From e973b73dbc7df3f8ce16afdd9df30c06d7fd0112 Mon Sep 17 00:00:00 2001 From: Codex Date: Fri, 3 Jul 2026 15:51:04 +0000 Subject: [PATCH] fix: unify node git mirror apply path --- .../unidesk-cicd/references/control-plane.md | 3 ++ .../unidesk-cicd/references/git-mirror.md | 2 ++ scripts/src/cicd.ts | 20 +++++++++++++ scripts/src/hwlab-node/control-actions.ts | 29 +++++++++++++++++++ scripts/src/hwlab-node/web-probe.ts | 1 - 5 files changed, 54 insertions(+), 1 deletion(-) diff --git a/.agents/skills/unidesk-cicd/references/control-plane.md b/.agents/skills/unidesk-cicd/references/control-plane.md index b6f58841..2245cb38 100644 --- a/.agents/skills/unidesk-cicd/references/control-plane.md +++ b/.agents/skills/unidesk-cicd/references/control-plane.md @@ -30,6 +30,7 @@ bun scripts/cli.ts hwlab g14 control-plane apply --lane v02 [--dry-run|--confirm ```bash bun scripts/cli.ts hwlab nodes control-plane status --node --lane v03 [--pipeline-run |--source-commit ] [--full|--raw] +bun scripts/cli.ts hwlab nodes control-plane apply --node --lane v03 --confirm bun scripts/cli.ts hwlab nodes control-plane trigger-current --node --lane v03 --confirm --wait bun scripts/cli.ts hwlab nodes control-plane sync --node --lane v03 --confirm bun scripts/cli.ts hwlab nodes control-plane refresh --node --lane v03 --confirm @@ -37,6 +38,8 @@ bun scripts/cli.ts hwlab nodes control-plane refresh --node --lane v03 -- `status` 默认返回 compact summary,只保留 source commit、PipelineRun、Argo、runtime readiness、public probe、git mirror 和 next action;完整 expected YAML/render target、kubectl result tail、Secret/sourceRef 详情和 probe 原始结果只在 `--full` 或 `--raw` 下展开。 +`control-plane apply --confirm` 是 node/lane 控制面更新入口:先从 `config/hwlab-node-control-plane.yaml` 收敛 node-local infra、git-mirror ConfigMap、RBAC、Tekton/Argo 前置对象,再应用 source-render 的 runtime namespace、Pipeline 和 Argo Application。node-scoped git-mirror 脚本只有 infra manifest 是权威来源;不要把 HWLAB source render 生成的 `devops-infra/git-mirror.yaml` 当作正式 apply 来源。 + `trigger-current --confirm --wait` 是 node/lane CI/CD 一键入口:按 YAML 解析 source head,执行 k8s git-mirror source snapshot sync 和必要 pre-flush,刷新 control-plane,创建或复用 commit-pinned PipelineRun,等待 PipelineRun 终态,并在终态成功后继续执行 post-flush、GitOps/Argo、runtime readiness 和 public `/health` closeout。 120 秒是同一条 CLI 的端到端预算,不是每个子阶段各等一轮。嵌套 git-mirror sync/flush 必须按剩余预算裁剪并跳过多次 retry;状态探测也必须按剩余预算收窄。超预算时 CLI 返回 `pending` warning,输出阶段分解、PipelineRun 状态、GitOps flush revision、Argo observed/target revision、runtime/public readiness、pending TaskRun/Pod drill-down 和下一条受控 status 命令。PipelineRun 已成功但 Argo/runtime/public 仍在收敛时,状态原因应落在 Argo/runtime closeout,不再泛化成 CI TaskRun pending。 diff --git a/.agents/skills/unidesk-cicd/references/git-mirror.md b/.agents/skills/unidesk-cicd/references/git-mirror.md index f329775f..4b33f555 100644 --- a/.agents/skills/unidesk-cicd/references/git-mirror.md +++ b/.agents/skills/unidesk-cicd/references/git-mirror.md @@ -19,6 +19,8 @@ bun scripts/cli.ts hwlab nodes git-mirror flush --node --lane v03 --confi - `sync`: 把当前配置声明的 GitHub refs 拉入本地 mirror,并为 source branch tip 创建不可变 snapshot ref。 - `flush`: 把本地 lane GitOps ref 快进推回 GitHub。 +Node-scoped `hwlab nodes control-plane apply --node --lane v03 --confirm` 会先执行同一套 YAML-first infra apply 来收敛 git-mirror;git-mirror ConfigMap、proxy、transport 和 Secret 绑定以 `config/hwlab-node-control-plane.yaml` 为权威。HWLAB source render 产出的 `devops-infra/git-mirror.yaml` 不是 node-scoped 正式 apply 来源,旧产物漂移时修 infra render 或显式 `hwlab nodes control-plane infra apply`,不要补 host worktree 或双路径兼容。 + `cicd branch-follower` 已把 `sync` 和 `flush` 作为通用 Kubernetes-native stage 接入 HWLAB/AgentRun 自动跟随:trigger 前先 sync 并创建 immutable source snapshot,GitOps publish 后必须 flush,status/closeout 以 mirror cache ref 和 `pendingFlush=false`/`githubInSync=true` 为准。正常自动跟随不需要 operator 手动清理旧状态;旧 ConfigMap 或历史 PipelineRun 干扰时只用 `cicd branch-follower cleanup-state --follower --confirm` 做显式 cleanup。 GitHub/GitHub SSH/HTTPS 相关 egress 必须从 YAML-first host proxy 配置进入 git-mirror Job/Pod:node-scoped lanes 读取 `config/hwlab-node-control-plane.yaml#nodes..egressProxy` 和 `targets..gitMirror.egressProxy/githubTransport`,branch-follower controller 读取 `config/cicd-branch-followers.yaml#controller.source.githubSsh`。状态和日志应披露 `source=yaml`、proxy mode、object/key/sourceRef 摘要和 redacted fingerprint,不得依赖未声明的 host env、trans proxy、裸直连 GitHub 或 CLI 输出解析。 diff --git a/scripts/src/cicd.ts b/scripts/src/cicd.ts index 0cecd318..070de390 100644 --- a/scripts/src/cicd.ts +++ b/scripts/src/cicd.ts @@ -2039,6 +2039,7 @@ function compactNativePayload(payload: Record | null): Record | null): Record | null): Record | null { + if (value === null) return null; + return { + ok: value.ok === true, + completed: value.completed === true, + failed: value.failed === true, + timedOut: value.timedOut === true, + created: value.created === true, + reused: value.reused === true, + jobName: stringOrNull(value.jobName), + namespace: stringOrNull(value.namespace), + elapsedMs: numberOrNull(value.elapsedMs), + conditionReason: stringOrNull(value.conditionReason), + conditionMessage: stringOrNull(value.conditionMessage), + statusAuthority: stringOrNull(value.statusAuthority), + parsedDownstreamCliOutput: false, + }; +} + function compactTaskRunsPayload(taskRuns: Record | null): Record | null { if (taskRuns === null) return null; return { diff --git a/scripts/src/hwlab-node/control-actions.ts b/scripts/src/hwlab-node/control-actions.ts index 78d0a9b0..daa6170c 100644 --- a/scripts/src/hwlab-node/control-actions.ts +++ b/scripts/src/hwlab-node/control-actions.ts @@ -343,6 +343,29 @@ export function nodeRuntimeApply(scoped: ReturnType | RenderedCliResult): boolean { + return value.ok !== false; +} + export function nodeRuntimeRefresh(scoped: ReturnType): Record { const spec = scoped.spec; const script = [ diff --git a/scripts/src/hwlab-node/web-probe.ts b/scripts/src/hwlab-node/web-probe.ts index e8e2aaf5..d3c0302a 100644 --- a/scripts/src/hwlab-node/web-probe.ts +++ b/scripts/src/hwlab-node/web-probe.ts @@ -176,7 +176,6 @@ export function httpProxyEndpoint(value: string): { host: string; port: number } export function nodeRuntimeControlPlaneFiles(spec: HwlabRuntimeLaneSpec, renderDir: string): string[] { return [ - `${renderDir}/devops-infra/git-mirror.yaml`, `${renderDir}/${spec.runtimeRenderDir}/namespace.yaml`, `${renderDir}/${spec.tektonDir}/rbac.yaml`, `${renderDir}/${spec.tektonDir}/pipeline.yaml`,