fix: stamp sentinel runtime source commit

This commit is contained in:
Codex
2026-07-03 08:08:06 +00:00
parent dbe7e92af5
commit 5da8cd7175
+20 -5
View File
@@ -566,7 +566,7 @@ export function loadSentinelCicdState(
? resolveSourceHead(spec, cicd, controlPlaneTarget, controlPlaneNode, timeoutSeconds, sourceResolveMode)
: sourceHeadFromOverride(cicd, sourceOverride);
const image = sentinelImagePlan(spec, cicd, sourceHead);
const manifests = renderSentinelManifests(spec, sentinel.id, runtime, cicd, scenarios, publicExposure, secrets, image);
const manifests = renderSentinelManifests(spec, sentinel.id, runtime, cicd, scenarios, publicExposure, secrets, image, sourceHead);
const manifestYaml = `${manifests.map((item) => Bun.YAML.stringify(item).trim()).join("\n---\n")}\n`;
return {
spec,
@@ -977,6 +977,7 @@ function renderSentinelManifests(
publicExposure: Record<string, unknown>,
secrets: Record<string, unknown>,
image: SentinelImagePlan,
sourceHead: SourceHead,
): readonly Record<string, unknown>[] {
const namespace = stringAt(runtime, "namespace");
const labels = {
@@ -993,7 +994,9 @@ function renderSentinelManifests(
const servicePort = numberAt(runtime, "servicePort");
const pvcStorage = stringAt(runtime, "pvcStorage");
const stateRoot = stringAt(runtime, "stateRoot");
const sentinelEnv = sentinelContainerEnv(sentinelId, runtime, cicd, secrets);
const sourceCommitAnnotations = sentinelSourceCommitAnnotations(sourceHead.commit);
const sourceCommitMetadata = sourceCommitAnnotations === null ? {} : { annotations: sourceCommitAnnotations };
const sentinelEnv = sentinelContainerEnv(sentinelId, runtime, cicd, secrets, sourceHead.commit);
const kubernetesApiEgress = sentinelKubernetesApiEgress(runtime);
const cadenceJob = sentinelCadenceCronJobPlan(spec, sentinelId, runtime, cicd, scenarios, image.ref, sentinelEnv);
if (cadenceJob !== null) {
@@ -1060,12 +1063,12 @@ function renderSentinelManifests(
{
apiVersion: "apps/v1",
kind: "Deployment",
metadata: { name: deploymentName, namespace, labels },
metadata: { name: deploymentName, namespace, labels, ...sourceCommitMetadata },
spec: {
replicas: numberAt(runtime, "replicas"),
selector: { matchLabels: { "app.kubernetes.io/name": deploymentName } },
template: {
metadata: { labels },
metadata: { labels, ...sourceCommitMetadata },
spec: {
serviceAccountName: stringAt(runtime, "serviceAccountName"),
containers: [{
@@ -1175,7 +1178,15 @@ function sentinelKubernetesApiEgress(runtime: Record<string, unknown>): readonly
}));
}
function sentinelContainerEnv(sentinelId: string, runtime: Record<string, unknown>, cicd: Record<string, unknown>, secrets: Record<string, unknown>): readonly Record<string, unknown>[] {
function sentinelSourceCommitAnnotations(sourceCommit: string | null): Record<string, string> | null {
if (sourceCommit === null) return null;
return {
"unidesk.ai/source-commit": sourceCommit,
"hwlab.pikastech.local/source-commit": sourceCommit,
};
}
function sentinelContainerEnv(sentinelId: string, runtime: Record<string, unknown>, cicd: Record<string, unknown>, secrets: Record<string, unknown>, sourceCommit: string | null): readonly Record<string, unknown>[] {
const env: Record<string, unknown>[] = [{ name: "UNIDESK_WEB_PROBE_SENTINEL_ID", value: sentinelId }];
const otelEnabled = booleanAtNullable(runtime, "observability.otel.enabled") ?? booleanAtNullable(cicd, "observability.otel.enabled") ?? false;
const otelEndpoint = stringAtNullable(runtime, "observability.otel.tracesEndpoint")
@@ -1197,6 +1208,10 @@ function sentinelContainerEnv(sentinelId: string, runtime: Record<string, unknow
used.add(name);
env.push(item);
};
if (sourceCommit !== null) {
pushEnv({ name: "UNIDESK_SOURCE_COMMIT", value: sourceCommit });
pushEnv({ name: "WEB_PROBE_SENTINEL_SOURCE_COMMIT", value: sourceCommit });
}
if (otelEnabled) {
if (otelEndpoint !== null) pushEnv({ name: "OTEL_EXPORTER_OTLP_TRACES_ENDPOINT", value: otelEndpoint });
if (otelServiceName !== null) pushEnv({ name: "OTEL_SERVICE_NAME", value: otelServiceName });