feat: support env reuse and git mirror in v0.1 cicd

This commit is contained in:
Codex
2026-06-02 00:52:19 +08:00
parent f34312c424
commit df38f605fa
11 changed files with 365 additions and 79 deletions
+53 -11
View File
@@ -18,9 +18,29 @@ interface ArtifactCatalog {
sourceBranch: string;
gitopsBranch: string;
sourceCommitId: string;
services: Array<{ serviceId: string; image: string; digest: string; repositoryDigest: string; imageTag: string }>;
summary?: string;
services: CatalogService[];
}
interface CatalogService {
serviceId: string;
image: string;
digest: string;
repositoryDigest: string;
imageTag: string;
artifactKind?: string;
status?: string;
envIdentity?: string;
envImage?: string;
envDigest?: string;
envRepositoryDigest?: string;
bootCommit?: string;
bootScript?: string;
provenance?: JsonRecord;
}
const defaultBootRepoUrl = "http://git-mirror-http.devops-infra.svc.cluster.local/pikasTech/agentrun.git";
export async function runGitopsRenderCli(argv: string[]): Promise<void> {
try {
const options = parseArgs(argv);
@@ -52,29 +72,39 @@ export async function renderGitops(options: RenderOptions): Promise<JsonRecord>
await writeFile(path.join(options.outDir, "runtime-v01", "postgres.yaml"), postgresYaml(runtimeNamespace));
await writeFile(path.join(options.outDir, "runtime-v01", "mgr.yaml"), managerYaml(runtimeNamespace, image, options.sourceCommit));
await writeFile(path.join(options.outDir, "runtime-v01", "runner-rbac.yaml"), runnerRbacYaml(runtimeNamespace));
return { outDir: options.outDir, runtimeNamespace, gitopsBranch, runtimePath, image: image.repositoryDigest, sourceCommit: options.sourceCommit };
return { outDir: options.outDir, runtimeNamespace, gitopsBranch, runtimePath, image: repositoryDigestForService(image), sourceCommit: options.sourceCommit, envIdentity: image.envIdentity ?? null, artifactStatus: image.status ?? null };
}
async function loadCatalog(options: RenderOptions, gitopsBranch: string): Promise<ArtifactCatalog> {
if (options.catalogFile) return JSON.parse(await readFile(options.catalogFile, "utf8")) as ArtifactCatalog;
if (options.requireCatalog) throw new AgentRunError("schema-invalid", "artifact catalog is required for promotion render", { httpStatus: 2 });
const digest = `sha256:${"0".repeat(64)}`;
const image = `${options.registryPrefix}/agentrun-mgr:${options.sourceCommit}`;
const image = `${options.registryPrefix}/agentrun-mgr-env:${options.sourceCommit}`;
return {
lane: "v0.1",
sourceBranch: "v0.1",
gitopsBranch,
sourceCommitId: options.sourceCommit,
services: [{ serviceId: "agentrun-mgr", image, digest, repositoryDigest: `${options.registryPrefix}/agentrun-mgr@${digest}`, imageTag: options.sourceCommit }],
summary: "build=1 reuse=0 unsafeReuse=0",
services: [{ serviceId: "agentrun-mgr", artifactKind: "env-reuse", status: "placeholder", image, digest, repositoryDigest: `${options.registryPrefix}/agentrun-mgr-env@${digest}`, imageTag: options.sourceCommit, envIdentity: options.sourceCommit, envImage: image, envDigest: digest, envRepositoryDigest: `${options.registryPrefix}/agentrun-mgr-env@${digest}`, bootCommit: options.sourceCommit, bootScript: "deploy/runtime/boot/agentrun-boot.sh" }],
};
}
function imageForService(catalog: ArtifactCatalog, serviceId: string, options: RenderOptions): { repositoryDigest: string } {
function imageForService(catalog: ArtifactCatalog, serviceId: string, options: RenderOptions): CatalogService {
const service = catalog.services.find((item) => item.serviceId === serviceId);
if (!service) throw new AgentRunError("schema-invalid", `catalog missing service ${serviceId}`, { httpStatus: 2 });
if (!/^sha256:[a-f0-9]{64}$/u.test(service.digest)) throw new AgentRunError("schema-invalid", `catalog service ${serviceId} has invalid digest`, { httpStatus: 2 });
if (options.requireCatalog && service.digest === `sha256:${"0".repeat(64)}`) throw new AgentRunError("schema-invalid", "placeholder digest is not allowed in promotion render", { httpStatus: 2 });
return { repositoryDigest: service.repositoryDigest || `${service.image.slice(0, service.image.lastIndexOf(":"))}@${service.digest}` };
const digest = service.envDigest ?? service.digest;
if (!/^sha256:[a-f0-9]{64}$/u.test(digest)) throw new AgentRunError("schema-invalid", `catalog service ${serviceId} has invalid digest`, { httpStatus: 2 });
if (options.requireCatalog && digest === `sha256:${"0".repeat(64)}`) throw new AgentRunError("schema-invalid", "placeholder digest is not allowed in promotion render", { httpStatus: 2 });
return service;
}
function repositoryDigestForService(service: CatalogService): string {
if (service.envRepositoryDigest) return service.envRepositoryDigest;
if (service.repositoryDigest) return service.repositoryDigest;
const image = service.envImage ?? service.image;
const digest = service.envDigest ?? service.digest;
return `${image.slice(0, image.lastIndexOf(":"))}@${digest}`;
}
function projectYaml(namespace: string): string {
@@ -209,7 +239,9 @@ spec:
`;
}
function managerYaml(namespace: string, image: { repositoryDigest: string }, sourceCommit: string): string {
function managerYaml(namespace: string, image: CatalogService, sourceCommit: string): string {
const imageRef = repositoryDigestForService(image);
const envIdentity = image.envIdentity ?? image.imageTag ?? "unknown";
return `apiVersion: v1
kind: ServiceAccount
metadata:
@@ -245,11 +277,13 @@ spec:
app.kubernetes.io/name: agentrun-mgr
annotations:
agentrun.pikastech.local/lane: v0.1
agentrun.pikastech.local/source-commit: ${JSON.stringify(sourceCommit)}
agentrun.pikastech.local/env-identity: ${JSON.stringify(envIdentity)}
spec:
serviceAccountName: agentrun-v01-mgr
containers:
- name: mgr
image: ${image.repositoryDigest}
image: ${imageRef}
imagePullPolicy: IfNotPresent
ports:
- name: http
@@ -264,12 +298,20 @@ spec:
key: DATABASE_URL
- name: AGENTRUN_SOURCE_COMMIT
value: ${JSON.stringify(sourceCommit)}
- name: AGENTRUN_BOOT_COMMIT
value: ${JSON.stringify(sourceCommit)}
- name: AGENTRUN_BOOT_MODE
value: mgr
- name: AGENTRUN_BOOT_REPO_URL
value: ${JSON.stringify(defaultBootRepoUrl)}
- name: AGENTRUN_ENV_IDENTITY
value: ${JSON.stringify(envIdentity)}
- name: AGENTRUN_RUNTIME_NAMESPACE
value: ${JSON.stringify(namespace)}
- name: AGENTRUN_INTERNAL_MGR_URL
value: ${JSON.stringify(`http://agentrun-mgr.${namespace}.svc.cluster.local:8080`)}
- name: AGENTRUN_RUNNER_IMAGE
value: ${JSON.stringify(image.repositoryDigest)}
value: ${JSON.stringify(imageRef)}
- name: AGENTRUN_RUNNER_SERVICE_ACCOUNT
value: "agentrun-v01-runner"
readinessProbe: