2062
• feat(workflows): implement metrics for fdb driver #2057
• fix: move actor state to fdb #2056
• chore: add fdb-backed sqlite driver #2046
• fix: force amd64 platform for FDB tests #2049
• chore: add native fdb library to path #2045
• chore: add timeout flag to docker-compose down #2048
• feat: add fdb cli #2051
• feat(workflows): impl db debug for fdb driver #2040
• feat(workflows): abstract debug trait #2033
• fix: get edge api access over gg #2032
• fix: get actors running e2e on edge #2027
• fix: get tunnels working, fix tls, wf bug fix #2025
• fix: get stuff building #2020
• fix(cluster): write install script for worker pool #2009
• feat(clusters): add worker pool type #2008
• feat(pb, ds): move to edge #1942
• chore(workflows): move wf gc and metrics publish into worker #1943
• chore: restructure server binaries #1941
• fix(workflows): allow op ctx to do all the things #1938
• feat: fdb sqlite workflows driver #1850
• chore: enable git-lfs in release workflow #1987 : 1 other dependent PR (#1991 )
• chore(docker/monolith): remove unneeded apt-transport-https dep #1985
• fix(frontend/packages/icons): fix failling to install @rivet-gg/icons when fontawesome token is not provided #1982
• chore(hub): update dev command to use turbo #1984
• fix(toolchain): fix vergen_git2 -> vergen dependency #1983
• chore: flatten all .gitignores in to root & merge in to .dockerignore #1981
• main

---

How to use the Graphite Merge Queue

Add the label merge-queue to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[linear]

RVT-4647 Fix ClickHouse certs for logs

[cloudflare-workers-and-pages]

Deploying rivet-hub with    Cloudflare Pages

Latest commit:	794228f
Status:	✅  Deploy successful!
Preview URL:	https://21e7a95e.rivet-hub-7jb.pages.dev
Branch Preview URL:	https://03-06-fix-fix-connecting-to.rivet-hub-7jb.pages.dev

View logs

[graphite-app]

Merge activity

• Mar 6, 4:30 AM EST: A user added this pull request to the Graphite merge queue.
• Mar 6, 4:31 AM EST: CI is running for this PR on a draft PR: #2130
• Mar 6, 4:32 AM EST: A user merged this pull request with the Graphite merge queue via draft PR: #2130.