fix: expose baidu netdisk secret source contract
This commit is contained in:
+24
-1
@@ -5,7 +5,7 @@ import { pathToFileURL } from "node:url";
|
||||
import { runCommand } from "./command";
|
||||
import { type UniDeskConfig, type UniDeskMicroserviceConfig, repoRoot, rootPath } from "./config";
|
||||
import { ensureGithubSshIdentityForProvider } from "./deploy-ssh-identity";
|
||||
import { runArtifactRegistryCommand } from "./artifact-registry";
|
||||
import { baiduNetdiskRuntimeSecretRequirements, runtimeSecretContractFromEnvText, type RuntimeSecretContract, runArtifactRegistryCommand } from "./artifact-registry";
|
||||
import { startJob } from "./jobs";
|
||||
import { coreInternalFetch } from "./microservices";
|
||||
import { codeQueueSourceImportPreflight, codeQueueSourceSubdir } from "./code-queue-source-guard";
|
||||
@@ -1216,6 +1216,27 @@ function directComposeEnvFile(service: UniDeskMicroserviceConfig): string {
|
||||
return targetIsMain(service) ? writeComposeEnvFallbackPath() : "";
|
||||
}
|
||||
|
||||
function redactedSecretContractForService(config: UniDeskConfig | null, service: UniDeskMicroserviceConfig, environment: DeployEnvironment): RuntimeSecretContract | undefined {
|
||||
if (config === null || service.id !== "baidu-netdisk" || !targetIsMain(service)) return undefined;
|
||||
const composeEnvFile = config.providerGateway.upgrade.composeEnvFile;
|
||||
const envFile = join(config.providerGateway.upgrade.hostProjectRoot, composeEnvFile);
|
||||
const envText = existsSync(envFile) ? readFileSync(envFile, "utf8") : "";
|
||||
const contract = runtimeSecretContractFromEnvText(envText, baiduNetdiskRuntimeSecretRequirements, {
|
||||
path: envFile,
|
||||
exists: existsSync(envFile),
|
||||
workDir: config.providerGateway.upgrade.hostProjectRoot,
|
||||
composeEnvFile,
|
||||
composeService: service.repository.composeService,
|
||||
containerName: service.repository.containerName,
|
||||
});
|
||||
return {
|
||||
...contract,
|
||||
recommendedAction: contract.requiredSecretsPresent
|
||||
? "none"
|
||||
: `Restore ${contract.missingSecretKeys.join(", ")} in the canonical Compose env file without printing values, then rerun deploy apply --env ${environment} --service ${service.id} --dry-run before any live apply.`,
|
||||
};
|
||||
}
|
||||
|
||||
function directBuildContextOverride(service: UniDeskMicroserviceConfig): string {
|
||||
if (targetIsMain(service) && isUnideskRepo(service.repository.url)) return targetWorkDir(service);
|
||||
return "";
|
||||
@@ -2946,6 +2967,7 @@ function environmentDryRunPlan(
|
||||
const dryRunBlockedReason = artifactConsumerDryRunBlockedServiceIds.get(service.id) ?? null;
|
||||
const planKind = serviceConfig === null ? "unsupported" : artifactConsumerPlanKind(serviceConfig, environment);
|
||||
const planTarget = serviceConfig === null ? null : artifactConsumerPlanTarget(serviceConfig, environment);
|
||||
const runtimeSecrets = serviceConfig === null ? undefined : redactedSecretContractForService(config, serviceConfig, environment);
|
||||
const unsupportedReason = unsupported ? unsupportedEnvironmentPlanReason(service.id, environment) : null;
|
||||
const effectiveTarget = unsupported
|
||||
? unsupportedPlanTarget(service.id, environment, unsupportedReason ?? "unsupported")
|
||||
@@ -2992,6 +3014,7 @@ function environmentDryRunPlan(
|
||||
noRuntimeSourceBuild: unsupported || planKind !== "d601-dev-target-side-build",
|
||||
dryRunOnly: unsupported || (environment === "prod" && prodArtifactLiveApplyBlockedServiceIds.has(service.id)) || dryRunBlockedReason !== null,
|
||||
blockedReason: unsupportedReason ?? dryRunBlockedReason ?? (environment === "prod" ? prodArtifactLiveApplyBlockedServiceIds.get(service.id) ?? null : null),
|
||||
runtimeSecrets,
|
||||
},
|
||||
target: effectiveTarget,
|
||||
validation: unsupported
|
||||
|
||||
Reference in New Issue
Block a user