fix(hwlab): close d518 yaml cutover gaps

This commit is contained in:
Codex
2026-06-27 15:40:25 +00:00
parent fc032d829a
commit 1968c43a6a
14 changed files with 831 additions and 13 deletions
+51 -10
View File
@@ -491,17 +491,11 @@ export function runNodePublicExposure(options: NodePublicExposureOptions): Recor
next: { fixSecretSource: `create .state/secrets/${exposure.tokenSourceRef} with ${exposure.tokenSourceKey}=<redacted>` },
};
}
const secretApplyResult = runTransScript(options.node, publicExposureSecretScript(options, exposure), source.value ?? "", options.timeoutSeconds);
let secretFields = keyValueLinesFromText(statusText(secretApplyResult));
let secretResult = secretApplyResult;
if (!options.dryRun && secretApplyResult.exitCode === 0 && secretFields.afterSecretExists === "yes") {
const restartResult = runPublicExposureFrpcRecreate(options);
secretFields = { ...secretFields, ...keyValueLinesFromText(statusText(restartResult)) };
secretResult = combinePublicExposureCommandResults(secretApplyResult, restartResult);
}
const caddyResult = runTransHostScript(exposure.caddyRoute, publicExposureCaddyScript(options, exposure), "", options.timeoutSeconds);
const caddyFields = keyValueLinesFromText(statusText(caddyResult));
const secretStatus = publicExposureSecretStatus(secretFields, secretResult);
const secretStatus = options.dryRun
? publicExposureSecretDryRunStatus(options, exposure, source.value?.length ?? 0)
: publicExposureSecretApplyStatus(options, exposure, source.value ?? "");
const caddyStatus = publicExposureCaddyStatus(caddyFields, caddyResult);
const ok = secretStatus.ok === true && caddyStatus.ok === true;
return {
@@ -510,7 +504,7 @@ export function runNodePublicExposure(options: NodePublicExposureOptions): Recor
node: options.node,
lane: options.lane,
mode: options.dryRun ? "dry-run" : "confirmed",
mutation: !options.dryRun && (secretFields.mutation === "true" || caddyFields.mutation === "true"),
mutation: !options.dryRun && (secretStatus.mutation === true || caddyFields.mutation === "true"),
configPath: hwlabRuntimeLaneConfigPath(),
publicExposure: publicExposureSummary(exposure),
source: {
@@ -533,6 +527,53 @@ export function runNodePublicExposure(options: NodePublicExposureOptions): Recor
};
}
function publicExposureSecretDryRunStatus(options: NodePublicExposureOptions, exposure: HwlabRuntimePublicExposureSpec, tokenBytes: number): Record<string, unknown> {
return {
ok: true,
dryRun: true,
mutation: false,
planned: true,
namespace: options.spec.runtimeNamespace,
secret: exposure.secretName,
deployment: `${options.spec.runtimeNamespace}-frpc`,
beforeExists: null,
afterExists: null,
tokenBytes,
applyExitCode: null,
restartMode: null,
strategyPatchExitCode: null,
rolloutRestartExitCode: null,
scaleDownExitCode: null,
scaleDownWaitExitCode: null,
scaleDownWaitPodCount: null,
scaleUpExitCode: null,
rolloutStatusExitCode: null,
readyReplicas: null,
availableReplicas: null,
desiredReplicas: null,
strategyPatchErrorPreview: null,
restartErrorPreview: null,
scaleDownErrorPreview: null,
scaleUpErrorPreview: null,
readyErrorPreview: null,
exitCode: 0,
stderr: "",
valuesRedacted: true,
};
}
function publicExposureSecretApplyStatus(options: NodePublicExposureOptions, exposure: HwlabRuntimePublicExposureSpec, token: string): Record<string, unknown> {
const secretApplyResult = runTransScript(options.node, publicExposureSecretScript(options, exposure), token, options.timeoutSeconds);
let secretFields = keyValueLinesFromText(statusText(secretApplyResult));
let secretResult = secretApplyResult;
if (secretApplyResult.exitCode === 0 && secretFields.afterSecretExists === "yes") {
const restartResult = runPublicExposureFrpcRecreate(options);
secretFields = { ...secretFields, ...keyValueLinesFromText(statusText(restartResult)) };
secretResult = combinePublicExposureCommandResults(secretApplyResult, restartResult);
}
return publicExposureSecretStatus(secretFields, secretResult);
}
export function readPublicExposureTokenSource(exposure: HwlabRuntimePublicExposureSpec): { ok: boolean; path: string; checkedPaths: string[]; key: string; value: string | null; fingerprint: string | null; error?: string } {
const checkedPaths = publicExposureTokenSourcePaths(exposure);
const path = checkedPaths.find((candidate) => existsSync(candidate)) ?? checkedPaths[0] ?? join(repoRoot, ".state", "secrets", exposure.tokenSourceRef);