Merge pull request #1478 from pikasTech/task/1476-jd01-followers

fix: move cicd branch followers to JD01
This commit is contained in:
Lyon
2026-07-03 12:59:08 +08:00
committed by GitHub
4 changed files with 69 additions and 28 deletions
@@ -39,7 +39,7 @@ Use configRef summaries in plan/status; do not create a `full.md` or super Markd
## First Followers
- `hwlab-jd01-v03`: follows `pikasTech/HWLAB@v0.3`, adapter `hwlab-node-runtime`, trigger `hwlab nodes control-plane trigger-current --node JD01 --lane v03 --confirm --wait`.
- `agentrun-d601-v02`: follows `pikasTech/agentrun@v0.2`, adapter `agentrun-yaml-lane`, trigger `agentrun control-plane trigger-current --node D601 --lane v02 --confirm --wait`.
- `agentrun-jd01-v02`: follows `pikasTech/agentrun@v0.2`, adapter `agentrun-yaml-lane`, trigger `agentrun control-plane trigger-current --node JD01 --lane jd01-v02 --confirm --wait`.
- `web-probe-sentinel-master`: follows `pikasTech/unidesk@master`, adapter `web-probe-sentinel-cicd`, trigger `web-probe sentinel publish-current --node JD01 --lane v03 --sentinel jd01-web-probe-sentinel --confirm --wait`.
## Status Contract
+19 -19
View File
@@ -9,7 +9,7 @@ metadata:
controller:
namespace: devops-infra
kubeRoute: D601:k3s
kubeRoute: JD01:k3s
fieldManager: unidesk-cicd-branch-follower
serviceAccountName: unidesk-cicd-branch-follower
deploymentName: unidesk-cicd-branch-follower
@@ -89,28 +89,28 @@ followers:
closeout:
checks: ["sourceSnapshot", "pipelineRun", "gitMirrorPostFlush", "gitops", "argo", "runtime", "publicHealth"]
- id: agentrun-d601-v02
- id: agentrun-jd01-v02
enabled: true
adapter: agentrun-yaml-lane
description: Follow AgentRun v0.2 into the D601 YAML-only runtime lane.
description: Follow AgentRun v0.2 into the JD01 YAML-only runtime lane.
source:
repository: pikasTech/agentrun
branch: v0.2
branchRef: config/agentrun.yaml#controlPlane.lanes.v02.source.branch
authorityRef: config/agentrun.yaml#controlPlane.lanes.v02.source.sourceAuthority
branchRef: config/agentrun.yaml#controlPlane.lanes.jd01-v02.source.branch
authorityRef: config/agentrun.yaml#controlPlane.lanes.jd01-v02.source.sourceAuthority
snapshotPrefix: refs/unidesk/snapshots/agentrun-yaml-lane/v0.2
snapshotRef: config/agentrun.yaml#controlPlane.lanes.v02.source.sourceSnapshot.stageRefPrefix
snapshotRef: config/agentrun.yaml#controlPlane.lanes.jd01-v02.source.sourceSnapshot.stageRefPrefix
target:
node: D601
lane: v02
node: JD01
lane: jd01-v02
namespace: agentrun-v02
configRefs:
lane: config/agentrun.yaml#controlPlane.lanes.v02
source: config/agentrun.yaml#controlPlane.lanes.v02.source
runtime: config/agentrun.yaml#controlPlane.lanes.v02.runtime
pipeline: config/agentrun.yaml#controlPlane.lanes.v02.ci.pipeline
pipelineRunPrefix: config/agentrun.yaml#controlPlane.lanes.v02.ci.pipelineRunPrefix
argoApplication: config/agentrun.yaml#controlPlane.lanes.v02.gitops.argoApplication
lane: config/agentrun.yaml#controlPlane.lanes.jd01-v02
source: config/agentrun.yaml#controlPlane.lanes.jd01-v02.source
runtime: config/agentrun.yaml#controlPlane.lanes.jd01-v02.runtime
pipeline: config/agentrun.yaml#controlPlane.lanes.jd01-v02.ci.pipeline
pipelineRunPrefix: config/agentrun.yaml#controlPlane.lanes.jd01-v02.ci.pipelineRunPrefix
argoApplication: config/agentrun.yaml#controlPlane.lanes.jd01-v02.gitops.argoApplication
budgets:
endToEndSeconds: 120
statusSeconds: 35
@@ -118,19 +118,19 @@ followers:
sourceSyncSeconds: 20
commands:
plan:
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "trigger-current", "--node", "D601", "--lane", "v02", "--dry-run", "--raw"]
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "trigger-current", "--node", "JD01", "--lane", "jd01-v02", "--dry-run", "--raw"]
timeoutSeconds: 35
status:
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "status", "--node", "D601", "--lane", "v02", "--raw"]
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "status", "--node", "JD01", "--lane", "jd01-v02", "--raw"]
timeoutSeconds: 35
trigger:
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "trigger-current", "--node", "D601", "--lane", "v02", "--confirm", "--wait", "--raw"]
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "trigger-current", "--node", "JD01", "--lane", "jd01-v02", "--confirm", "--wait", "--raw"]
timeoutSeconds: 120
events:
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "status", "--node", "D601", "--lane", "v02", "--full"]
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "status", "--node", "JD01", "--lane", "jd01-v02", "--full"]
timeoutSeconds: 35
logs:
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "status", "--node", "D601", "--lane", "v02", "--full"]
argv: ["bun", "scripts/cli.ts", "agentrun", "control-plane", "status", "--node", "JD01", "--lane", "jd01-v02", "--full"]
timeoutSeconds: 35
closeout:
checks: ["sourceSnapshot", "pipelineRun", "gitops", "argo", "manager", "runtimeHealth"]
@@ -9,7 +9,7 @@ SPEC: PJ2026-01060703 CI/CD branch follower draft-2026-07-03-p0-branch-follower
首批 follower
- `hwlab-jd01-v03`: 跟随 `pikasTech/HWLAB@v0.3`,触发 `hwlab-node-runtime` 控制面。
- `agentrun-d601-v02`: 跟随 `pikasTech/agentrun@v0.2`,触发 `agentrun-yaml-lane` 控制面。
- `agentrun-jd01-v02`: 跟随 `pikasTech/agentrun@v0.2`,触发 JD01 `agentrun-yaml-lane` 控制面。
- `web-probe-sentinel-master`: 跟随 `pikasTech/unidesk@master`,触发 YAML 选中的 web-probe sentinel CI/CD。
## 2. 强约束
@@ -80,7 +80,7 @@ bun scripts/cli.ts cicd branch-follower run-once --all --confirm --wait --contro
每个 adapter 复用既有受控 CLI
- `hwlab-node-runtime`: `hwlab nodes control-plane status|trigger-current --node JD01 --lane v03`
- `agentrun-yaml-lane`: `agentrun control-plane status|trigger-current --node D601 --lane v02`
- `agentrun-yaml-lane`: `agentrun control-plane status|trigger-current --node JD01 --lane jd01-v02`
- `web-probe-sentinel-cicd`: `web-probe sentinel publish-current|control-plane status --node JD01 --lane v03 --sentinel jd01-web-probe-sentinel`
branch follower 不直接操作 Tekton、Argo、kubectl 或 GitHub。它只通过 adapter 命令读取 compact status 或触发已存在的控制面。
+47 -6
View File
@@ -1,7 +1,7 @@
// SPEC: PJ2026-01060703 CI/CD branch follower draft-2026-07-03-p0-branch-follower.
// Responsibility: YAML-first K8s branch-follower controller, status, and adapter orchestration.
import { createHash } from "node:crypto";
import { readFileSync } from "node:fs";
import { existsSync, readFileSync } from "node:fs";
import { isAbsolute } from "node:path";
import { repoRoot, rootPath, type UniDeskConfig } from "./config";
import { runCommand, type CommandResult } from "./command";
@@ -579,11 +579,14 @@ function buildPlan(registry: BranchFollowerRegistry, options: ParsedOptions): Re
async function applyController(registry: BranchFollowerRegistry, options: ParsedOptions): Promise<Record<string, unknown>> {
const manifests = renderControllerManifests(registry);
const manifestYaml = `${manifests.map((item) => Bun.YAML.stringify(item).trim()).join("\n---\n")}\n`;
const manifestBase64 = Buffer.from(manifestYaml, "utf8").toString("base64");
const waitSeconds = options.timeoutSeconds ?? registry.controller.budgets.applyWaitSeconds;
const script = [
"set -eu",
"tmp=$(mktemp)",
"cat >\"$tmp\"",
"base64 -d >\"$tmp\" <<'UNIDESK_CICD_BRANCH_FOLLOWER_MANIFEST_B64'",
manifestBase64,
"UNIDESK_CICD_BRANCH_FOLLOWER_MANIFEST_B64",
options.dryRun
? `kubectl apply --dry-run=server --field-manager=${shQuote(registry.controller.fieldManager)} -f "$tmp"`
: `kubectl apply --server-side --force-conflicts --field-manager=${shQuote(registry.controller.fieldManager)} -f "$tmp"`,
@@ -592,7 +595,7 @@ async function applyController(registry: BranchFollowerRegistry, options: Parsed
: "true",
`kubectl -n ${shQuote(registry.controller.namespace)} get deploy/${shQuote(registry.controller.deploymentName)} cm/${shQuote(registry.controller.configMapName)} cm/${shQuote(registry.controller.stateConfigMapName)} lease/${shQuote(registry.controller.leaseName)} -o wide 2>/dev/null || true`,
].join("\n");
const result = runKubeScript(registry, options, script, manifestYaml, (waitSeconds + 15) * 1000);
const result = runKubeScript(registry, options, script, "", (waitSeconds + 15) * 1000);
return {
ok: result.exitCode === 0,
action: "apply",
@@ -849,7 +852,8 @@ async function readAdapterStatus(follower: FollowerSpec, options: ParsedOptions)
const spec = follower.commands.status;
const timeoutSeconds = options.timeoutSeconds ?? spec.timeoutSeconds;
const result = runCommand(spec.argv, repoRoot, { timeoutMs: timeoutSeconds * 1000 });
const payload = parseJsonObject(result.stdout) ?? parseJsonObject(result.stderr);
const rawPayload = parseJsonObject(result.stdout) ?? parseJsonObject(result.stderr);
const payload = recoverDumpPayload(rawPayload) ?? rawPayload;
const body = payload === null ? null : unwrapEnvelope(payload);
const observedSha = firstStringPath(body, [
"summary.sourceCommit",
@@ -864,6 +868,7 @@ async function readAdapterStatus(follower: FollowerSpec, options: ParsedOptions)
"selectedCommit",
"sourceCommit",
"observedSha",
"alignment.sourceCommit",
], ["sourceCommit", "observedSha", "observedCommit", "selectedCommit", "selectedSourceCommit"]);
const targetSha = firstStringPath(body, [
"summary.targetCommit",
@@ -878,6 +883,10 @@ async function readAdapterStatus(follower: FollowerSpec, options: ParsedOptions)
"deployedCommit",
"currentCommit",
"targetSha",
"summary.runtimeAlignment.managerSourceCommit",
"alignment.runtimeAlignment.managerSourceCommit",
"runtime.manager.sourceCommit",
"manager.sourceCommit",
], ["targetCommit", "targetSha", "runtimeCommit", "gitopsCommit", "deployedCommit", "currentCommit"]);
const lastTriggeredSha = firstStringPath(body, [
"summary.lastTriggeredSha",
@@ -894,10 +903,12 @@ async function readAdapterStatus(follower: FollowerSpec, options: ParsedOptions)
], ["lastSucceededSha", "lastSucceededCommit", "succeededCommit"]);
const pipelineRun = firstStringPath(body, [
"summary.pipelineRun",
"summary.expectedPipelineRun",
"alignment.expectedPipelineRun",
"pipelineRun.name",
"pipelineRun",
"latestPipelineRun.name",
], ["pipelineRun", "pipelineRunName"]);
], ["pipelineRun", "pipelineRunName", "expectedPipelineRun"]);
const inFlightJob = firstStringPath(body, [
"summary.inFlightJob",
"job.id",
@@ -1001,7 +1012,7 @@ function readK8sState(registry: BranchFollowerRegistry, options: ParsedOptions):
const deploymentResult = kubeJson(registry, options, `kubectl -n ${shQuote(registry.controller.namespace)} get deploy ${shQuote(registry.controller.deploymentName)} -o json`, 10_000);
const leaseResult = kubeJson(registry, options, `kubectl -n ${shQuote(registry.controller.namespace)} get lease ${shQuote(registry.controller.leaseName)} -o json`, 10_000);
const podSelector = labelSelector(registry.controller.labels);
const podsResult = kubeJson(registry, options, `kubectl -n ${shQuote(registry.controller.namespace)} get pods -l ${shQuote(podSelector)} -o json`, 10_000);
const podsResult = kubePodList(registry, options, podSelector);
if (!stateResult.ok && !isNotFoundText(stateResult.error)) errors.push(`state configmap: ${stateResult.error}`);
if (!deploymentResult.ok && !isNotFoundText(deploymentResult.error)) errors.push(`deployment: ${deploymentResult.error}`);
if (!leaseResult.ok && !isNotFoundText(leaseResult.error)) errors.push(`lease: ${leaseResult.error}`);
@@ -1037,6 +1048,21 @@ function kubeJson(registry: BranchFollowerRegistry, options: ParsedOptions, comm
};
}
function kubePodList(registry: BranchFollowerRegistry, options: ParsedOptions, selector: string): { ok: boolean; value: Record<string, unknown> | null; error: string } {
const command = `kubectl -n ${shQuote(registry.controller.namespace)} get pods -l ${shQuote(selector)} -o name`;
const result = runKubeScript(registry, options, `set -eu\n${command}`, "", 10_000);
const names = result.stdout
.split(/\r?\n/u)
.map((line) => line.trim())
.filter((line) => line.length > 0)
.map((line) => line.replace(/^pod\//u, ""));
return {
ok: result.exitCode === 0,
value: result.exitCode === 0 ? { items: names.map((name) => ({ metadata: { name } })) } : null,
error: redactText(tailText(result.stderr || result.stdout, 800)),
};
}
function runKubeScript(registry: BranchFollowerRegistry, options: ParsedOptions, script: string, input: string, timeoutMs: number): CommandResult {
if (options.controller) {
return runCommand(["sh", "-lc", script], repoRoot, { input, timeoutMs });
@@ -1166,12 +1192,14 @@ function controllerLoopScript(): string {
"while true; do",
" started_at=$(date -Iseconds)",
" echo \"branch-follower loop started ${started_at}\"",
" cd /work",
" rm -rf /work/unidesk",
" git clone --depth=1 --branch \"${UNIDESK_CONTROLLER_SOURCE_BRANCH}\" \"${UNIDESK_CONTROLLER_GIT_MIRROR_READ_URL}\" /work/unidesk",
" cp /etc/unidesk-cicd-branch-follower/cicd-branch-followers.yaml /work/unidesk/config/cicd-branch-followers.yaml",
" cd /work/unidesk",
" bun scripts/cli.ts cicd branch-follower run-once --all --confirm --wait --controller --config config/cicd-branch-followers.yaml --timeout-seconds \"${timeout}\" --json || true",
" echo \"branch-follower loop finished $(date -Iseconds)\"",
" cd /work",
" sleep \"${interval}\"",
"done",
].join("\n");
@@ -1278,6 +1306,19 @@ function unwrapEnvelope(payload: Record<string, unknown>): Record<string, unknow
return data ?? payload;
}
function recoverDumpPayload(payload: Record<string, unknown> | null): Record<string, unknown> | null {
if (payload === null) return null;
const data = asOptionalRecord(payload.data);
const dump = asOptionalRecord(data?.dump) ?? asOptionalRecord(payload.dump);
const path = stringOrNull(dump?.path);
if (path === null || !existsSync(path)) return payload;
try {
return parseJsonObject(readFileSync(path, "utf8")) ?? payload;
} catch {
return payload;
}
}
function firstStringPath(root: Record<string, unknown> | null, paths: string[], fallbackKeys: string[] = []): string | null {
if (root === null) return null;
for (const path of paths) {