fix(ci): reuse provider egress for backend-core artifacts

This commit is contained in:
Codex
2026-05-19 01:02:17 +00:00
parent 29dab8fab2
commit 49cf1e57bb
7 changed files with 408 additions and 256 deletions
+2
View File
@@ -44,6 +44,8 @@ Acceptable source access implementations are:
- an in-cluster Git mirror managed by UniDesk; or
- the same commit-pinned host-fetch boundary used by `ci run-dev-e2e`, where D601 fetches the manifest commit and passes only verified inputs into Tekton.
For backend-core artifact publication, the required implementation is the host-fetch boundary: D601 uses the existing GitHub SSH deploy identity plus the node-local provider-gateway WS egress proxy, exports the requested commit to `/home/ubuntu/.unidesk/ci/backend-core-artifacts/<commit>`, and passes only that verified source directory into Tekton. This path must not be replaced by an in-cluster Git mirror, a third-party source mirror, an operator local checkout, or Tekton-mounted GitHub credentials.
If a CI repo-check task fails at `git clone` because credentials are unavailable, classify it as a CI infrastructure/auth gap, not as an application test failure.
## Verification Priority