fix: clarify todo note artifact producer

This commit is contained in:
Codex
2026-05-20 03:41:13 +00:00
parent 7d89a5e8bb
commit 00d5066009
3 changed files with 23 additions and 4 deletions
+2 -1
View File
@@ -132,7 +132,8 @@
}, },
"image": { "image": {
"repository": "unidesk/todo-note" "repository": "unidesk/todo-note"
} },
"notes": "External Gitee source repo. CI must fetch https://gitee.com/Lyon1998/todo_note at the requested commit and build that repo's Dockerfile; UniDesk only owns the runtime consumer metadata and Compose integration."
}, },
{ {
"serviceId": "code-queue-mgr", "serviceId": "code-queue-mgr",
+2 -1
View File
@@ -116,7 +116,8 @@ OA Event Flow follows the same master-server Compose artifact flow as Project Ma
Todo Note is an external-source main-server Compose service that follows the standard commit-pinned artifact consumer flow. Todo Note is an external-source main-server Compose service that follows the standard commit-pinned artifact consumer flow.
- The expected source reference remains `https://gitee.com/Lyon1998/todo_note`. - The expected source reference remains `https://gitee.com/Lyon1998/todo_note`.
- The D601 registry artifact must already exist as `127.0.0.1:5000/unidesk/todo-note:<commit>`; the UniDesk `ci publish-user-service` allow-list does not yet build this external-source artifact. - The standard producer is `bun scripts/cli.ts ci publish-user-service --service todo-note --commit <full-sha> --wait-ms 1200000`; it fetches the external Gitee repo at that commit and builds that repo's `Dockerfile`, rather than treating Todo Note as UniDesk-owned source.
- Dev/prod CD require the D601 registry artifact `127.0.0.1:5000/unidesk/todo-note:<commit>` published from that external source.
- Dev CD consumes the same artifact with `bun scripts/cli.ts deploy apply --env dev --service todo-note`; prod CD consumes it with `bun scripts/cli.ts deploy apply --env prod --service todo-note`. - Dev CD consumes the same artifact with `bun scripts/cli.ts deploy apply --env dev --service todo-note`; prod CD consumes it with `bun scripts/cli.ts deploy apply --env prod --service todo-note`.
- The Compose runtime injects `UNIDESK_TODO_NOTE_DEPLOY_REF`, `UNIDESK_TODO_NOTE_DEPLOY_SERVICE_ID`, `UNIDESK_TODO_NOTE_DEPLOY_REPO`, `UNIDESK_TODO_NOTE_DEPLOY_COMMIT`, and `UNIDESK_TODO_NOTE_DEPLOY_REQUESTED_COMMIT`; the consumer health probe must return matching `deploy.commit` and `deploy.requestedCommit`. - The Compose runtime injects `UNIDESK_TODO_NOTE_DEPLOY_REF`, `UNIDESK_TODO_NOTE_DEPLOY_SERVICE_ID`, `UNIDESK_TODO_NOTE_DEPLOY_REPO`, `UNIDESK_TODO_NOTE_DEPLOY_COMMIT`, and `UNIDESK_TODO_NOTE_DEPLOY_REQUESTED_COMMIT`; the consumer health probe must return matching `deploy.commit` and `deploy.requestedCommit`.
- `server rebuild todo-note` remains a maintenance/local rebuild path only. It is not the standard versioned release truth for Todo Note. - `server rebuild todo-note` remains a maintenance/local rebuild path only. It is not the standard versioned release truth for Todo Note.
+19 -2
View File
@@ -201,6 +201,17 @@ function repoNeedsGithubSshIdentity(repoFetchUrl: string): boolean {
return repoFetchUrl.startsWith("git@github.com:"); return repoFetchUrl.startsWith("git@github.com:");
} }
function repoConnectivityProbeUrl(repoFetchUrl: string): string {
const sshMatch = /^git@([^:]+):/u.exec(repoFetchUrl);
if (sshMatch !== null) return `https://${sshMatch[1]}`;
try {
const parsed = new URL(repoFetchUrl);
return `${parsed.protocol}//${parsed.host}`;
} catch {
return repoFetchUrl.startsWith("https://gitee.com/") ? "https://gitee.com" : "https://github.com";
}
}
function requireRepoRelativePath(path: string, label: string): string { function requireRepoRelativePath(path: string, label: string): string {
if (path.length === 0 || path.startsWith("/") || path.includes("\0") || path.split("/").includes("..")) { if (path.length === 0 || path.startsWith("/") || path.includes("\0") || path.split("/").includes("..")) {
throw new Error(`${label} must be a repo-relative path`); throw new Error(`${label} must be a repo-relative path`);
@@ -768,6 +779,7 @@ async function prepareUserServiceArtifactSource(config: UniDeskConfig, options:
const sourceHostPath = options.sourceHostPath; const sourceHostPath = options.sourceHostPath;
const repoCache = `/home/ubuntu/.unidesk/ci/git/${safePathToken(options.serviceId)}.git`; const repoCache = `/home/ubuntu/.unidesk/ci/git/${safePathToken(options.serviceId)}.git`;
const repoFetchUrl = repoSshUrl(options.repoUrl); const repoFetchUrl = repoSshUrl(options.repoUrl);
const repoProbeUrl = repoConnectivityProbeUrl(repoFetchUrl);
const sshIdentity = repoNeedsGithubSshIdentity(repoFetchUrl) ? await ensureGithubSshIdentityForProvider(config, d601ProviderId) : null; const sshIdentity = repoNeedsGithubSshIdentity(repoFetchUrl) ? await ensureGithubSshIdentityForProvider(config, d601ProviderId) : null;
if (sshIdentity !== null && !sshIdentity.ok) throw new Error(sshIdentity.detail); if (sshIdentity !== null && !sshIdentity.ok) throw new Error(sshIdentity.detail);
const proxyPython = gitSshHttpConnectProxySource(); const proxyPython = gitSshHttpConnectProxySource();
@@ -777,6 +789,7 @@ async function prepareUserServiceArtifactSource(config: UniDeskConfig, options:
`commit=${shellQuote(options.commit)}`, `commit=${shellQuote(options.commit)}`,
`repo_url=${shellQuote(options.repoUrl)}`, `repo_url=${shellQuote(options.repoUrl)}`,
`repo_fetch_url=${shellQuote(repoFetchUrl)}`, `repo_fetch_url=${shellQuote(repoFetchUrl)}`,
`repo_probe_url=${shellQuote(repoProbeUrl)}`,
`dockerfile=${shellQuote(options.dockerfile)}`, `dockerfile=${shellQuote(options.dockerfile)}`,
`source_root=${shellQuote(sourceRoot)}`, `source_root=${shellQuote(sourceRoot)}`,
`source_dir=${shellQuote(sourceHostPath)}`, `source_dir=${shellQuote(sourceHostPath)}`,
@@ -785,7 +798,7 @@ async function prepareUserServiceArtifactSource(config: UniDeskConfig, options:
"mkdir -p \"$(dirname \"$repo_cache\")\" \"$source_root\"", "mkdir -p \"$(dirname \"$repo_cache\")\" \"$source_root\"",
"export HTTP_PROXY=\"$proxy_url\" HTTPS_PROXY=\"$proxy_url\" ALL_PROXY=\"$proxy_url\"", "export HTTP_PROXY=\"$proxy_url\" HTTPS_PROXY=\"$proxy_url\" ALL_PROXY=\"$proxy_url\"",
"export NO_PROXY=\"localhost,127.0.0.1,::1,host.docker.internal,.svc,.cluster.local,kubernetes.default.svc\"", "export NO_PROXY=\"localhost,127.0.0.1,::1,host.docker.internal,.svc,.cluster.local,kubernetes.default.svc\"",
"curl -fsSI --max-time 20 -x \"$proxy_url\" https://github.com >/dev/null", "curl -fsSI --max-time 20 -x \"$proxy_url\" \"$repo_probe_url\" >/dev/null",
"git_ssh_proxy=/tmp/unidesk-git-ssh-http-connect.py", "git_ssh_proxy=/tmp/unidesk-git-ssh-http-connect.py",
"cat > \"$git_ssh_proxy\" <<'UNIDESK_GIT_SSH_PROXY'", "cat > \"$git_ssh_proxy\" <<'UNIDESK_GIT_SSH_PROXY'",
proxyPython, proxyPython,
@@ -795,6 +808,7 @@ async function prepareUserServiceArtifactSource(config: UniDeskConfig, options:
"export GIT_SSH_COMMAND=\"ssh -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=$HOME/.ssh/known_hosts -i $HOME/.ssh/id_ed25519 -o 'ProxyCommand=$git_ssh_proxy %h %p'\"", "export GIT_SSH_COMMAND=\"ssh -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=$HOME/.ssh/known_hosts -i $HOME/.ssh/id_ed25519 -o 'ProxyCommand=$git_ssh_proxy %h %p'\"",
"echo user_service_artifact_source_proxy=provider-gateway-ws-egress:$proxy_url", "echo user_service_artifact_source_proxy=provider-gateway-ws-egress:$proxy_url",
"echo user_service_artifact_repo_fetch_url=$repo_fetch_url", "echo user_service_artifact_repo_fetch_url=$repo_fetch_url",
"echo user_service_artifact_repo_probe_url=$repo_probe_url",
"echo user_service_artifact_service_id=$service_id", "echo user_service_artifact_service_id=$service_id",
"if [ ! -d \"$repo_cache\" ]; then git clone --mirror \"$repo_fetch_url\" \"$repo_cache\"; fi", "if [ ! -d \"$repo_cache\" ]; then git clone --mirror \"$repo_fetch_url\" \"$repo_cache\"; fi",
"git -C \"$repo_cache\" remote set-url origin \"$repo_fetch_url\"", "git -C \"$repo_cache\" remote set-url origin \"$repo_fetch_url\"",
@@ -823,6 +837,7 @@ async function prepareUserServiceArtifactSource(config: UniDeskConfig, options:
providerId: d601ProviderId, providerId: d601ProviderId,
repoUrl: options.repoUrl, repoUrl: options.repoUrl,
repoFetchUrl, repoFetchUrl,
repoProbeUrl,
commit: options.commit, commit: options.commit,
serviceId: options.serviceId, serviceId: options.serviceId,
dockerfile: options.dockerfile, dockerfile: options.dockerfile,
@@ -1257,6 +1272,7 @@ async function publishUserServiceArtifact(config: UniDeskConfig, options: CiPubl
imageRepository: options.imageRepository, imageRepository: options.imageRepository,
}; };
const plannedArtifact = artifactSummaryDefaults(summaryContext); const plannedArtifact = artifactSummaryDefaults(summaryContext);
const plannedRepoFetchUrl = repoSshUrl(options.repoUrl);
if (options.dryRun) { if (options.dryRun) {
return { return {
ok: true, ok: true,
@@ -1272,7 +1288,8 @@ async function publishUserServiceArtifact(config: UniDeskConfig, options: CiPubl
mode: "planned-only", mode: "planned-only",
providerId: d601ProviderId, providerId: d601ProviderId,
repoUrl: options.repoUrl, repoUrl: options.repoUrl,
repoFetchUrl: repoSshUrl(options.repoUrl), repoFetchUrl: plannedRepoFetchUrl,
repoProbeUrl: repoConnectivityProbeUrl(plannedRepoFetchUrl),
commit: options.commit, commit: options.commit,
serviceId: options.serviceId, serviceId: options.serviceId,
dockerfile: options.dockerfile, dockerfile: options.dockerfile,