From 4d35fa3da0cb4c87c664edd2240d96619065c6bc Mon Sep 17 00:00:00 2001
From: gnezim <gnezim@gmail.com>
Date: Wed, 29 Apr 2026 12:04:23 +0300
Subject: [PATCH] release-verify: simplify SSH tunnel setup, remove gost config

---
 .gitea/workflows/gost.yaml          | 54 -----------------------------
 .gitea/workflows/release-verify.yml | 41 ++++++----------------
 2 files changed, 11 insertions(+), 84 deletions(-)
 delete mode 100644 .gitea/workflows/gost.yaml

diff --git a/.gitea/workflows/gost.yaml b/.gitea/workflows/gost.yaml
deleted file mode 100644
index c41e477d..00000000
--- a/.gitea/workflows/gost.yaml
+++ /dev/null
@@ -1,54 +0,0 @@
-services:
-  - name: http-8888
-    addr: "0.0.0.0:8888"
-    handler: { type: http, chain: chain-smart }
-    listener: { type: tcp }
-
-  - name: socks-1081
-    addr: "127.0.0.1:1081"
-    handler: { type: socks5, chain: chain-smart }
-    listener: { type: tcp }
-
-chains:
-  - name: chain-smart
-    hops:
-      - name: tim-via-webzavod
-        addr: 127.0.0.1:1180
-        connector: { type: socks5 }
-        dialer: { type: tcp }
-        bypass: tim-whitelist
-
-      - name: default-socks
-        addr: 127.0.0.1:1080
-        connector: { type: socks5 }
-        dialer: { type: tcp }
-        bypass: tim-blacklist
-
-bypasses:
-  - name: tim-whitelist
-    whitelist: true
-    matchers:
-      - ".webzavod.ru"
-      - ".devwebzavod.ru"
-      - ".aeroflot.ru"
-      - "webzavod.ru"
-      - "devwebzavod.ru"
-      - "aeroflot.ru"
-      - "46.235.186.67"
-      - "195.209.66.54"
-      - "195.209.82.146"
-      - "46.235.189.158"
-
-  - name: tim-blacklist
-    whitelist: false
-    matchers:
-      - ".webzavod.ru"
-      - ".devwebzavod.ru"
-      - ".aeroflot.ru"
-      - "webzavod.ru"
-      - "devwebzavod.ru"
-      - "aeroflot.ru"
-      - "46.235.186.67"
-      - "195.209.66.54"
-      - "195.209.82.146"
-      - "46.235.189.158"
diff --git a/.gitea/workflows/release-verify.yml b/.gitea/workflows/release-verify.yml
index e1c9cd69..49cbce15 100644
--- a/.gitea/workflows/release-verify.yml
+++ b/.gitea/workflows/release-verify.yml
@@ -32,54 +32,35 @@ jobs:
         # `Could not resolve host`.
         run: echo "46.235.186.67 flights-ui.devwebzavod.ru" | sudo tee -a /etc/hosts
 
-      - name: Set up gost proxy with TIM VPN routing
+      - name: Set up SSH tunnel to TIM VPN
         # The customer URL (flights-ui.devwebzavod.ru) is only accessible
         # through the TIM VPN tunnel via webzavod (Ubuntu jump host).
-        # Set up gost with conditional routing: TIM domains → SSH SOCKS to webzavod.
+        # Use SSH dynamic port forwarding (-D) to create a SOCKS proxy.
         env:
           SSH_PRIVATE_KEY: ${{ secrets.WEBZAVOD_SSH_KEY }}
         run: |
-          # Install gost if not present
-           if ! command -v gost &> /dev/null; then
-             echo "Installing gost..."
-             curl -fsSL https://github.com/ginuerzh/gost/releases/download/v2.12.0/gost_2.12.0_linux_amd64.tar.gz | tar -xz -C /tmp
-             sudo mv /tmp/gost /usr/local/bin/
-             sudo chmod +x /usr/local/bin/gost
-           fi
-          echo "gost version: $(gost -V)"
-
           # Set up SSH SOCKS tunnel to webzavod (TIM jump host)
-          # Use the SSH private key from secrets
           echo "$SSH_PRIVATE_KEY" | base64 -d > /tmp/webzavod_key
           chmod 600 /tmp/webzavod_key
           ssh -Nf -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+            -D 127.0.0.1:1080 \
             -i /tmp/webzavod_key \
-            -D 127.0.0.1:1180 gnezim@192.168.88.58
-          echo "SSH SOCKS tunnel established on port 1180"
+            gnezim@192.168.88.58
+          echo "SSH SOCKS tunnel established on port 1080"
 
-          # Copy gost config from repo
-          cp .gitea/workflows/gost.yaml /tmp/gost.yaml
-          echo "gost config copied to /tmp/gost.yaml"
-
-          # Start gost with the config
-          gost -C /tmp/gost.yaml -L :8888 &
-          GOST_PID=$!
-          echo "gost started with PID $GOST_PID"
-
-          # Wait for gost to be ready
+          # Wait for SSH tunnel to be ready
           for i in {1..30}; do
-            if curl -s -x http://127.0.0.1:8888 http://127.0.0.1:8888 > /dev/null 2>&1; then
-              echo "gost is ready"
+            if curl -s -x socks5h://127.0.0.1:1080 http://127.0.0.1:1080 > /dev/null 2>&1; then
+              echo "SSH tunnel is ready"
               break
             fi
             sleep 1
           done
 
-          # Export proxy environment variables
-          echo "HTTP_PROXY=http://127.0.0.1:8888" >> $GITHUB_ENV
-          echo "ALL_PROXY=socks5h://127.0.0.1:1081" >> $GITHUB_ENV
+          # Export proxy environment variables for curl
+          echo "ALL_PROXY=socks5h://127.0.0.1:1080" >> $GITHUB_ENV
           echo "API_BASE_URL=https://flights.test.aeroflot.ru/api" >> $GITHUB_ENV
-          echo "Exported HTTP_PROXY, ALL_PROXY, and API_BASE_URL"
+          echo "Exported ALL_PROXY and API_BASE_URL"
 
       - name: Wait for customer URL
         id: wait_customer