feat: add v0.1 gitops ci templates

This commit is contained in:
Codex
2026-05-29 11:14:59 +08:00
parent 5deb9fa7fd
commit 4579330462
13 changed files with 760 additions and 16 deletions
+355
View File
@@ -0,0 +1,355 @@
import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
import path from "node:path";
import type { JsonRecord } from "../../src/common/types.js";
import { AgentRunError, errorToJson } from "../../src/common/errors.js";
interface RenderOptions {
outDir: string;
deployFile: string;
catalogFile?: string;
sourceCommit: string;
registryPrefix: string;
requireCatalog: boolean;
check: boolean;
}
interface ArtifactCatalog {
lane: string;
sourceBranch: string;
gitopsBranch: string;
sourceCommitId: string;
services: Array<{ serviceId: string; image: string; digest: string; repositoryDigest: string; imageTag: string }>;
}
export async function runGitopsRenderCli(argv: string[]): Promise<void> {
try {
const options = parseArgs(argv);
const summary = await renderGitops(options);
console.log(JSON.stringify({ ok: true, data: summary }));
} catch (error) {
console.log(JSON.stringify({ ok: false, failureKind: error instanceof AgentRunError ? error.failureKind : "infra-failed", message: error instanceof Error ? error.message : String(error), error: errorToJson(error) }));
process.exitCode = 1;
}
}
export async function renderGitops(options: RenderOptions): Promise<JsonRecord> {
const deploy = JSON.parse(await readFile(options.deployFile, "utf8")) as JsonRecord;
const runtimeNamespace = stringField(deploy, "runtimeNamespace", "agentrun-v01");
const gitopsBranch = stringField(deploy, "gitopsBranch", "v0.1-gitops");
const runtimePath = stringField(deploy, "runtimePath", "deploy/gitops/g14/runtime-v01");
const catalog = await loadCatalog(options, gitopsBranch);
const image = imageForService(catalog, "agentrun-mgr", options);
if (options.check) await rm(options.outDir, { recursive: true, force: true });
await mkdir(path.join(options.outDir, "argocd"), { recursive: true });
await mkdir(path.join(options.outDir, "runtime-v01"), { recursive: true });
await writeFile(path.join(options.outDir, "source.json"), `${JSON.stringify({ lane: "v0.1", sourceCommit: options.sourceCommit, generatedBy: "scripts/agentrun-gitops-render.ts" }, null, 2)}\n`);
await writeFile(path.join(options.outDir, "artifact-catalog.v01.json"), `${JSON.stringify(catalog, null, 2)}\n`);
await writeFile(path.join(options.outDir, "argocd", "project.yaml"), projectYaml(runtimeNamespace));
await writeFile(path.join(options.outDir, "argocd", "application-v01.yaml"), applicationYaml(gitopsBranch, runtimePath, runtimeNamespace));
await writeFile(path.join(options.outDir, "runtime-v01", "kustomization.yaml"), kustomizationYaml());
await writeFile(path.join(options.outDir, "runtime-v01", "namespace.yaml"), namespaceYaml(runtimeNamespace));
await writeFile(path.join(options.outDir, "runtime-v01", "postgres.yaml"), postgresYaml(runtimeNamespace));
await writeFile(path.join(options.outDir, "runtime-v01", "mgr.yaml"), managerYaml(runtimeNamespace, image));
await writeFile(path.join(options.outDir, "runtime-v01", "runner-rbac.yaml"), runnerRbacYaml(runtimeNamespace));
return { outDir: options.outDir, runtimeNamespace, gitopsBranch, runtimePath, image: image.repositoryDigest, sourceCommit: options.sourceCommit };
}
async function loadCatalog(options: RenderOptions, gitopsBranch: string): Promise<ArtifactCatalog> {
if (options.catalogFile) return JSON.parse(await readFile(options.catalogFile, "utf8")) as ArtifactCatalog;
if (options.requireCatalog) throw new AgentRunError("schema-invalid", "artifact catalog is required for promotion render", { httpStatus: 2 });
const digest = `sha256:${"0".repeat(64)}`;
const image = `${options.registryPrefix}/agentrun-mgr:${options.sourceCommit}`;
return {
lane: "v0.1",
sourceBranch: "v0.1",
gitopsBranch,
sourceCommitId: options.sourceCommit,
services: [{ serviceId: "agentrun-mgr", image, digest, repositoryDigest: `${options.registryPrefix}/agentrun-mgr@${digest}`, imageTag: options.sourceCommit }],
};
}
function imageForService(catalog: ArtifactCatalog, serviceId: string, options: RenderOptions): { repositoryDigest: string } {
const service = catalog.services.find((item) => item.serviceId === serviceId);
if (!service) throw new AgentRunError("schema-invalid", `catalog missing service ${serviceId}`, { httpStatus: 2 });
if (!/^sha256:[a-f0-9]{64}$/u.test(service.digest)) throw new AgentRunError("schema-invalid", `catalog service ${serviceId} has invalid digest`, { httpStatus: 2 });
if (options.requireCatalog && service.digest === `sha256:${"0".repeat(64)}`) throw new AgentRunError("schema-invalid", "placeholder digest is not allowed in promotion render", { httpStatus: 2 });
return { repositoryDigest: service.repositoryDigest || `${service.image.slice(0, service.image.lastIndexOf(":"))}@${service.digest}` };
}
function projectYaml(namespace: string): string {
return `apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: agentrun-v01
namespace: argocd
spec:
description: AgentRun v0.1 GitOps lane
sourceRepos:
- git@github.com:pikasTech/agentrun.git
destinations:
- server: https://kubernetes.default.svc
namespace: ${namespace}
clusterResourceWhitelist:
- group: ""
kind: Namespace
namespaceResourceWhitelist:
- group: "*"
kind: "*"
`;
}
function applicationYaml(gitopsBranch: string, runtimePath: string, namespace: string): string {
return `apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: agentrun-g14-v01
namespace: argocd
spec:
project: agentrun-v01
source:
repoURL: git@github.com:pikasTech/agentrun.git
targetRevision: ${gitopsBranch}
path: ${runtimePath}
destination:
server: https://kubernetes.default.svc
namespace: ${namespace}
syncPolicy:
automated:
prune: false
selfHeal: true
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
`;
}
function kustomizationYaml(): string {
return `apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- postgres.yaml
- mgr.yaml
- runner-rbac.yaml
`;
}
function namespaceYaml(namespace: string): string {
return `apiVersion: v1
kind: Namespace
metadata:
name: ${namespace}
labels:
app.kubernetes.io/part-of: agentrun
agentrun.pikastech.local/lane: v0.1
`;
}
function postgresYaml(namespace: string): string {
return `apiVersion: v1
kind: Service
metadata:
name: agentrun-v01-postgres
namespace: ${namespace}
spec:
selector:
app.kubernetes.io/name: agentrun-v01-postgres
ports:
- name: postgres
port: 5432
targetPort: postgres
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: agentrun-v01-postgres
namespace: ${namespace}
spec:
serviceName: agentrun-v01-postgres
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: agentrun-v01-postgres
template:
metadata:
labels:
app.kubernetes.io/name: agentrun-v01-postgres
spec:
containers:
- name: postgres
image: postgres:16-alpine
ports:
- name: postgres
containerPort: 5432
env:
- name: POSTGRES_DB
value: agentrun_v01
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
name: agentrun-v01-postgres
key: username
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: agentrun-v01-postgres
key: password
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 5Gi
`;
}
function managerYaml(namespace: string, image: { repositoryDigest: string }): string {
return `apiVersion: v1
kind: ServiceAccount
metadata:
name: agentrun-v01-mgr
namespace: ${namespace}
---
apiVersion: v1
kind: Service
metadata:
name: agentrun-mgr
namespace: ${namespace}
spec:
selector:
app.kubernetes.io/name: agentrun-mgr
ports:
- name: http
port: 8080
targetPort: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: agentrun-mgr
namespace: ${namespace}
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: agentrun-mgr
template:
metadata:
labels:
app.kubernetes.io/name: agentrun-mgr
annotations:
agentrun.pikastech.local/lane: v0.1
spec:
serviceAccountName: agentrun-v01-mgr
containers:
- name: mgr
image: ${image.repositoryDigest}
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 8080
env:
- name: AGENTRUN_LANE
value: v0.1
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: agentrun-v01-mgr-db
key: DATABASE_URL
readinessProbe:
httpGet:
path: /health/readiness
port: http
livenessProbe:
httpGet:
path: /health/live
port: http
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 800m
memory: 1Gi
`;
}
function runnerRbacYaml(namespace: string): string {
return `apiVersion: v1
kind: ServiceAccount
metadata:
name: agentrun-v01-runner
namespace: ${namespace}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: agentrun-v01-runner-secret-reader
namespace: ${namespace}
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames: ["agentrun-v01-provider-codex"]
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: agentrun-v01-runner-secret-reader
namespace: ${namespace}
subjects:
- kind: ServiceAccount
name: agentrun-v01-runner
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: agentrun-v01-runner-secret-reader
`;
}
function parseArgs(argv: string[]): RenderOptions {
const flags = new Map<string, string | boolean>();
for (let index = 0; index < argv.length; index += 1) {
const item = argv[index] ?? "";
if (!item.startsWith("--")) continue;
const key = item.slice(2);
const next = argv[index + 1];
if (next === undefined || next.startsWith("--")) flags.set(key, true);
else {
flags.set(key, next);
index += 1;
}
}
const options: RenderOptions = {
outDir: stringFlag(flags, "out", "deploy/gitops/g14"),
deployFile: stringFlag(flags, "deploy-file", "deploy/deploy.json"),
sourceCommit: stringFlag(flags, "source-commit", "source-check"),
registryPrefix: stringFlag(flags, "registry-prefix", "127.0.0.1:5000/agentrun"),
requireCatalog: flags.get("require-catalog") === true,
check: flags.get("check") === true,
};
const catalogFile = optionalStringFlag(flags, "catalog");
if (catalogFile) options.catalogFile = catalogFile;
return options;
}
function stringFlag(flags: Map<string, string | boolean>, key: string, fallback: string): string {
const value = flags.get(key);
return typeof value === "string" && value.length > 0 ? value : fallback;
}
function optionalStringFlag(flags: Map<string, string | boolean>, key: string): string | undefined {
const value = flags.get(key);
return typeof value === "string" && value.length > 0 ? value : undefined;
}
function stringField(record: JsonRecord, key: string, fallback: string): string {
const value = record[key];
return typeof value === "string" && value.length > 0 ? value : fallback;
}