docs: record main server user-service artifact lane
This commit is contained in:
@@ -32,6 +32,39 @@ function listIncludes(value: unknown, expected: string): boolean {
|
||||
return Array.isArray(value) && value.some((item) => item === expected);
|
||||
}
|
||||
|
||||
function assertMainServerComposeConsumer(
|
||||
environment: "dev" | "prod",
|
||||
serviceId: string,
|
||||
expectedComposeService: string,
|
||||
expectedContainerName: string,
|
||||
): void {
|
||||
const plan = runDeployPlan(environment, serviceId);
|
||||
const artifact = asRecord(plan.artifactConsumer, `${serviceId} ${environment} artifactConsumer`);
|
||||
const target = asRecord(plan.target, `${serviceId} ${environment} target`);
|
||||
const registry = asRecord(artifact.registry, `${serviceId} ${environment} registry`);
|
||||
const build = asRecord(artifact.build, `${serviceId} ${environment} build`);
|
||||
assertCondition(plan.deploymentPath === "d601-registry-artifact-consumer", `${serviceId} ${environment} deployment path must be artifact consumer`, plan);
|
||||
assertCondition(artifact.consumerKind === "main-server-compose", `${serviceId} ${environment} must be a main-server Compose artifact consumer`, artifact);
|
||||
assertCondition(artifact.noRuntimeSourceBuild === true, `${serviceId} ${environment} plan must declare no runtime source build`, artifact);
|
||||
assertCondition(artifact.dryRunOnly === false, `${serviceId} ${environment} should not be dry-run-only`, artifact);
|
||||
assertCondition(String(artifact.registryImage ?? "").includes(`127.0.0.1:5000/unidesk/${serviceId}:`), `${serviceId} registry image missing`, artifact);
|
||||
assertCondition(registry.repository === `unidesk/${serviceId}`, `${serviceId} registry repository mismatch`, registry);
|
||||
assertCondition(registry.digest === null, `${serviceId} plan must not fake digest`, registry);
|
||||
assertCondition(build.willRunDockerBuild === false, `${serviceId} CD must not run docker build`, build);
|
||||
assertCondition(build.willRunDockerComposeBuild === false, `${serviceId} CD must not run docker compose build`, build);
|
||||
assertCondition(build.producerBoundary === "ci publish-user-service", `${serviceId} producer boundary mismatch`, build);
|
||||
assertCondition(target.runtimeHost === "main-server", `${serviceId} target should be main-server`, target);
|
||||
assertCondition(target.composeService === expectedComposeService, `${serviceId} compose service mismatch`, target);
|
||||
assertCondition(target.containerName === expectedContainerName, `${serviceId} container mismatch`, target);
|
||||
assertCondition(listIncludes(target.forbiddenActions, "docker build"), `${serviceId} plan should forbid docker build`, target);
|
||||
assertCondition(listIncludes(target.forbiddenActions, "docker compose build"), `${serviceId} plan should forbid compose build`, target);
|
||||
}
|
||||
|
||||
assertMainServerComposeConsumer("dev", "baidu-netdisk", "baidu-netdisk", "baidu-netdisk-backend");
|
||||
assertMainServerComposeConsumer("prod", "baidu-netdisk", "baidu-netdisk", "baidu-netdisk-backend");
|
||||
assertMainServerComposeConsumer("dev", "project-manager", "project-manager", "project-manager-backend");
|
||||
assertMainServerComposeConsumer("prod", "project-manager", "project-manager", "project-manager-backend");
|
||||
|
||||
const findjob = runDeployPlan("dev", "findjob");
|
||||
const findjobArtifact = asRecord(findjob.artifactConsumer, "findjob artifactConsumer");
|
||||
const findjobTarget = asRecord(findjob.target, "findjob target");
|
||||
@@ -93,6 +126,7 @@ process.stdout.write(`${JSON.stringify({
|
||||
checks: [
|
||||
"deploy plan models dev backend-core as a no-build D601 k3s artifact consumer",
|
||||
"dev backend-core plan exposes registry/source/build boundaries and target metadata",
|
||||
"baidu-netdisk and project-manager dev/prod plans are no-build main-server Compose artifact consumers",
|
||||
"deploy plan distinguishes D601 direct Compose from D601 k3s-managed artifact consumers",
|
||||
"deploy plan exposes no-runtime-source-build and forbidden build/public-port actions",
|
||||
"met-nonlinear remains runtime-verification-blocked",
|
||||
|
||||
Reference in New Issue
Block a user