fix(ci): fail fast on cold code queue artifacts

This commit is contained in:
Codex
2026-05-23 11:33:44 +00:00
parent 86f388722f
commit ca1e2544f0
2 changed files with 15 additions and 0 deletions
+1
View File
@@ -120,6 +120,7 @@ The CI user-service artifact task must follow these rules:
- The image must carry `unidesk.ai/service-id`, `unidesk.ai/source-repo`, `unidesk.ai/source-commit` and `unidesk.ai/dockerfile` labels.
- The command output must include the common `artifactSummary` fields: `serviceId`, `sourceCommit`, `sourceRepo`, `dockerfile`, `imageRef`, `tag`, `digest` and `digestRef`. The digest ref is suitable as immutable input for later dev/prod deployment work.
- CI is an artifact producer only. It must not restart production services, call production `deploy apply`, mutate the production namespace, or change `deploy.json`.
- Code Queue artifact publication must reuse the D601-local `unidesk-code-queue:d601` image through the Dockerfile `CODE_QUEUE_BASE_IMAGE` argument. If that warmed base image is missing, the producer must fail fast with `user_service_artifact_base_image_missing` instead of falling back to a cold `oven/bun:1-debian` build that re-downloads Rust, LLVM, npm tools or Playwright browsers.
- `CI.json` may also list downstream consumer-only catalog entries for D601 direct Compose services such as `findjob`, `pipeline`, `met-nonlinear`, and `k3sctl-adapter`; these entries describe the artifact contract and dry-run/support status, not new producer behavior.
- For D601 direct services, `findjob` and `pipeline` have reviewed dev/prod D601 Compose artifact consumers, `met-nonlinear` is dry-run only until the long-running service image contract matches the published artifact, and `k3sctl-adapter` is supervisor-only because it is the native k3s control bridge outside the k3s failure domain.
- ClaudeQQ source comes from `https://gitee.com/lyon1998/agent_skills`; the producer exports the `claudeqq/` subtree and overlays the UniDesk Dockerfile plus API adapter from `src/components/microservices/claudeqq/` before building. Runtime topology and deploy intent still live in manifests and `deploy.json`, not in `CI.json`.
@@ -696,8 +696,22 @@ spec:
if [ "$service_id" = "claudeqq" ]; then
build_context="$(dirname "$dockerfile")"
fi
base_args=()
if [ "$service_id" = "code-queue" ]; then
if docker image inspect unidesk-code-queue:d601 >/dev/null 2>&1; then
base_args=(--build-arg CODE_QUEUE_BASE_IMAGE=unidesk-code-queue:d601)
echo "user_service_artifact_base_image=unidesk-code-queue:d601"
else
echo "user_service_artifact_base_image_missing=unidesk-code-queue:d601" >&2
echo "user_service_artifact_slow_build_blocked=true" >&2
exit 2
fi
else
echo "user_service_artifact_base_image=default"
fi
DOCKER_BUILDKIT=0 docker build \
--network host \
"${base_args[@]}" \
--build-arg HTTP_PROXY=http://127.0.0.1:18789 \
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
--build-arg ALL_PROXY=http://127.0.0.1:18789 \