From 5da8cd71757660f23c9f43c0936c49cd314f1226 Mon Sep 17 00:00:00 2001 From: Codex Date: Fri, 3 Jul 2026 08:08:06 +0000 Subject: [PATCH] fix: stamp sentinel runtime source commit --- scripts/src/hwlab-node-web-sentinel-cicd.ts | 25 ++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/scripts/src/hwlab-node-web-sentinel-cicd.ts b/scripts/src/hwlab-node-web-sentinel-cicd.ts index 53759170..aca03b5c 100644 --- a/scripts/src/hwlab-node-web-sentinel-cicd.ts +++ b/scripts/src/hwlab-node-web-sentinel-cicd.ts @@ -566,7 +566,7 @@ export function loadSentinelCicdState( ? resolveSourceHead(spec, cicd, controlPlaneTarget, controlPlaneNode, timeoutSeconds, sourceResolveMode) : sourceHeadFromOverride(cicd, sourceOverride); const image = sentinelImagePlan(spec, cicd, sourceHead); - const manifests = renderSentinelManifests(spec, sentinel.id, runtime, cicd, scenarios, publicExposure, secrets, image); + const manifests = renderSentinelManifests(spec, sentinel.id, runtime, cicd, scenarios, publicExposure, secrets, image, sourceHead); const manifestYaml = `${manifests.map((item) => Bun.YAML.stringify(item).trim()).join("\n---\n")}\n`; return { spec, @@ -977,6 +977,7 @@ function renderSentinelManifests( publicExposure: Record, secrets: Record, image: SentinelImagePlan, + sourceHead: SourceHead, ): readonly Record[] { const namespace = stringAt(runtime, "namespace"); const labels = { @@ -993,7 +994,9 @@ function renderSentinelManifests( const servicePort = numberAt(runtime, "servicePort"); const pvcStorage = stringAt(runtime, "pvcStorage"); const stateRoot = stringAt(runtime, "stateRoot"); - const sentinelEnv = sentinelContainerEnv(sentinelId, runtime, cicd, secrets); + const sourceCommitAnnotations = sentinelSourceCommitAnnotations(sourceHead.commit); + const sourceCommitMetadata = sourceCommitAnnotations === null ? {} : { annotations: sourceCommitAnnotations }; + const sentinelEnv = sentinelContainerEnv(sentinelId, runtime, cicd, secrets, sourceHead.commit); const kubernetesApiEgress = sentinelKubernetesApiEgress(runtime); const cadenceJob = sentinelCadenceCronJobPlan(spec, sentinelId, runtime, cicd, scenarios, image.ref, sentinelEnv); if (cadenceJob !== null) { @@ -1060,12 +1063,12 @@ function renderSentinelManifests( { apiVersion: "apps/v1", kind: "Deployment", - metadata: { name: deploymentName, namespace, labels }, + metadata: { name: deploymentName, namespace, labels, ...sourceCommitMetadata }, spec: { replicas: numberAt(runtime, "replicas"), selector: { matchLabels: { "app.kubernetes.io/name": deploymentName } }, template: { - metadata: { labels }, + metadata: { labels, ...sourceCommitMetadata }, spec: { serviceAccountName: stringAt(runtime, "serviceAccountName"), containers: [{ @@ -1175,7 +1178,15 @@ function sentinelKubernetesApiEgress(runtime: Record): readonly })); } -function sentinelContainerEnv(sentinelId: string, runtime: Record, cicd: Record, secrets: Record): readonly Record[] { +function sentinelSourceCommitAnnotations(sourceCommit: string | null): Record | null { + if (sourceCommit === null) return null; + return { + "unidesk.ai/source-commit": sourceCommit, + "hwlab.pikastech.local/source-commit": sourceCommit, + }; +} + +function sentinelContainerEnv(sentinelId: string, runtime: Record, cicd: Record, secrets: Record, sourceCommit: string | null): readonly Record[] { const env: Record[] = [{ name: "UNIDESK_WEB_PROBE_SENTINEL_ID", value: sentinelId }]; const otelEnabled = booleanAtNullable(runtime, "observability.otel.enabled") ?? booleanAtNullable(cicd, "observability.otel.enabled") ?? false; const otelEndpoint = stringAtNullable(runtime, "observability.otel.tracesEndpoint") @@ -1197,6 +1208,10 @@ function sentinelContainerEnv(sentinelId: string, runtime: Record