fix: keep hwlab runtime gitops guard on manual refresh
This commit is contained in:
@@ -203,7 +203,8 @@ export function renderControllerManifests(registry: BranchFollowerRegistry): Rec
|
||||
kind: "ClusterRole",
|
||||
metadata: { name: registry.controller.serviceAccountName, labels },
|
||||
rules: [
|
||||
{ apiGroups: [""], resources: ["pods", "pods/log", "configmaps", "events"], verbs: ["get", "list", "watch"] },
|
||||
{ apiGroups: [""], resources: ["pods", "pods/log", "events"], verbs: ["get", "list", "watch"] },
|
||||
{ apiGroups: [""], resources: ["configmaps"], verbs: ["get", "list", "watch", "create", "update", "patch"] },
|
||||
{ apiGroups: [""], resources: ["pods/exec"], verbs: ["create"] },
|
||||
{ apiGroups: ["batch"], resources: ["jobs"], verbs: ["get", "list", "watch", "create", "delete"] },
|
||||
{ apiGroups: ["apps"], resources: ["deployments", "statefulsets"], verbs: ["get", "list", "watch"] },
|
||||
|
||||
@@ -83,7 +83,7 @@ export function nativeHwlabControlPlaneRefreshJobManifest(
|
||||
{ name: "FIELD_MANAGER", value: spec.controlPlaneFieldManager },
|
||||
{ name: "TEKTON_NAMESPACE", value: tektonNamespace },
|
||||
{ name: "KUBE_REQUEST_TIMEOUT_SECONDS", value: String(timeoutSeconds) },
|
||||
{ name: "RUNTIME_GITOPS_CONFIGMAP_NAME", value: registry.controller.configMapName },
|
||||
{ name: "RUNTIME_GITOPS_CONFIGMAP_NAME", value: `${spec.pipeline}-runtime-gitops-scripts` },
|
||||
{ name: "HWLAB_RENDER_OVERLAY_B64", value: overlay },
|
||||
],
|
||||
}],
|
||||
|
||||
@@ -41,6 +41,9 @@ import { webObserveShort, webObserveText } from "./web-probe-observe";
|
||||
import { hwlabRuntimeActiveExternalPostgres } from "../hwlab-node-lanes";
|
||||
|
||||
const runtimeGitopsObservabilityNativeScript = readFileSync(rootPath("scripts/native/hwlab/runtime-gitops-observability.mjs"), "utf8").trimEnd();
|
||||
const runtimeGitopsPipelineGuardNativeScript = readFileSync(rootPath("scripts/native/hwlab/runtime-gitops-pipeline-guard.mjs"), "utf8").trimEnd();
|
||||
const runtimeGitopsPostprocessNativeScript = readFileSync(rootPath("scripts/native/hwlab/runtime-gitops-postprocess.mjs"), "utf8").trimEnd();
|
||||
const runtimeGitopsVerifyNativeScript = readFileSync(rootPath("scripts/native/hwlab/runtime-gitops-verify.mjs"), "utf8").trimEnd();
|
||||
|
||||
export function nodeRuntimeGitMirrorJobName(mirror: NodeRuntimeGitMirrorTargetSpec, action: "sync" | "flush"): string {
|
||||
const prefix = action === "sync" ? mirror.syncJobPrefix : mirror.flushJobPrefix;
|
||||
@@ -2648,5 +2651,34 @@ export function nodeRuntimePipelinePostprocessScript(): string[] {
|
||||
"patchArgoYaml(path.join(renderDir, 'argocd', 'project.yaml'));",
|
||||
"patchArgoYaml(path.join(renderDir, 'argocd', overlay.argoApplicationFile));",
|
||||
"NODE",
|
||||
...runtimeGitopsPipelineGuardScript(),
|
||||
];
|
||||
}
|
||||
|
||||
function runtimeGitopsPipelineGuardScript(): string[] {
|
||||
return [
|
||||
"runtime_gitops_guard_dir=\"$render_dir/.unidesk-runtime-gitops\"",
|
||||
"mkdir -p \"$runtime_gitops_guard_dir\"",
|
||||
...writeRuntimeGitopsNativeScript("runtime-gitops-pipeline-guard.mjs", runtimeGitopsPipelineGuardNativeScript, "UNIDESK_RUNTIME_GITOPS_PIPELINE_GUARD_MJS"),
|
||||
...writeRuntimeGitopsNativeScript("runtime-gitops-observability.mjs", runtimeGitopsObservabilityNativeScript, "UNIDESK_RUNTIME_GITOPS_OBSERVABILITY_MJS"),
|
||||
...writeRuntimeGitopsNativeScript("runtime-gitops-postprocess.mjs", runtimeGitopsPostprocessNativeScript, "UNIDESK_RUNTIME_GITOPS_POSTPROCESS_MJS"),
|
||||
...writeRuntimeGitopsNativeScript("runtime-gitops-verify.mjs", runtimeGitopsVerifyNativeScript, "UNIDESK_RUNTIME_GITOPS_VERIFY_MJS"),
|
||||
[
|
||||
"UNIDESK_RUNTIME_GITOPS_OVERLAY_B64=\"$overlay_b64\"",
|
||||
"node \"$runtime_gitops_guard_dir/runtime-gitops-pipeline-guard.mjs\"",
|
||||
"--pipeline \"$render_dir/$(node -e 'const o=JSON.parse(Buffer.from(process.argv[1],\"base64\").toString(\"utf8\")); process.stdout.write(o.tektonDir)' \"$overlay_b64\")/pipeline.yaml\"",
|
||||
"--scripts-configmap \"$render_dir/$(node -e 'const o=JSON.parse(Buffer.from(process.argv[1],\"base64\").toString(\"utf8\")); process.stdout.write(o.tektonDir)' \"$overlay_b64\")/runtime-gitops-scripts.yaml\"",
|
||||
`--namespace ${shellQuote(HWLAB_CI_NAMESPACE)}`,
|
||||
"--scripts-dir \"$runtime_gitops_guard_dir\"",
|
||||
].join(" "),
|
||||
];
|
||||
}
|
||||
|
||||
function writeRuntimeGitopsNativeScript(name: string, content: string, marker: string): string[] {
|
||||
return [
|
||||
`cat > "$runtime_gitops_guard_dir/${name}" <<'${marker}'`,
|
||||
content,
|
||||
marker,
|
||||
`chmod 0755 "$runtime_gitops_guard_dir/${name}"`,
|
||||
];
|
||||
}
|
||||
|
||||
@@ -178,6 +178,7 @@ export function nodeRuntimeControlPlaneFiles(spec: HwlabRuntimeLaneSpec, renderD
|
||||
return [
|
||||
`${renderDir}/${spec.runtimeRenderDir}/namespace.yaml`,
|
||||
`${renderDir}/${spec.tektonDir}/rbac.yaml`,
|
||||
`${renderDir}/${spec.tektonDir}/runtime-gitops-scripts.yaml`,
|
||||
`${renderDir}/${spec.tektonDir}/pipeline.yaml`,
|
||||
`${renderDir}/argocd/project.yaml`,
|
||||
`${renderDir}/argocd/${spec.argoApplicationFile}`,
|
||||
|
||||
Reference in New Issue
Block a user