From 8b13c01d468d605a07c7dcc8ee07ce6fe9251186 Mon Sep 17 00:00:00 2001 From: Codex Date: Thu, 11 Jun 2026 10:42:52 +0000 Subject: [PATCH] fix: keep CI SSH uploads below provider limits --- scripts/ci-install-visibility-contract-test.ts | 8 ++++++++ .../ci-publish-backend-core-preflight-contract-test.ts | 2 ++ scripts/src/ci.ts | 6 +++++- 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/scripts/ci-install-visibility-contract-test.ts b/scripts/ci-install-visibility-contract-test.ts index 25f445e5..5b409469 100644 --- a/scripts/ci-install-visibility-contract-test.ts +++ b/scripts/ci-install-visibility-contract-test.ts @@ -46,6 +46,13 @@ assertCondition( "ci dispatch submit must use bounded backend-core fetch timeout", ); +assertCondition( + source.includes("const hostSshBase64UploadChunkChars = 3000") + && source.includes("chunks(encoded, hostSshBase64UploadChunkChars)") + && source.includes("provider-gateway rejects long host.ssh commands"), + "ci host.ssh base64 upload must stay below provider command length limits", +); + assertCondition( source.includes("runSshCommandCapture(config, `${target.providerId}:k3s`, [\"script\"], script)") && source.includes("base64 -d > \\\"$tmp\\\" <<'UNIDESK_CI_MANIFEST_B64'") @@ -81,6 +88,7 @@ console.log(JSON.stringify({ "ci install defaults to async job mode with status follow-up", "ci install job status exposes stage progress events", "ci dispatch submit uses bounded backend-core fetch timeout", + "ci host.ssh base64 upload stays below provider command length limits", "ci manifest apply embeds YAML through k3s route script with byte visibility", "ci prewarm failure exposes concise root/containerd recovery", "ci help documents manifest refresh boundaries", diff --git a/scripts/ci-publish-backend-core-preflight-contract-test.ts b/scripts/ci-publish-backend-core-preflight-contract-test.ts index 8866ecca..7a0d7bab 100644 --- a/scripts/ci-publish-backend-core-preflight-contract-test.ts +++ b/scripts/ci-publish-backend-core-preflight-contract-test.ts @@ -61,6 +61,7 @@ function readyTransport(kind: "remote-frontend" | "local-docker" = "remote-front taskId: "task-ci-runner", status: "succeeded", stdout: [ + "d601_native_k3s_guard=pass kubeconfig=/etc/rancher/k3s/k3s.yaml context=default server=https://127.0.0.1:6443 node=d601", "provider_host_ssh=ok", "kubectl=ok", "docker=ok", @@ -184,6 +185,7 @@ const remoteInfraBlockedTransport: PublishPreflightTransport = { taskId: "task-ci-runner", status: "succeeded", stdout: [ + "d601_native_k3s_guard=pass kubeconfig=/etc/rancher/k3s/k3s.yaml context=default server=https://127.0.0.1:6443 node=d601", "provider_host_ssh=ok", "kubectl=ok", "docker=ok", diff --git a/scripts/src/ci.ts b/scripts/src/ci.ts index 5167d010..80b85f81 100644 --- a/scripts/src/ci.ts +++ b/scripts/src/ci.ts @@ -548,6 +548,8 @@ function chunks(value: string, size: number): string[] { return result; } +const hostSshBase64UploadChunkChars = 3000; + function asRecord(value: unknown): Record | null { return typeof value === "object" && value !== null && !Array.isArray(value) ? value as Record : null; } @@ -970,7 +972,9 @@ async function uploadRemoteBase64(path: string, encoded: string, target = ciTarg "chmod 600 \"$target\"", ].join("\n"), 20_000, 10_000, true, target); if (!init.ok) return init; - for (const chunk of chunks(encoded, 6_000)) { + // D601 provider-gateway rejects long host.ssh commands; keep each append + // envelope comfortably below the transport limit. + for (const chunk of chunks(encoded, hostSshBase64UploadChunkChars)) { const append = await dispatchSsh([ "set -euo pipefail", `target=${shellQuote(path)}`,