|
|
|
@@ -1,5 +1,6 @@
|
|
|
|
|
// SPEC: PJ2026-01060703 CI/CD branch follower controller render helpers.
|
|
|
|
|
// Responsibility: Kubernetes controller/reconcile Job manifests and controller bootstrap scripts.
|
|
|
|
|
import { createHash } from "node:crypto";
|
|
|
|
|
import { readFileSync } from "node:fs";
|
|
|
|
|
import { rootPath } from "./config";
|
|
|
|
|
import { shQuote } from "./platform-infra-ops-library";
|
|
|
|
@@ -86,6 +87,16 @@ export function waitForJobShell(namespace: string, jobName: string, timeoutSecon
|
|
|
|
|
export function renderControllerManifests(registry: BranchFollowerRegistry): Record<string, unknown>[] {
|
|
|
|
|
const labels = registry.controller.labels;
|
|
|
|
|
const selector = labels;
|
|
|
|
|
const controllerConfigData = {
|
|
|
|
|
"cicd-branch-followers.yaml": registry.rawText,
|
|
|
|
|
"sync-source.sh": nativeCicdScript("sync-source.sh"),
|
|
|
|
|
"controller-one-shot.sh": nativeCicdScript("controller-one-shot.sh"),
|
|
|
|
|
"controller-loop.sh": nativeCicdScript("controller-loop.sh"),
|
|
|
|
|
"hwlab-node-control-plane-refresh.mjs": nativeCicdScript("hwlab-node-control-plane-refresh.mjs"),
|
|
|
|
|
"github-proxy-connect.mjs": nativeCicdScript("github-proxy-connect.mjs"),
|
|
|
|
|
"git-ssh-proxy.sh": nativeCicdScript("git-ssh-proxy.sh"),
|
|
|
|
|
};
|
|
|
|
|
const controllerConfigSha = sha256(JSON.stringify(controllerConfigData));
|
|
|
|
|
return [
|
|
|
|
|
{
|
|
|
|
|
apiVersion: "v1",
|
|
|
|
@@ -141,15 +152,7 @@ export function renderControllerManifests(registry: BranchFollowerRegistry): Rec
|
|
|
|
|
apiVersion: "v1",
|
|
|
|
|
kind: "ConfigMap",
|
|
|
|
|
metadata: { name: registry.controller.configMapName, namespace: registry.controller.namespace, labels },
|
|
|
|
|
data: {
|
|
|
|
|
"cicd-branch-followers.yaml": registry.rawText,
|
|
|
|
|
"sync-source.sh": nativeCicdScript("sync-source.sh"),
|
|
|
|
|
"controller-one-shot.sh": nativeCicdScript("controller-one-shot.sh"),
|
|
|
|
|
"controller-loop.sh": nativeCicdScript("controller-loop.sh"),
|
|
|
|
|
"hwlab-node-control-plane-refresh.mjs": nativeCicdScript("hwlab-node-control-plane-refresh.mjs"),
|
|
|
|
|
"github-proxy-connect.mjs": nativeCicdScript("github-proxy-connect.mjs"),
|
|
|
|
|
"git-ssh-proxy.sh": nativeCicdScript("git-ssh-proxy.sh"),
|
|
|
|
|
},
|
|
|
|
|
data: controllerConfigData,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
apiVersion: "v1",
|
|
|
|
@@ -159,6 +162,7 @@ export function renderControllerManifests(registry: BranchFollowerRegistry): Rec
|
|
|
|
|
_createdAt: new Date().toISOString(),
|
|
|
|
|
_specRef: SPEC_REF,
|
|
|
|
|
_registrySha256: registry.rawSha256,
|
|
|
|
|
_controllerConfigSha256: controllerConfigSha,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
@@ -180,12 +184,13 @@ export function renderControllerManifests(registry: BranchFollowerRegistry): Rec
|
|
|
|
|
annotations: {
|
|
|
|
|
"unidesk.pikapython.com/spec-ref": SPEC_REF,
|
|
|
|
|
"unidesk.pikapython.com/registry-sha256": registry.rawSha256,
|
|
|
|
|
"unidesk.pikapython.com/controller-config-sha256": controllerConfigSha,
|
|
|
|
|
"unidesk.pikapython.com/host-worktree-authority": "false",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
spec: {
|
|
|
|
|
serviceAccountName: registry.controller.serviceAccountName,
|
|
|
|
|
terminationGracePeriodSeconds: 30,
|
|
|
|
|
terminationGracePeriodSeconds: registry.controller.loop.terminationGracePeriodSeconds,
|
|
|
|
|
volumes: [
|
|
|
|
|
{ name: "registry", configMap: { name: registry.controller.configMapName, defaultMode: 0o755 } },
|
|
|
|
|
{ name: "git-mirror-cache", persistentVolumeClaim: { claimName: registry.controller.source.gitMirrorCachePvcName } },
|
|
|
|
@@ -227,3 +232,7 @@ export function renderControllerManifests(registry: BranchFollowerRegistry): Rec
|
|
|
|
|
function nativeCicdScript(name: string): string {
|
|
|
|
|
return readFileSync(rootPath("scripts/native/cicd", name), "utf8");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function sha256(value: string): string {
|
|
|
|
|
return createHash("sha256").update(value).digest("hex");
|
|
|
|
|
}
|
|
|
|
|