From 497055d8cf38d9ed80cf2a1508ec44b29969e52f Mon Sep 17 00:00:00 2001 From: Codex Date: Fri, 26 Jun 2026 12:18:04 +0000 Subject: [PATCH] fix: roll egress proxy on config template changes --- scripts/src/platform-infra/manifest.ts | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/scripts/src/platform-infra/manifest.ts b/scripts/src/platform-infra/manifest.ts index dd5ff72c..9bf296d1 100644 --- a/scripts/src/platform-infra/manifest.ts +++ b/scripts/src/platform-infra/manifest.ts @@ -14,7 +14,7 @@ import { capture, compactCapture, parseJsonOutput, prepareFrpcSecret, shQuote } import { yamlBooleanField, yamlFieldLabel, yamlIntegerField } from "../platform-infra-ops-library"; import { fingerprintSecretValues, parseEnvFile, readEnvSourceFile, readTextFile, redactRepoPath, requiredEnvValue } from "../secrets"; -import type { ManagedResourceCleanupPlan, Sub2ApiConfig, Sub2ApiTargetConfig } from "./entry"; +import type { ManagedResourceCleanupPlan, Sub2ApiConfig, Sub2ApiEgressProxyConfig, Sub2ApiTargetConfig } from "./entry"; import { isKubernetesName, stringField } from "./config"; import { codexPoolConfigPath, configPath, manifestPath } from "./entry"; @@ -574,6 +574,7 @@ spec: export function renderEgressProxyManifest(target: Sub2ApiTargetConfig): string { const proxy = target.egressProxy; if (proxy === null || !proxy.enabled) return ""; + const proxyConfigHash = egressProxyConfigHash(proxy); return `--- apiVersion: v1 kind: Service @@ -626,6 +627,8 @@ spec: unidesk.ai/proxy-source-config-ref: "${proxy.sourceConfigRef ?? ""}" unidesk.ai/proxy-source-fingerprint: "${proxy.sourceFingerprint ?? ""}" unidesk.ai/proxy-selected-outbound: "${proxy.sourceType === "subscription-url" ? proxy.preferredOutbound : "shadowsocks"}" + unidesk.ai/proxy-config-template: "${egressProxyConfigTemplateVersion}" + unidesk.ai/proxy-config-hash: "${proxyConfigHash}" spec: containers: - name: proxy @@ -663,3 +666,21 @@ spec: secretName: ${proxy.secretName} `; } + +const egressProxyConfigTemplateVersion = "sing-box-clash-api-v1"; + +export function egressProxyConfigHash(proxy: Sub2ApiEgressProxyConfig): string { + return createHash("sha256") + .update(JSON.stringify({ + templateVersion: egressProxyConfigTemplateVersion, + listenPort: proxy.listenPort, + sourceType: proxy.sourceType, + sourceConfigRef: proxy.sourceConfigRef, + sourceRef: proxy.sourceRef, + sourceFingerprint: proxy.sourceFingerprint, + preferredOutbound: proxy.sourceType === "subscription-url" ? proxy.preferredOutbound : "shadowsocks", + masterShadowsocks: proxy.masterShadowsocks, + })) + .digest("hex") + .slice(0, 16); +}