fix: sync scoped ssh runtime deploy env

This commit is contained in:
Codex
2026-06-02 08:40:58 +00:00
parent 5dba1a06be
commit 7de9782dc2
4 changed files with 55 additions and 1 deletions
+8
View File
@@ -17,6 +17,7 @@ import {
type DeployJsonServiceContract,
} from "./deploy-json-contract";
import { d601K3sGuardShellLines } from "./d601-k3s-guard";
import { composeRuntimeEnvValue } from "./runtime-env";
export type ArtifactRegistryAction = "plan" | "render" | "status" | "health" | "install" | "deploy-backend-core" | "deploy-service";
type ArtifactDeployEnvironment = "prod" | "dev";
@@ -1676,6 +1677,8 @@ function downloadRemoteFile(options: ArtifactRegistryOptions, remotePath: string
"ssh",
options.providerId,
"download",
"--chunk-bytes",
"96000",
remotePath,
localPath,
], repoRoot, { timeoutMs });
@@ -2455,13 +2458,18 @@ function verifyLocalArtifactLabels(
}
function d601DevFrontendAuthPatchScript(config: UniDeskConfig): string {
const sshClientToken = composeRuntimeEnvValue("UNIDESK_SSH_CLIENT_TOKEN");
if (sshClientToken === null) throw new Error("UNIDESK_SSH_CLIENT_TOKEN must be present in .state/docker-compose.env before deploying dev frontend");
const sshClientRouteAllowlist = composeRuntimeEnvValue("UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST") ?? "G14,G14:*,D601,D601:*";
const secretData = {
AUTH_USERNAME: base64(config.auth.username),
AUTH_PASSWORD: base64(config.auth.password),
SESSION_SECRET: base64(config.auth.sessionSecret),
UNIDESK_SSH_CLIENT_TOKEN: base64(sshClientToken),
};
const configData = {
SESSION_TTL_SECONDS: String(config.auth.sessionTtlSeconds),
UNIDESK_SSH_CLIENT_ROUTE_ALLOWLIST: sshClientRouteAllowlist,
};
return [
d601K3sGuardScript(),