1335 lines
63 KiB
TypeScript
1335 lines
63 KiB
TypeScript
import { createHash } from "node:crypto";
|
|
import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
|
|
import { join, resolve } from "node:path";
|
|
import { runCommand } from "./command";
|
|
import { type UniDeskConfig, type UniDeskMicroserviceConfig, repoRoot, rootPath } from "./config";
|
|
import { ensureGithubSshIdentityForProvider } from "./deploy-ssh-identity";
|
|
import { startJob } from "./jobs";
|
|
import { coreInternalFetch } from "./microservices";
|
|
|
|
type DeployAction = "check" | "plan" | "apply";
|
|
|
|
interface DeployManifestService {
|
|
id: string;
|
|
repo: string;
|
|
commitId: string;
|
|
}
|
|
|
|
interface DeployManifest {
|
|
schemaVersion: 1;
|
|
services: DeployManifestService[];
|
|
}
|
|
|
|
interface DeployOptions {
|
|
file: string;
|
|
serviceId: string | null;
|
|
runNow: boolean;
|
|
dryRun: boolean;
|
|
force: boolean;
|
|
timeoutMs: number;
|
|
}
|
|
|
|
interface StepResult {
|
|
step: string;
|
|
ok: boolean;
|
|
detail: string;
|
|
startedAt: string;
|
|
finishedAt: string;
|
|
raw?: unknown;
|
|
}
|
|
|
|
interface DispatchResult {
|
|
ok: boolean;
|
|
taskId: string | null;
|
|
status: string | null;
|
|
stdout: string;
|
|
stderr: string;
|
|
exitCode: number | null;
|
|
raw: unknown;
|
|
}
|
|
|
|
interface BackgroundPoll {
|
|
done: boolean;
|
|
exitCode: number | null;
|
|
logTail: string;
|
|
raw: unknown;
|
|
}
|
|
|
|
interface ServiceRuntimeState {
|
|
serviceId: string;
|
|
ok: boolean;
|
|
supported: boolean;
|
|
reason: string | null;
|
|
desiredRepo: string;
|
|
desiredCommit: string;
|
|
providerId: string;
|
|
deploymentMode: string;
|
|
currentCommit: string | null;
|
|
healthCommit: string | null;
|
|
imageCommit: string | null;
|
|
orchestratorCommit: string | null;
|
|
healthOk: boolean;
|
|
upToDate: boolean;
|
|
raw?: unknown;
|
|
}
|
|
|
|
const defaultDeployFile = "deploy.json";
|
|
const defaultTimeoutMs = 900_000;
|
|
const shortDispatchWaitMs = 25_000;
|
|
const shortRemoteTimeoutMs = 20_000;
|
|
const pollIntervalMs = 5_000;
|
|
const remoteDeployRoot = "/home/ubuntu/.unidesk/deploy";
|
|
const k8sNamespace = "unidesk";
|
|
const k8sKubeconfig = "/etc/rancher/k3s/k3s.yaml";
|
|
const k3sDeployDir = "/home/ubuntu/cq-deploy";
|
|
const providerGatewayWsEgressProxyUrl = "http://127.0.0.1:18789";
|
|
const nativeK3sInstallVersion = "v1.34.1+k3s1";
|
|
const nativeK3sImage = "rancher/k3s:v1.34.1-k3s1";
|
|
const nativeK3sCtrAddress = "/run/k3s/containerd/containerd.sock";
|
|
|
|
function isHelpArg(value: string | undefined): boolean {
|
|
return value === "help" || value === "--help" || value === "-h";
|
|
}
|
|
|
|
function deployHelp(action: string | undefined = undefined): Record<string, unknown> {
|
|
const command = action === undefined || isHelpArg(action) ? "deploy check|plan|apply" : `deploy ${action}`;
|
|
return {
|
|
ok: true,
|
|
command,
|
|
usage: {
|
|
check: "bun scripts/cli.ts deploy check [--file deploy.json] [--service id]",
|
|
plan: "bun scripts/cli.ts deploy plan [--file deploy.json] [--service id]",
|
|
apply: "bun scripts/cli.ts deploy apply [--file deploy.json] [--service id] [--dry-run] [--force] [--timeout-ms N] [--run-now]",
|
|
},
|
|
actions: {
|
|
check: "Validate desired repo+commit state against live service health and commit markers.",
|
|
plan: "Show desired/live drift without requiring live health to be healthy.",
|
|
apply: "Start an async target-side reconcile job unless --run-now is explicitly present.",
|
|
},
|
|
options: [
|
|
{ name: "--file <path>", default: defaultDeployFile, description: "Desired-state manifest path relative to the repo root." },
|
|
{ name: "--service <id>", description: "Limit reconcile to one service from the manifest." },
|
|
{ name: "--dry-run", description: "Prepare and validate without mutating the target service." },
|
|
{ name: "--force", description: "Redeploy even when the live commit appears up to date." },
|
|
{ name: "--timeout-ms <n>", default: defaultTimeoutMs, description: "Per-step timeout budget where supported." },
|
|
{ name: "--run-now", description: "Run apply in the foreground worker process; omit it for fire-and-forget async job mode." },
|
|
],
|
|
};
|
|
}
|
|
|
|
function nowIso(): string {
|
|
return new Date().toISOString();
|
|
}
|
|
|
|
function elapsedMs(startedAt: number): number {
|
|
return Math.max(0, Date.now() - startedAt);
|
|
}
|
|
|
|
function shellQuote(value: string): string {
|
|
return `'${value.replace(/'/gu, `'\\''`)}'`;
|
|
}
|
|
|
|
function compactTail(text: string, maxChars = 1600): string {
|
|
return text.length > maxChars ? text.slice(text.length - maxChars) : text;
|
|
}
|
|
|
|
function progressLine(step: string, message: string, detail?: unknown): void {
|
|
const payload = detail === undefined
|
|
? { at: nowIso(), step, message }
|
|
: { at: nowIso(), step, message, detail };
|
|
process.stderr.write(`${JSON.stringify(payload)}\n`);
|
|
}
|
|
|
|
function asRecord(value: unknown): Record<string, unknown> | null {
|
|
return typeof value === "object" && value !== null && !Array.isArray(value) ? value as Record<string, unknown> : null;
|
|
}
|
|
|
|
function asString(value: unknown): string {
|
|
return typeof value === "string" ? value : "";
|
|
}
|
|
|
|
function parseFullCommit(value: string): string {
|
|
const match = value.match(/\b[0-9a-f]{40}\b/iu);
|
|
return match?.[0]?.toLowerCase() ?? "";
|
|
}
|
|
|
|
function safeId(value: string): string {
|
|
const sanitized = value.replace(/[^A-Za-z0-9_.-]/gu, "-");
|
|
if (sanitized.length === 0) throw new Error(`invalid service id: ${value}`);
|
|
return sanitized;
|
|
}
|
|
|
|
function repoResolveCacheDir(repo: string): string {
|
|
return rootPath(".state", "deploy", "resolve", createHash("sha256").update(repo).digest("hex").slice(0, 16));
|
|
}
|
|
|
|
function repoSlug(repo: string): string | null {
|
|
const trimmed = repo.trim().replace(/\.git$/u, "");
|
|
const https = trimmed.match(/^https:\/\/([^/]+)\/(.+)$/u);
|
|
if (https !== null) return `${https[1]?.toLowerCase()}/${https[2]}`;
|
|
const ssh = trimmed.match(/^git@([^:]+):(.+)$/u);
|
|
if (ssh !== null) return `${ssh[1]?.toLowerCase()}/${ssh[2]}`;
|
|
return null;
|
|
}
|
|
|
|
function sshUrlForSlug(slug: string | null): string | null {
|
|
if (slug === null) return null;
|
|
const [host = "", ...pathParts] = slug.split("/");
|
|
const path = pathParts.join("/");
|
|
if (host.length === 0 || path.length === 0) return null;
|
|
if (host !== "github.com" && host !== "gitee.com") return null;
|
|
return `git@${host}:${path}.git`;
|
|
}
|
|
|
|
function candidateRepoUrls(repo: string): string[] {
|
|
const desiredSlug = repoSlug(repo);
|
|
const urls = [repo];
|
|
const localOrigin = runCommand(["git", "remote", "get-url", "origin"], repoRoot);
|
|
const localOriginUrl = localOrigin.exitCode === 0 ? localOrigin.stdout.trim() : "";
|
|
if (localOriginUrl.length > 0 && repoSlug(localOriginUrl) === desiredSlug) urls.push(localOriginUrl);
|
|
const sshUrl = sshUrlForSlug(desiredSlug);
|
|
if (sshUrl !== null) urls.push(sshUrl);
|
|
return [...new Set(urls)];
|
|
}
|
|
|
|
function commandFailure(result: ReturnType<typeof runCommand>, maxChars = 1200): string {
|
|
const detail = [result.stderr, result.stdout].filter(Boolean).join("\n");
|
|
return compactTail(detail, maxChars) || `exit ${result.exitCode}`;
|
|
}
|
|
|
|
function runGitOrThrow(args: string[], cwd: string, message: string): ReturnType<typeof runCommand> {
|
|
const result = runCommand(["git", ...args], cwd);
|
|
if (result.exitCode !== 0) throw new Error(`${message}: ${commandFailure(result)}`);
|
|
return result;
|
|
}
|
|
|
|
function resolveDesiredCommit(desired: DeployManifestService): DeployManifestService {
|
|
const cacheDir = repoResolveCacheDir(desired.repo);
|
|
mkdirSync(cacheDir, { recursive: true });
|
|
if (!existsSync(join(cacheDir, ".git", "config"))) {
|
|
const init = runCommand(["git", "init", cacheDir], repoRoot);
|
|
if (init.exitCode !== 0 && !existsSync(join(cacheDir, ".git", "config"))) {
|
|
throw new Error(`failed to initialize deploy commit resolver for ${desired.repo}: ${commandFailure(init)}`);
|
|
}
|
|
}
|
|
|
|
const fetchErrors: string[] = [];
|
|
for (const repoUrl of candidateRepoUrls(desired.repo)) {
|
|
runCommand(["git", "-C", cacheDir, "remote", "remove", "origin"], repoRoot);
|
|
const addRemote = runCommand(["git", "-C", cacheDir, "remote", "add", "origin", repoUrl], repoRoot);
|
|
if (addRemote.exitCode !== 0) {
|
|
fetchErrors.push(`${repoUrl}: ${commandFailure(addRemote)}`);
|
|
continue;
|
|
}
|
|
const fetch = runCommand([
|
|
"git",
|
|
"-C",
|
|
cacheDir,
|
|
"fetch",
|
|
"--no-tags",
|
|
"--prune",
|
|
"origin",
|
|
"+refs/heads/*:refs/remotes/origin/*",
|
|
"+refs/tags/*:refs/tags/*",
|
|
], repoRoot);
|
|
if (fetch.exitCode === 0) {
|
|
fetchErrors.length = 0;
|
|
break;
|
|
}
|
|
fetchErrors.push(`${repoUrl}: ${commandFailure(fetch)}`);
|
|
}
|
|
if (fetchErrors.length > 0) {
|
|
throw new Error(`deploy manifest service ${desired.id} cannot fetch ${desired.repo} before deploy: ${compactTail(fetchErrors.join("\n"), 1600)}`);
|
|
}
|
|
|
|
const resolved = runCommand(["git", "-C", cacheDir, "rev-parse", "--verify", `${desired.commitId}^{commit}`], repoRoot);
|
|
const fullCommit = parseFullCommit(resolved.stdout);
|
|
if (resolved.exitCode !== 0 || fullCommit.length !== 40) {
|
|
throw new Error(`deploy manifest service ${desired.id} commitId ${desired.commitId} cannot be resolved in ${desired.repo}; use a pushed unique 7-40 char SHA. ${commandFailure(resolved)}`);
|
|
}
|
|
return { ...desired, commitId: fullCommit };
|
|
}
|
|
|
|
function resolveManifestCommits(manifest: DeployManifest, serviceId: string | null): DeployManifest {
|
|
return {
|
|
schemaVersion: manifest.schemaVersion,
|
|
services: manifest.services.map((service) => (serviceId === null || service.id === serviceId ? resolveDesiredCommit(service) : service)),
|
|
};
|
|
}
|
|
|
|
function optionValue(args: string[], names: string[]): string | undefined {
|
|
for (const name of names) {
|
|
const index = args.indexOf(name);
|
|
if (index === -1) continue;
|
|
const raw = args[index + 1];
|
|
if (raw === undefined || raw.length === 0 || raw.startsWith("--")) throw new Error(`${name} requires a non-empty value`);
|
|
return raw;
|
|
}
|
|
return undefined;
|
|
}
|
|
|
|
function positiveIntegerOption(args: string[], names: string[], defaultValue: number): number {
|
|
const raw = optionValue(args, names);
|
|
if (raw === undefined) return defaultValue;
|
|
const parsed = Number(raw);
|
|
if (!Number.isInteger(parsed) || parsed <= 0) throw new Error(`${names[0]} must be a positive integer`);
|
|
return parsed;
|
|
}
|
|
|
|
function parseOptions(args: string[]): DeployOptions {
|
|
return {
|
|
file: optionValue(args, ["--file"]) ?? defaultDeployFile,
|
|
serviceId: optionValue(args, ["--service", "--service-id"]) ?? null,
|
|
runNow: args.includes("--run-now"),
|
|
dryRun: args.includes("--dry-run"),
|
|
force: args.includes("--force"),
|
|
timeoutMs: positiveIntegerOption(args, ["--timeout-ms"], defaultTimeoutMs),
|
|
};
|
|
}
|
|
|
|
function positionalArgs(args: string[]): string[] {
|
|
const result: string[] = [];
|
|
for (let index = 0; index < args.length; index += 1) {
|
|
const value = args[index] ?? "";
|
|
if (value.startsWith("--")) {
|
|
if (!["--run-now", "--force"].includes(value)) index += 1;
|
|
continue;
|
|
}
|
|
result.push(value);
|
|
}
|
|
return result;
|
|
}
|
|
|
|
function readDeployManifest(file: string): DeployManifest {
|
|
const path = resolve(repoRoot, file);
|
|
if (!existsSync(path)) throw new Error(`deploy manifest not found: ${path}`);
|
|
const parsed = JSON.parse(readFileSync(path, "utf8")) as unknown;
|
|
const record = asRecord(parsed);
|
|
if (record === null) throw new Error("deploy manifest must be an object");
|
|
if (record.schemaVersion !== 1) throw new Error("deploy manifest schemaVersion must be 1");
|
|
if (!Array.isArray(record.services)) throw new Error("deploy manifest services must be an array");
|
|
const seen = new Set<string>();
|
|
const services = record.services.map((item, index) => {
|
|
const service = asRecord(item);
|
|
if (service === null) throw new Error(`deploy manifest services[${index}] must be an object`);
|
|
const id = asString(service.id);
|
|
const repo = asString(service.repo);
|
|
const commitId = asString(service.commitId).toLowerCase();
|
|
if (id.length === 0) throw new Error(`deploy manifest services[${index}].id must be a non-empty string`);
|
|
if (repo.length === 0) throw new Error(`deploy manifest services[${index}].repo must be a non-empty string`);
|
|
if (!/^[0-9a-f]{7,40}$/iu.test(commitId)) throw new Error(`deploy manifest services[${index}].commitId must be a 7-40 char git SHA`);
|
|
if (seen.has(id)) throw new Error(`duplicate deploy manifest service id: ${id}`);
|
|
seen.add(id);
|
|
return { id, repo, commitId };
|
|
});
|
|
return { schemaVersion: 1, services };
|
|
}
|
|
|
|
function selectServices(config: UniDeskConfig, manifest: DeployManifest, serviceId: string | null): Array<{
|
|
desired: DeployManifestService;
|
|
config: UniDeskMicroserviceConfig;
|
|
}> {
|
|
const configById = new Map(config.microservices.map((service) => [service.id, service]));
|
|
const selected = serviceId === null ? manifest.services : manifest.services.filter((service) => service.id === serviceId);
|
|
if (serviceId !== null && selected.length === 0) throw new Error(`deploy manifest does not contain service: ${serviceId}`);
|
|
return selected.map((desired) => {
|
|
const service = configById.get(desired.id);
|
|
if (service === undefined) throw new Error(`deploy manifest service ${desired.id} is not present in config.json microservices`);
|
|
return { desired, config: service };
|
|
});
|
|
}
|
|
|
|
function unsupportedReason(service: UniDeskMicroserviceConfig): string | null {
|
|
if (service.repository.dockerfile.startsWith("docker.io/")) return "image-only service has no Dockerfile source artifact";
|
|
if (service.repository.composeFile.startsWith("docker run")) return "docker-run image-only service has no compose/k8s build path";
|
|
if (service.repository.commitId === "local") return null;
|
|
return null;
|
|
}
|
|
|
|
function targetIsMain(service: UniDeskMicroserviceConfig): boolean {
|
|
return service.providerId === "main-server";
|
|
}
|
|
|
|
function targetDeployRoot(service: UniDeskMicroserviceConfig): string {
|
|
return targetIsMain(service) ? rootPath(".state", "deploy") : remoteDeployRoot;
|
|
}
|
|
|
|
function targetRepoDir(service: UniDeskMicroserviceConfig): string {
|
|
return `${targetDeployRoot(service)}/repos/${safeId(service.id)}`;
|
|
}
|
|
|
|
function targetExportDir(service: UniDeskMicroserviceConfig, runId: string): string {
|
|
return `${targetDeployRoot(service)}/exports/${safeId(service.id)}-${runId}`;
|
|
}
|
|
|
|
function targetWorkDir(service: UniDeskMicroserviceConfig): string {
|
|
if (service.deployment.mode === "k3sctl-managed") return k3sDeployDir;
|
|
if (targetIsMain(service) && service.repository.url === "https://github.com/pikasTech/unidesk") {
|
|
return rootPath(".state", "deploy", "work", safeId(service.id));
|
|
}
|
|
return service.development.worktreePath;
|
|
}
|
|
|
|
function buildImageTag(service: UniDeskMicroserviceConfig): string {
|
|
if (service.deployment.mode === "k3sctl-managed") return `unidesk-${service.id}:d601`;
|
|
if (targetIsMain(service)) {
|
|
if (["project-manager", "baidu-netdisk", "oa-event-flow"].includes(service.repository.composeService)) return service.repository.composeService;
|
|
return `unidesk-${service.repository.composeService}`;
|
|
}
|
|
return `unidesk-${service.id}:${service.providerId.toLowerCase()}`;
|
|
}
|
|
|
|
function directComposeFile(service: UniDeskMicroserviceConfig): string {
|
|
return targetIsMain(service)
|
|
? rootPath("docker-compose.yml")
|
|
: `${targetWorkDir(service)}/${service.repository.composeFile}`;
|
|
}
|
|
|
|
function directComposeEnvFile(service: UniDeskMicroserviceConfig): string {
|
|
return targetIsMain(service) ? writeComposeEnvFallbackPath() : "";
|
|
}
|
|
|
|
function directBuildContextOverride(service: UniDeskMicroserviceConfig): string {
|
|
if (targetIsMain(service) && service.repository.url === "https://github.com/pikasTech/unidesk") return targetWorkDir(service);
|
|
return "";
|
|
}
|
|
|
|
function directDockerfileOverride(service: UniDeskMicroserviceConfig): string {
|
|
if (targetIsMain(service) && service.repository.url === "https://github.com/pikasTech/unidesk") return service.repository.dockerfile;
|
|
return "";
|
|
}
|
|
|
|
function k8sManifestPath(service: UniDeskMicroserviceConfig): string {
|
|
const composeFile = service.repository.composeFile;
|
|
if (!composeFile.endsWith(".k3s.json")) throw new Error(`${service.id} k3s service composeFile must point to *.k3s.json`);
|
|
return composeFile.replace(/\.k3s\.json$/u, ".k8s.yaml");
|
|
}
|
|
|
|
function sourceProxyPrelude(service: UniDeskMicroserviceConfig): string {
|
|
if (targetIsMain(service)) return "";
|
|
return [
|
|
`build_proxy=${shellQuote(providerGatewayWsEgressProxyUrl)}`,
|
|
"export HTTP_PROXY=\"$build_proxy\" HTTPS_PROXY=\"$build_proxy\" ALL_PROXY=\"$build_proxy\"",
|
|
"export NO_PROXY=\"localhost,127.0.0.1,::1,host.docker.internal\"",
|
|
"curl -fsSI --max-time 20 -x \"$build_proxy\" https://github.com >/dev/null",
|
|
"echo target_source_proxy=provider-gateway-ws-egress:$build_proxy",
|
|
"echo target_build_proxy=provider-gateway-ws-egress:$build_proxy",
|
|
"echo target_build_proxy_probe=ok",
|
|
].join("\n");
|
|
}
|
|
|
|
function buildCachePrelude(dockerfileVariable: string): string[] {
|
|
return [
|
|
"cache_args=(--cache-to type=inline --build-arg BUILDKIT_INLINE_CACHE=1)",
|
|
"if docker image inspect \"$image\" >/dev/null 2>&1; then cache_args+=(--cache-from \"$image\"); echo target_build_cache_from_image=$image; else echo target_build_cache_from_image=missing:$image; fi",
|
|
"echo target_build_cache_to=inline",
|
|
"base_args=()",
|
|
"build_base_image=\"${image}-build-base\"",
|
|
`if grep -Eq '^ARG[[:space:]]+CODE_QUEUE_BASE_IMAGE([=[:space:]]|$)' "${dockerfileVariable}" 2>/dev/null; then if docker image inspect "$build_base_image" >/dev/null 2>&1; then base_args=(--build-arg "CODE_QUEUE_BASE_IMAGE=$build_base_image"); echo target_build_base_image=$build_base_image; else echo target_build_base_image=default; fi; else echo target_build_base_image=unsupported; fi`,
|
|
];
|
|
}
|
|
|
|
function prepareSourceScript(service: UniDeskMicroserviceConfig, desired: DeployManifestService, exportDir: string): string {
|
|
if (targetIsMain(service) && desired.repo === "https://github.com/pikasTech/unidesk") {
|
|
return [
|
|
"set -euo pipefail",
|
|
`repo=${shellQuote(repoRoot)}`,
|
|
`commit=${shellQuote(desired.commitId)}`,
|
|
`export_dir=${shellQuote(exportDir)}`,
|
|
"mkdir -p \"$(dirname \"$export_dir\")\"",
|
|
"git -C \"$repo\" fetch --no-tags origin \"$commit\" || git -C \"$repo\" fetch --no-tags origin '+refs/heads/*:refs/remotes/origin/*'",
|
|
"resolved=$(git -C \"$repo\" rev-parse --verify \"$commit^{commit}\")",
|
|
"rm -rf \"$export_dir\"",
|
|
"mkdir -p \"$export_dir\"",
|
|
"git -C \"$repo\" archive --format=tar \"$resolved\" | tar -xf - -C \"$export_dir\"",
|
|
"printf 'resolved_commit=%s\\nexport_dir=%s\\nsource_repo=%s\\n' \"$resolved\" \"$export_dir\" \"$repo\"",
|
|
].join("\n");
|
|
}
|
|
return [
|
|
"set -euo pipefail",
|
|
sourceProxyPrelude(service),
|
|
`repo=${shellQuote(targetRepoDir(service))}`,
|
|
`repo_url=${shellQuote(desired.repo)}`,
|
|
`commit=${shellQuote(desired.commitId)}`,
|
|
`export_dir=${shellQuote(exportDir)}`,
|
|
"mkdir -p \"$(dirname \"$repo\")\" \"$(dirname \"$export_dir\")\"",
|
|
"if [ ! -d \"$repo/.git\" ]; then rm -rf \"$repo\"; git clone --no-checkout \"$repo_url\" \"$repo\"; fi",
|
|
"cd \"$repo\"",
|
|
"git remote set-url origin \"$repo_url\"",
|
|
"git fetch --no-tags origin \"$commit\" || git fetch --no-tags origin '+refs/heads/*:refs/remotes/origin/*'",
|
|
"resolved=$(git rev-parse --verify \"$commit^{commit}\")",
|
|
"rm -rf \"$export_dir\"",
|
|
"mkdir -p \"$export_dir\"",
|
|
"git archive --format=tar \"$resolved\" | tar -xf - -C \"$export_dir\"",
|
|
"printf 'resolved_commit=%s\\nexport_dir=%s\\n' \"$resolved\" \"$export_dir\"",
|
|
].filter((line) => line.length > 0).join("\n");
|
|
}
|
|
|
|
function syncSourceScript(service: UniDeskMicroserviceConfig, exportDir: string): string {
|
|
const workDir = targetWorkDir(service);
|
|
return [
|
|
"set -euo pipefail",
|
|
`export_dir=${shellQuote(exportDir)}`,
|
|
`work_dir=${shellQuote(workDir)}`,
|
|
"mkdir -p \"$work_dir\"",
|
|
[
|
|
"rsync -a --delete",
|
|
"--exclude '.git/'",
|
|
"--exclude '.state/'",
|
|
"--exclude 'logs/'",
|
|
"--exclude '**/node_modules/'",
|
|
"--exclude '**/dist/'",
|
|
"\"$export_dir/\"",
|
|
"\"$work_dir/\"",
|
|
].join(" "),
|
|
`test -f "$work_dir/${service.repository.dockerfile}"`,
|
|
"printf 'synced deploy worktree to %s\\n' \"$work_dir\"",
|
|
].join("\n");
|
|
}
|
|
|
|
function buildImageScript(service: UniDeskMicroserviceConfig, desired: DeployManifestService, resolvedCommit: string): string {
|
|
const image = buildImageTag(service);
|
|
const workDir = targetWorkDir(service);
|
|
const dockerfile = `${workDir}/${service.repository.dockerfile}`;
|
|
const labelArgs = [
|
|
"--label", `unidesk.ai/service-id=${service.id}`,
|
|
"--label", `unidesk.ai/source-repo=${desired.repo}`,
|
|
"--label", `unidesk.ai/source-commit=${resolvedCommit}`,
|
|
"--label", `unidesk.ai/dockerfile=${service.repository.dockerfile}`,
|
|
];
|
|
const commonArgs = [
|
|
"--progress=plain",
|
|
...labelArgs,
|
|
"-t", image,
|
|
"-f", dockerfile,
|
|
workDir,
|
|
];
|
|
const proxyBuildArgs = targetIsMain(service)
|
|
? []
|
|
: [
|
|
"--network", "host",
|
|
"--build-arg", `HTTP_PROXY=${providerGatewayWsEgressProxyUrl}`,
|
|
"--build-arg", `HTTPS_PROXY=${providerGatewayWsEgressProxyUrl}`,
|
|
"--build-arg", `ALL_PROXY=${providerGatewayWsEgressProxyUrl}`,
|
|
"--build-arg", "NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal",
|
|
];
|
|
return [
|
|
"set -euo pipefail",
|
|
sourceProxyPrelude(service),
|
|
`image=${shellQuote(image)}`,
|
|
`dockerfile=${shellQuote(dockerfile)}`,
|
|
"docker buildx version >/dev/null",
|
|
"builder_args=()",
|
|
"if docker buildx inspect --builder default >/dev/null 2>&1; then builder_args=(--builder default); echo target_build_builder=default; else echo target_build_builder=implicit; fi",
|
|
"docker buildx inspect \"${builder_args[@]}\" --bootstrap || true",
|
|
"echo target_build_builder_cleanup=not-required",
|
|
...buildCachePrelude("$dockerfile"),
|
|
`docker buildx build "\${builder_args[@]}" --load "\${cache_args[@]}" "\${base_args[@]}" ${[...proxyBuildArgs, ...commonArgs].map(shellQuote).join(" ")}`,
|
|
"docker image inspect \"$image\" --format 'image_id={{.Id}} labels={{json .Config.Labels}}'",
|
|
].filter((line) => line.length > 0).join("\n");
|
|
}
|
|
|
|
function directComposeResolveScript(service: UniDeskMicroserviceConfig): string {
|
|
const projectHint = targetIsMain(service) ? "unidesk" : "";
|
|
return [
|
|
`work_dir=${shellQuote(targetWorkDir(service))}`,
|
|
`compose_file=${shellQuote(directComposeFile(service))}`,
|
|
`compose_env_file=${shellQuote(directComposeEnvFile(service))}`,
|
|
`compose_service=${shellQuote(service.repository.composeService)}`,
|
|
`container=${shellQuote(service.repository.containerName)}`,
|
|
`project_hint=${shellQuote(projectHint)}`,
|
|
`build_context_override=${shellQuote(directBuildContextOverride(service))}`,
|
|
`build_dockerfile_override=${shellQuote(directDockerfileOverride(service))}`,
|
|
"compose_env_args=()",
|
|
"if [ -n \"$compose_env_file\" ]; then compose_env_args=(--env-file \"$compose_env_file\"); fi",
|
|
"running_project=$(docker inspect -f '{{ index .Config.Labels \"com.docker.compose.project\" }}' \"$container\" 2>/dev/null || true)",
|
|
"running_service=$(docker inspect -f '{{ index .Config.Labels \"com.docker.compose.service\" }}' \"$container\" 2>/dev/null || true)",
|
|
"running_image=$(docker inspect -f '{{.Config.Image}}' \"$container\" 2>/dev/null || true)",
|
|
"if [ \"$running_project\" = '<no value>' ]; then running_project=''; fi",
|
|
"if [ \"$running_service\" = '<no value>' ]; then running_service=''; fi",
|
|
"project=\"$running_project\"",
|
|
"if [ -z \"$project\" ]; then project=\"$project_hint\"; fi",
|
|
"if [ -z \"$project\" ]; then project=$(basename \"$work_dir\"); fi",
|
|
"config_json=$(docker compose \"${compose_env_args[@]}\" -f \"$compose_file\" -p \"$project\" config --format json)",
|
|
"compose_image=$(printf '%s' \"$config_json\" | python3 -c 'import json,sys; svc=sys.argv[1]; d=json.load(sys.stdin); print(((d.get(\"services\") or {}).get(svc) or {}).get(\"image\") or \"\")' \"$compose_service\")",
|
|
"image=\"$compose_image\"",
|
|
"if [ -z \"$image\" ]; then image=\"$running_image\"; fi",
|
|
"if [ -z \"$image\" ]; then image=\"${project}-${compose_service}\"; fi",
|
|
"build_context=$(printf '%s' \"$config_json\" | python3 -c 'import json,sys; svc=sys.argv[1]; b=(((json.load(sys.stdin).get(\"services\") or {}).get(svc) or {}).get(\"build\") or {}); print((b if isinstance(b,str) else b.get(\"context\")) or \".\")' \"$compose_service\")",
|
|
"build_dockerfile=$(printf '%s' \"$config_json\" | python3 -c 'import json,sys; svc=sys.argv[1]; b=(((json.load(sys.stdin).get(\"services\") or {}).get(svc) or {}).get(\"build\") or {}); print(\"Dockerfile\" if isinstance(b,str) else (b.get(\"dockerfile\") or \"Dockerfile\"))' \"$compose_service\")",
|
|
"build_target=$(printf '%s' \"$config_json\" | python3 -c 'import json,sys; svc=sys.argv[1]; b=(((json.load(sys.stdin).get(\"services\") or {}).get(svc) or {}).get(\"build\") or {}); print(\"\" if isinstance(b,str) else (b.get(\"target\") or \"\"))' \"$compose_service\")",
|
|
"build_args_file=$(mktemp /tmp/unidesk-compose-build-args.XXXXXX)",
|
|
"printf '%s' \"$config_json\" | python3 -c 'import json,sys; svc=sys.argv[1]; b=(((json.load(sys.stdin).get(\"services\") or {}).get(svc) or {}).get(\"build\") or {}); args={} if isinstance(b,str) else (b.get(\"args\") or {}); items=args.items() if isinstance(args,dict) else [(str(x).split(\"=\",1)[0], str(x).split(\"=\",1)[1] if \"=\" in str(x) else \"\") for x in args]; [print(str(k)+\"=\"+(\"\" if v is None else str(v))) for k,v in items]' \"$compose_service\" > \"$build_args_file\"",
|
|
"if [ -n \"$build_context_override\" ]; then build_context=\"$build_context_override\"; fi",
|
|
"if [ -n \"$build_dockerfile_override\" ]; then build_dockerfile=\"$build_dockerfile_override\"; fi",
|
|
"case \"$build_context\" in /*) ;; *) build_context=$(cd \"$(dirname \"$compose_file\")\" && cd \"$build_context\" && pwd) ;; esac",
|
|
"case \"$build_dockerfile\" in /*) dockerfile_abs=\"$build_dockerfile\" ;; *) dockerfile_abs=\"$build_context/$build_dockerfile\" ;; esac",
|
|
"test -f \"$dockerfile_abs\"",
|
|
"printf 'compose_project=%s\\ncompose_service=%s\\ncompose_image=%s\\nbuild_context=%s\\nbuild_dockerfile=%s\\nbuild_target=%s\\n' \"$project\" \"$compose_service\" \"$image\" \"$build_context\" \"$dockerfile_abs\" \"$build_target\"",
|
|
].join("\n");
|
|
}
|
|
|
|
function buildDirectImageScript(service: UniDeskMicroserviceConfig, desired: DeployManifestService, resolvedCommit: string): string {
|
|
const proxyBuildArgs = targetIsMain(service)
|
|
? []
|
|
: [
|
|
"--network", "host",
|
|
"--build-arg", `HTTP_PROXY=${providerGatewayWsEgressProxyUrl}`,
|
|
"--build-arg", `HTTPS_PROXY=${providerGatewayWsEgressProxyUrl}`,
|
|
"--build-arg", `ALL_PROXY=${providerGatewayWsEgressProxyUrl}`,
|
|
"--build-arg", "NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal",
|
|
];
|
|
const labelArgs = [
|
|
"--label", `unidesk.ai/service-id=${service.id}`,
|
|
"--label", `unidesk.ai/source-repo=${desired.repo}`,
|
|
"--label", `unidesk.ai/source-commit=${resolvedCommit}`,
|
|
"--label", `unidesk.ai/dockerfile=${service.repository.dockerfile}`,
|
|
];
|
|
return [
|
|
"set -euo pipefail",
|
|
sourceProxyPrelude(service),
|
|
directComposeResolveScript(service),
|
|
"builder_args=()",
|
|
"if docker buildx inspect --builder default >/dev/null 2>&1; then builder_args=(--builder default); echo target_build_builder=default; else echo target_build_builder=implicit; fi",
|
|
"docker buildx inspect \"${builder_args[@]}\" --bootstrap || true",
|
|
...buildCachePrelude("$dockerfile_abs"),
|
|
"compose_build_args=()",
|
|
"while IFS= read -r item; do [ -n \"$item\" ] && compose_build_args+=(--build-arg \"$item\"); done < \"$build_args_file\"",
|
|
"target_args=()",
|
|
"if [ -n \"$build_target\" ]; then target_args=(--target \"$build_target\"); fi",
|
|
`docker buildx build "\${builder_args[@]}" --load "\${cache_args[@]}" "\${base_args[@]}" ${[...proxyBuildArgs, ...labelArgs].map(shellQuote).join(" ")} "\${compose_build_args[@]}" "\${target_args[@]}" --progress=plain -t "$image" -f "$dockerfile_abs" "$build_context"`,
|
|
"docker image inspect \"$image\" --format 'image_id={{.Id}} labels={{json .Config.Labels}}'",
|
|
].filter((line) => line.length > 0).join("\n");
|
|
}
|
|
|
|
function imageLabelVerifyScript(service: UniDeskMicroserviceConfig, expectedCommit: string): string {
|
|
return [
|
|
"set -euo pipefail",
|
|
`container=${shellQuote(service.repository.containerName)}`,
|
|
`expected=${shellQuote(expectedCommit)}`,
|
|
"cid=$(docker ps -q -f name=\"^/${container}$\" | head -1)",
|
|
"test -n \"$cid\"",
|
|
"image_id=$(docker inspect -f '{{.Image}}' \"$cid\")",
|
|
"actual=$(docker image inspect -f '{{ index .Config.Labels \"unidesk.ai/source-commit\" }}' \"$image_id\")",
|
|
"test \"$actual\" = \"$expected\"",
|
|
"printf 'container=%s image_id=%s deploy_commit=%s\\n' \"$container\" \"$image_id\" \"$actual\"",
|
|
].join("\n");
|
|
}
|
|
|
|
function composeDeployScript(service: UniDeskMicroserviceConfig): string {
|
|
return [
|
|
"set -euo pipefail",
|
|
directComposeResolveScript(service),
|
|
"docker compose \"${compose_env_args[@]}\" -f \"$compose_file\" -p \"$project\" up -d --no-build --no-deps --force-recreate \"$compose_service\"",
|
|
"ready=0",
|
|
"for attempt in $(seq 1 90); do",
|
|
" cid=$(docker ps -q -f name=\"^/${container}$\" | head -1)",
|
|
" if [ -n \"$cid\" ]; then",
|
|
" health=$(docker inspect -f '{{if .State.Health}}{{.State.Health.Status}}{{else}}{{.State.Status}}{{end}}' \"$cid\" 2>/dev/null || true)",
|
|
" echo compose_container_probe container=$container attempt=$attempt health=$health",
|
|
" if [ \"$health\" = \"healthy\" ] || [ \"$health\" = \"running\" ]; then ready=1; break; fi",
|
|
" else",
|
|
" echo compose_container_probe container=$container attempt=$attempt cid=missing",
|
|
" fi",
|
|
" sleep 1",
|
|
"done",
|
|
"test \"$ready\" = \"1\"",
|
|
].join("\n");
|
|
}
|
|
|
|
function writeComposeEnvFallbackPath(): string {
|
|
return rootPath(".state", "docker-compose.env");
|
|
}
|
|
|
|
function rootAccessPrelude(): string[] {
|
|
return [
|
|
"root_exec() {",
|
|
" if [ \"$(id -u)\" = \"0\" ]; then \"$@\"; return; fi",
|
|
" if sudo -n true >/dev/null 2>&1; then sudo -n \"$@\"; return; fi",
|
|
" if [ -x /mnt/c/Windows/System32/wsl.exe ]; then /mnt/c/Windows/System32/wsl.exe -u root -- \"$@\"; return; fi",
|
|
" echo 'native_k3s_root_access=missing' >&2",
|
|
" return 1",
|
|
"}",
|
|
"root_shell() {",
|
|
" script=\"$1\"",
|
|
" if [ \"$(id -u)\" = \"0\" ]; then bash -lc \"$script\"; return; fi",
|
|
" if sudo -n true >/dev/null 2>&1; then sudo -n bash -lc \"$script\"; return; fi",
|
|
" if [ -x /mnt/c/Windows/System32/wsl.exe ]; then /mnt/c/Windows/System32/wsl.exe -u root -- bash -lc \"$script\"; return; fi",
|
|
" echo 'native_k3s_root_access=missing' >&2",
|
|
" return 1",
|
|
"}",
|
|
];
|
|
}
|
|
|
|
function ensureNativeK3sScript(): string {
|
|
const installCommand = [
|
|
"INSTALL_K3S_SKIP_DOWNLOAD=true",
|
|
`INSTALL_K3S_VERSION=${nativeK3sInstallVersion}`,
|
|
"INSTALL_K3S_EXEC=\"server --disable traefik --disable servicelb --disable metrics-server --node-name D601 --node-label unidesk.ai/node-id=D601 --node-label unidesk.ai/provider-id=D601 --tls-san 127.0.0.1 --tls-san host.docker.internal --write-kubeconfig-mode 644\"",
|
|
"sh /tmp/unidesk-install-k3s.sh",
|
|
].join(" ");
|
|
return [
|
|
"set -euo pipefail",
|
|
...rootAccessPrelude(),
|
|
`native_k3s_image=${shellQuote(nativeK3sImage)}`,
|
|
`native_ctr_address=${shellQuote(nativeK3sCtrAddress)}`,
|
|
"install_native_k3s_binaries() {",
|
|
" missing=0",
|
|
" for binary in k3s ctr containerd containerd-shim-runc-v2 crictl runc cni flannel bridge host-local loopback portmap bandwidth firewall; do",
|
|
" command -v \"$binary\" >/dev/null 2>&1 || missing=1",
|
|
" done",
|
|
" if [ \"$missing\" = \"0\" ]; then return; fi",
|
|
" docker image inspect \"$native_k3s_image\" >/dev/null 2>&1 || docker pull \"$native_k3s_image\"",
|
|
" tmp_dir=$(mktemp -d)",
|
|
" tmp_container=$(docker create \"$native_k3s_image\" sh -lc true)",
|
|
" docker cp \"$tmp_container:/bin/.\" \"$tmp_dir/bin\"",
|
|
" docker rm \"$tmp_container\" >/dev/null",
|
|
" for binary in k3s ctr containerd containerd-shim-runc-v2 crictl runc cni flannel bridge host-local loopback portmap bandwidth firewall; do",
|
|
" if [ -e \"$tmp_dir/bin/$binary\" ]; then",
|
|
" root_exec install -m 755 \"$tmp_dir/bin/$binary\" \"/usr/local/bin/$binary\"",
|
|
" echo native_k3s_binary_installed=$binary",
|
|
" fi",
|
|
" done",
|
|
" rm -rf \"$tmp_dir\"",
|
|
"}",
|
|
"unmount_invalid_wsl_kubelet_mounts() {",
|
|
" if awk 'NF != 6 && $0 ~ /\\/Docker\\/host/ {found=1} END {exit found ? 0 : 1}' /proc/mounts; then",
|
|
" root_exec umount /Docker/host >/dev/null 2>&1 || root_exec umount -l /Docker/host >/dev/null 2>&1 || true",
|
|
" echo native_k3s_unmounted_invalid_mount=/Docker/host",
|
|
" fi",
|
|
" awk 'NF != 6 {print \"native_k3s_invalid_mount_line=\" NR \":\" $0; bad=1} END {exit bad}' /proc/mounts",
|
|
"}",
|
|
"install_system_images_from_legacy_k3s() {",
|
|
" legacy_container=$(docker ps --format '{{.Names}} {{.Image}}' | awk '$2 ~ /^rancher\\/k3s:/ {print $1; exit}')",
|
|
" if [ -n \"$legacy_container\" ]; then",
|
|
" if docker exec \"$legacy_container\" ctr -n k8s.io images export /tmp/unidesk-k3s-system-images.tar docker.io/rancher/local-path-provisioner:v0.0.32 docker.io/rancher/mirrored-coredns-coredns:1.12.3 >/dev/null 2>&1; then",
|
|
" docker cp \"$legacy_container:/tmp/unidesk-k3s-system-images.tar\" /tmp/unidesk-k3s-system-images.tar >/dev/null",
|
|
" root_exec ctr --address \"$native_ctr_address\" -n k8s.io images import /tmp/unidesk-k3s-system-images.tar >/dev/null",
|
|
" echo native_k3s_imported_legacy_system_images=$legacy_container",
|
|
" fi",
|
|
" fi",
|
|
"}",
|
|
"install_pause_image() {",
|
|
" if root_exec ctr --address \"$native_ctr_address\" -n k8s.io images ls | grep -q 'docker.io/rancher/mirrored-pause:3.6'; then return; fi",
|
|
" docker image inspect rancher/mirrored-pause:3.6 >/dev/null 2>&1 || {",
|
|
" docker image inspect \"$native_k3s_image\" >/dev/null 2>&1 || docker pull \"$native_k3s_image\"",
|
|
" tmp_dir=$(mktemp -d)",
|
|
" printf '%s\\n' \"FROM $native_k3s_image\" 'ENTRYPOINT [\"/bin/sleep\", \"365d\"]' > \"$tmp_dir/Dockerfile\"",
|
|
" docker build -q -t rancher/mirrored-pause:3.6 \"$tmp_dir\" >/dev/null",
|
|
" rm -rf \"$tmp_dir\"",
|
|
" }",
|
|
" docker save rancher/mirrored-pause:3.6 -o /tmp/unidesk-k3s-pause.tar",
|
|
" root_exec ctr --address \"$native_ctr_address\" -n k8s.io images import /tmp/unidesk-k3s-pause.tar >/dev/null",
|
|
" echo native_k3s_imported_pause_image=rancher/mirrored-pause:3.6",
|
|
"}",
|
|
"install_native_k3s_binaries",
|
|
"unmount_invalid_wsl_kubelet_mounts",
|
|
"if ! systemctl cat k3s.service >/dev/null 2>&1; then",
|
|
" curl -fsSL --max-time 60 https://get.k3s.io -o /tmp/unidesk-install-k3s.sh",
|
|
` root_shell ${shellQuote(installCommand)}`,
|
|
"fi",
|
|
"if ! systemctl is-active --quiet k3s; then",
|
|
" root_exec systemctl enable --now k3s",
|
|
"fi",
|
|
"for attempt in $(seq 1 60); do",
|
|
` if KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl get nodes >/dev/null 2>&1; then break; fi`,
|
|
" sleep 2",
|
|
"done",
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl get nodes -l unidesk.ai/node-id=D601 --no-headers | grep -q .`,
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl wait --for=condition=Ready node -l unidesk.ai/node-id=D601 --timeout=180s`,
|
|
"install_system_images_from_legacy_k3s",
|
|
"install_pause_image",
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n kube-system delete pod -l k8s-app=kube-dns --ignore-not-found >/dev/null 2>&1 || true`,
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n kube-system delete pod -l app=local-path-provisioner --ignore-not-found >/dev/null 2>&1 || true`,
|
|
"legacy_k3s_containers=$(docker ps --format '{{.Names}} {{.Image}}' | awk '$2 ~ /^rancher\\/k3s:/ {print $1}')",
|
|
"for container in $legacy_k3s_containers; do",
|
|
" docker update --restart=no \"$container\" >/dev/null 2>&1 || true",
|
|
" docker stop \"$container\" >/dev/null",
|
|
" echo stopped_containerized_k3s=$container",
|
|
"done",
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl get nodes -o wide`,
|
|
"printf 'native_k3s=ready kubeconfig=%s\\n' /etc/rancher/k3s/k3s.yaml",
|
|
].join("\n");
|
|
}
|
|
|
|
function importK3sImageScript(service: UniDeskMicroserviceConfig): string {
|
|
const image = buildImageTag(service);
|
|
return [
|
|
"set -euo pipefail",
|
|
...rootAccessPrelude(),
|
|
`image=${shellQuote(image)}`,
|
|
"docker image inspect \"$image\" >/dev/null",
|
|
`docker save "$image" | root_exec ctr --address ${shellQuote(nativeK3sCtrAddress)} -n k8s.io images import -`,
|
|
`root_exec ctr --address ${shellQuote(nativeK3sCtrAddress)} -n k8s.io images ls | grep -F "$image" || true`,
|
|
].join("\n");
|
|
}
|
|
|
|
function k8sDeploymentsForService(service: UniDeskMicroserviceConfig): string[] {
|
|
if (service.id === "code-queue") return ["d601-tcp-egress-gateway", "code-queue"];
|
|
return [service.repository.composeService];
|
|
}
|
|
|
|
function applyK8sScript(service: UniDeskMicroserviceConfig): string {
|
|
const manifest = `${targetWorkDir(service)}/${k8sManifestPath(service)}`;
|
|
return `KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl apply -f ${shellQuote(manifest)}`;
|
|
}
|
|
|
|
function stampK8sScript(service: UniDeskMicroserviceConfig, desired: DeployManifestService, resolvedCommit: string): string {
|
|
const deployments = k8sDeploymentsForService(service).map((name) => `deployment/${name}`);
|
|
const envPairs = [
|
|
`UNIDESK_DEPLOY_SERVICE_ID=${service.id}`,
|
|
`UNIDESK_DEPLOY_REPO=${desired.repo}`,
|
|
`UNIDESK_DEPLOY_COMMIT=${resolvedCommit}`,
|
|
`UNIDESK_DEPLOY_REQUESTED_COMMIT=${desired.commitId}`,
|
|
...(service.id === "code-queue" ? [
|
|
`CODE_QUEUE_DEPLOY_COMMIT=${resolvedCommit}`,
|
|
`CODE_QUEUE_DEPLOY_REQUESTED_COMMIT=${desired.commitId}`,
|
|
] : []),
|
|
];
|
|
const annotatePairs = [
|
|
`unidesk.ai/deploy-service-id=${service.id}`,
|
|
`unidesk.ai/deploy-repo=${desired.repo}`,
|
|
`unidesk.ai/deploy-commit=${resolvedCommit}`,
|
|
`unidesk.ai/deploy-requested-commit=${desired.commitId}`,
|
|
];
|
|
return [
|
|
"set -euo pipefail",
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} set env ${deployments.map(shellQuote).join(" ")} ${envPairs.map(shellQuote).join(" ")}`,
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} annotate ${deployments.map(shellQuote).join(" ")} ${annotatePairs.map(shellQuote).join(" ")} --overwrite`,
|
|
`actual=$(KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} get deployment ${shellQuote(service.repository.composeService)} -o jsonpath='{.metadata.annotations.unidesk\\.ai/deploy-commit}')`,
|
|
`test "$actual" = ${shellQuote(resolvedCommit)}`,
|
|
"printf 'k8s_deploy_commit=%s\\n' \"$actual\"",
|
|
].join("\n");
|
|
}
|
|
|
|
function rolloutK8sScript(service: UniDeskMicroserviceConfig): string {
|
|
const deployments = k8sDeploymentsForService(service);
|
|
return [
|
|
"set -euo pipefail",
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} rollout restart ${deployments.map((name) => shellQuote(`deployment/${name}`)).join(" ")}`,
|
|
...deployments.map((name) => `KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} rollout status ${shellQuote(`deployment/${name}`)} --timeout=180s`),
|
|
`KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} get deploy ${deployments.map(shellQuote).join(" ")} -o wide`,
|
|
].join("\n");
|
|
}
|
|
|
|
function k8sCommitProbeScript(service: UniDeskMicroserviceConfig): string {
|
|
return [
|
|
"set -euo pipefail",
|
|
`commit=$(KUBECONFIG=${shellQuote(k8sKubeconfig)} kubectl -n ${shellQuote(k8sNamespace)} get deployment ${shellQuote(service.repository.composeService)} -o jsonpath='{.metadata.annotations.unidesk\\.ai/deploy-commit}' 2>/dev/null || true)`,
|
|
"printf '%s\\n' \"$commit\"",
|
|
].join("\n");
|
|
}
|
|
|
|
function dockerCommitProbeScript(service: UniDeskMicroserviceConfig): string {
|
|
return [
|
|
"set -euo pipefail",
|
|
`container=${shellQuote(service.repository.containerName)}`,
|
|
"cid=$(docker ps -q -f name=\"^/${container}$\" | head -1)",
|
|
"if [ -z \"$cid\" ]; then exit 0; fi",
|
|
"image_id=$(docker inspect -f '{{.Image}}' \"$cid\")",
|
|
"docker image inspect -f '{{ index .Config.Labels \"unidesk.ai/source-commit\" }}' \"$image_id\" 2>/dev/null || true",
|
|
].join("\n");
|
|
}
|
|
|
|
function healthDeployCommit(body: Record<string, unknown> | null): string | null {
|
|
const deploy = asRecord(body?.deploy);
|
|
const commit = asString(deploy?.commit).toLowerCase();
|
|
return commit.length > 0 ? commit : null;
|
|
}
|
|
|
|
function healthSummary(response: unknown): Record<string, unknown> {
|
|
const record = asRecord(response);
|
|
const body = asRecord(record?.body);
|
|
return {
|
|
ok: record?.ok ?? false,
|
|
status: record?.status ?? null,
|
|
body: body === null
|
|
? null
|
|
: {
|
|
ok: body.ok ?? null,
|
|
service: body.service ?? null,
|
|
instanceId: body.instanceId ?? null,
|
|
deploy: body.deploy ?? null,
|
|
status: body.status ?? null,
|
|
startedAt: body.startedAt ?? null,
|
|
},
|
|
};
|
|
}
|
|
|
|
function commitMatches(actual: string | null, desired: string): boolean {
|
|
if (actual === null || actual.length === 0) return false;
|
|
const normalized = actual.toLowerCase();
|
|
return normalized === desired.toLowerCase() || (desired.length < 40 && normalized.startsWith(desired.toLowerCase()));
|
|
}
|
|
|
|
function runtimeCommitVerified(
|
|
service: UniDeskMicroserviceConfig,
|
|
healthCommit: string | null,
|
|
imageCommit: string | null,
|
|
orchestratorCommit: string | null,
|
|
desired: string,
|
|
): boolean {
|
|
if (healthCommit !== null && healthCommit.length > 0 && !commitMatches(healthCommit, desired)) return false;
|
|
if (service.deployment.mode === "k3sctl-managed") return commitMatches(orchestratorCommit, desired);
|
|
return commitMatches(imageCommit, desired);
|
|
}
|
|
|
|
function coreBody(response: unknown): Record<string, unknown> | null {
|
|
const record = asRecord(response);
|
|
return asRecord(record?.body);
|
|
}
|
|
|
|
async function dispatchSsh(
|
|
config: UniDeskConfig,
|
|
providerId: string,
|
|
command: string,
|
|
cwd: string | null,
|
|
waitMs = shortDispatchWaitMs,
|
|
remoteTimeoutMs = shortRemoteTimeoutMs,
|
|
): Promise<DispatchResult> {
|
|
const dispatchResponse = coreInternalFetch("/api/dispatch", {
|
|
method: "POST",
|
|
body: {
|
|
providerId,
|
|
command: "host.ssh",
|
|
payload: {
|
|
source: "deploy-reconciler",
|
|
mode: "exec",
|
|
command,
|
|
timeoutMs: remoteTimeoutMs,
|
|
...(cwd === null ? {} : { cwd }),
|
|
},
|
|
},
|
|
});
|
|
const dispatchBody = coreBody(dispatchResponse);
|
|
const taskId = asString(dispatchBody?.taskId);
|
|
if (dispatchBody?.ok !== true || taskId.length === 0) {
|
|
return {
|
|
ok: false,
|
|
taskId: taskId || null,
|
|
status: null,
|
|
stdout: "",
|
|
stderr: asString(dispatchBody?.error) || "dispatch did not return a task id",
|
|
exitCode: null,
|
|
raw: dispatchResponse,
|
|
};
|
|
}
|
|
const deadline = Date.now() + waitMs;
|
|
let latest: unknown = null;
|
|
while (Date.now() < deadline) {
|
|
latest = coreInternalFetch(`/api/tasks/${encodeURIComponent(taskId)}`);
|
|
const task = asRecord(coreBody(latest)?.task);
|
|
const status = asString(task?.status);
|
|
if (status === "succeeded" || status === "failed") {
|
|
const result = asRecord(task?.result);
|
|
const exitCode = typeof result?.exitCode === "number" ? result.exitCode : null;
|
|
const stdout = asString(result?.stdout);
|
|
const stderr = asString(result?.stderr);
|
|
return {
|
|
ok: status === "succeeded" && (exitCode === null || exitCode === 0),
|
|
taskId,
|
|
status,
|
|
stdout,
|
|
stderr,
|
|
exitCode,
|
|
raw: task,
|
|
};
|
|
}
|
|
await Bun.sleep(500);
|
|
}
|
|
return {
|
|
ok: false,
|
|
taskId,
|
|
status: "timeout",
|
|
stdout: "",
|
|
stderr: `host.ssh task ${taskId} did not finish within ${waitMs}ms`,
|
|
exitCode: null,
|
|
raw: latest,
|
|
};
|
|
}
|
|
|
|
async function runTargetCommand(config: UniDeskConfig, service: UniDeskMicroserviceConfig, command: string, cwd: string | null, waitMs = 60_000, remoteTimeoutMs = 45_000): Promise<DispatchResult> {
|
|
if (targetIsMain(service)) {
|
|
const result = runCommand(["bash", "-lc", command], cwd ?? repoRoot);
|
|
return {
|
|
ok: result.exitCode === 0,
|
|
taskId: null,
|
|
status: result.exitCode === 0 ? "succeeded" : "failed",
|
|
stdout: result.stdout,
|
|
stderr: result.stderr,
|
|
exitCode: result.exitCode,
|
|
raw: result,
|
|
};
|
|
}
|
|
return await dispatchSsh(config, service.providerId, command, cwd, waitMs, remoteTimeoutMs);
|
|
}
|
|
|
|
async function launchRemoteBackground(
|
|
config: UniDeskConfig,
|
|
service: UniDeskMicroserviceConfig,
|
|
shellScript: string,
|
|
cwd: string,
|
|
logFile: string,
|
|
sentinelFile: string,
|
|
): Promise<{ ok: boolean; pid: string; raw: unknown; error: string }> {
|
|
const wrapped = [
|
|
`bash -lc ${shellQuote(shellScript)}`,
|
|
"code=$?",
|
|
`printf '%s\\n' "$code" > ${shellQuote(sentinelFile)}`,
|
|
"exit \"$code\"",
|
|
].join("; ");
|
|
const command = [
|
|
`rm -f ${shellQuote(sentinelFile)} ${shellQuote(logFile)}`,
|
|
`nohup bash -lc ${shellQuote(wrapped)} > ${shellQuote(logFile)} 2>&1 < /dev/null & echo $!`,
|
|
].join("; ");
|
|
const result = await runTargetCommand(config, service, command, cwd, shortDispatchWaitMs, shortRemoteTimeoutMs);
|
|
const pid = result.stdout.trim().split("\n").pop()?.trim() ?? "";
|
|
if (!result.ok || !/^\d+$/u.test(pid)) {
|
|
return { ok: false, pid: "", raw: result.raw, error: result.stderr || result.stdout || "failed to launch background command" };
|
|
}
|
|
return { ok: true, pid, raw: result.raw, error: "" };
|
|
}
|
|
|
|
async function pollRemoteBackground(config: UniDeskConfig, service: UniDeskMicroserviceConfig, cwd: string, logFile: string, sentinelFile: string): Promise<BackgroundPoll> {
|
|
const command = [
|
|
`if [ -f ${shellQuote(sentinelFile)} ]; then printf 'SENTINEL:%s\\n' "$(cat ${shellQuote(sentinelFile)} 2>/dev/null || true)"; else echo RUNNING; fi`,
|
|
`tail -n 100 ${shellQuote(logFile)} 2>/dev/null || true`,
|
|
].join("; ");
|
|
const result = await runTargetCommand(config, service, command, cwd, shortDispatchWaitMs, shortRemoteTimeoutMs);
|
|
const stdout = result.stdout.trimEnd();
|
|
const [head = "", ...rest] = stdout.split("\n");
|
|
if (head.startsWith("SENTINEL:")) {
|
|
const rawExitCode = head.slice("SENTINEL:".length).trim();
|
|
const exitCode = /^\d+$/u.test(rawExitCode) ? Number(rawExitCode) : null;
|
|
return { done: true, exitCode, logTail: rest.join("\n").trim(), raw: result.raw };
|
|
}
|
|
return { done: false, exitCode: null, logTail: rest.join("\n").trim(), raw: result.raw };
|
|
}
|
|
|
|
async function step(
|
|
config: UniDeskConfig,
|
|
service: UniDeskMicroserviceConfig,
|
|
name: string,
|
|
command: string,
|
|
cwd: string | null,
|
|
timeoutMs: number,
|
|
background = false,
|
|
): Promise<StepResult> {
|
|
const startedAt = nowIso();
|
|
const startedMs = Date.now();
|
|
progressLine(name, "start", { serviceId: service.id, providerId: service.providerId, cwd });
|
|
if (!background || targetIsMain(service)) {
|
|
const result = await runTargetCommand(config, service, command, cwd, timeoutMs, timeoutMs);
|
|
const detail = compactTail([result.stdout, result.stderr].filter(Boolean).join("\n"), 2000);
|
|
const ok = result.ok;
|
|
progressLine(name, ok ? "succeeded" : "failed", { serviceId: service.id, elapsedMs: elapsedMs(startedMs), detail });
|
|
return { step: name, ok, detail: ok ? detail || `completed in ${elapsedMs(startedMs)}ms` : detail || "command failed", startedAt, finishedAt: nowIso(), raw: result.raw };
|
|
}
|
|
|
|
const runId = `${Date.now().toString(36)}-${Math.random().toString(16).slice(2, 8)}`;
|
|
const logFile = `/tmp/unidesk-deploy-${safeId(service.id)}-${name}-${runId}.log`;
|
|
const sentinelFile = `/tmp/unidesk-deploy-${safeId(service.id)}-${name}-${runId}.done`;
|
|
const launch = await launchRemoteBackground(config, service, command, cwd ?? "/home/ubuntu", logFile, sentinelFile);
|
|
if (!launch.ok) return { step: name, ok: false, detail: launch.error, startedAt, finishedAt: nowIso(), raw: launch.raw };
|
|
progressLine(name, "remote background started", { serviceId: service.id, pid: launch.pid, logFile });
|
|
const deadline = Date.now() + timeoutMs;
|
|
let lastTail = "";
|
|
while (Date.now() < deadline) {
|
|
await Bun.sleep(pollIntervalMs);
|
|
const poll = await pollRemoteBackground(config, service, cwd ?? "/home/ubuntu", logFile, sentinelFile);
|
|
const tail = compactTail(poll.logTail, 1800);
|
|
if (tail.length > 0 && tail !== lastTail) {
|
|
lastTail = tail;
|
|
progressLine(name, "remote log tail", { serviceId: service.id, elapsedMs: elapsedMs(startedMs), tail });
|
|
}
|
|
if (poll.done) {
|
|
const ok = poll.exitCode === 0;
|
|
const detail = ok
|
|
? `completed in ${elapsedMs(startedMs)}ms; log=${logFile}`
|
|
: `failed with exit ${poll.exitCode}; log=${logFile}; tail=${compactTail(poll.logTail)}`;
|
|
progressLine(name, ok ? "succeeded" : "failed", { serviceId: service.id, detail });
|
|
return { step: name, ok, detail, startedAt, finishedAt: nowIso(), raw: poll.raw };
|
|
}
|
|
}
|
|
return { step: name, ok: false, detail: `timed out after ${timeoutMs}ms`, startedAt, finishedAt: nowIso(), raw: null };
|
|
}
|
|
|
|
async function readDockerImageCommit(config: UniDeskConfig, service: UniDeskMicroserviceConfig): Promise<string | null> {
|
|
const result = await runTargetCommand(config, service, dockerCommitProbeScript(service), targetIsMain(service) ? repoRoot : "/home/ubuntu", 30_000, 20_000);
|
|
const commit = parseFullCommit(result.stdout);
|
|
return commit.length > 0 ? commit : null;
|
|
}
|
|
|
|
async function readK8sCommit(config: UniDeskConfig, service: UniDeskMicroserviceConfig): Promise<string | null> {
|
|
if (service.deployment.mode !== "k3sctl-managed") return null;
|
|
const result = await runTargetCommand(config, service, k8sCommitProbeScript(service), "/home/ubuntu", 30_000, 20_000);
|
|
const commit = parseFullCommit(result.stdout);
|
|
return commit.length > 0 ? commit : null;
|
|
}
|
|
|
|
async function readRuntimeState(config: UniDeskConfig, service: UniDeskMicroserviceConfig, desired: DeployManifestService): Promise<ServiceRuntimeState> {
|
|
const reason = unsupportedReason(service);
|
|
const health = coreInternalFetch(`/api/microservices/${encodeURIComponent(service.id)}/health`);
|
|
const healthBody = coreBody(health);
|
|
const healthCommit = healthDeployCommit(healthBody);
|
|
const healthRecord = asRecord(health);
|
|
const healthOk = healthRecord?.ok === true && healthBody?.ok !== false;
|
|
const [imageCommit, orchestratorCommit] = await Promise.all([
|
|
readDockerImageCommit(config, service).catch(() => null),
|
|
readK8sCommit(config, service).catch(() => null),
|
|
]);
|
|
const currentCommit = healthCommit ?? orchestratorCommit ?? imageCommit;
|
|
return {
|
|
serviceId: service.id,
|
|
ok: reason === null,
|
|
supported: reason === null,
|
|
reason,
|
|
desiredRepo: desired.repo,
|
|
desiredCommit: desired.commitId,
|
|
providerId: service.providerId,
|
|
deploymentMode: service.deployment.mode,
|
|
currentCommit,
|
|
healthCommit,
|
|
imageCommit,
|
|
orchestratorCommit,
|
|
healthOk,
|
|
upToDate: reason === null && healthOk && runtimeCommitVerified(service, healthCommit, imageCommit, orchestratorCommit, desired.commitId),
|
|
raw: { health: healthSummary(health) },
|
|
};
|
|
}
|
|
|
|
async function healthVerify(config: UniDeskConfig, service: UniDeskMicroserviceConfig, desired: DeployManifestService, resolvedCommit: string, timeoutMs: number): Promise<StepResult> {
|
|
const startedAt = nowIso();
|
|
const startedMs = Date.now();
|
|
const deadline = Date.now() + timeoutMs;
|
|
let latest: ServiceRuntimeState | null = null;
|
|
while (Date.now() < deadline) {
|
|
latest = await readRuntimeState(config, service, { ...desired, commitId: resolvedCommit });
|
|
const commitOk = runtimeCommitVerified(service, latest.healthCommit, latest.imageCommit, latest.orchestratorCommit, resolvedCommit);
|
|
const ok = latest.healthOk && commitOk;
|
|
progressLine("live-health", "probe", { serviceId: service.id, ok, healthOk: latest.healthOk, expectedCommit: resolvedCommit, healthCommit: latest.healthCommit, imageCommit: latest.imageCommit, orchestratorCommit: latest.orchestratorCommit });
|
|
if (ok) {
|
|
return {
|
|
step: "live-health",
|
|
ok: true,
|
|
detail: `service ${service.id} health passed with deployed commit ${resolvedCommit} in ${elapsedMs(startedMs)}ms`,
|
|
startedAt,
|
|
finishedAt: nowIso(),
|
|
raw: latest,
|
|
};
|
|
}
|
|
await Bun.sleep(3_000);
|
|
}
|
|
return {
|
|
step: "live-health",
|
|
ok: false,
|
|
detail: `service ${service.id} did not report expected commit ${resolvedCommit} within ${timeoutMs}ms`,
|
|
startedAt,
|
|
finishedAt: nowIso(),
|
|
raw: latest,
|
|
};
|
|
}
|
|
|
|
function pushStep(steps: StepResult[], result: StepResult): boolean {
|
|
steps.push(result);
|
|
return result.ok;
|
|
}
|
|
|
|
async function ensureGithubSshIdentityStep(config: UniDeskConfig, service: UniDeskMicroserviceConfig): Promise<StepResult> {
|
|
const startedAt = nowIso();
|
|
const startedMs = Date.now();
|
|
progressLine("github-ssh-identity", "start", { serviceId: service.id, providerId: service.providerId });
|
|
try {
|
|
const result = await ensureGithubSshIdentityForProvider(config, service.providerId);
|
|
progressLine("github-ssh-identity", result.ok ? "succeeded" : "failed", {
|
|
serviceId: service.id,
|
|
providerId: service.providerId,
|
|
elapsedMs: elapsedMs(startedMs),
|
|
fingerprint: result.fingerprint,
|
|
seededFromLocal: result.seededFromLocal,
|
|
detail: result.ok ? result.detail : compactTail(result.detail, 1200),
|
|
});
|
|
return {
|
|
step: "github-ssh-identity",
|
|
ok: result.ok,
|
|
detail: result.detail,
|
|
startedAt,
|
|
finishedAt: nowIso(),
|
|
raw: result.raw,
|
|
};
|
|
} catch (error) {
|
|
const detail = error instanceof Error ? error.message : String(error);
|
|
progressLine("github-ssh-identity", "failed", {
|
|
serviceId: service.id,
|
|
providerId: service.providerId,
|
|
elapsedMs: elapsedMs(startedMs),
|
|
detail: compactTail(detail, 1200),
|
|
});
|
|
return { step: "github-ssh-identity", ok: false, detail, startedAt, finishedAt: nowIso(), raw: null };
|
|
}
|
|
}
|
|
|
|
async function applyOneService(config: UniDeskConfig, service: UniDeskMicroserviceConfig, desired: DeployManifestService, options: DeployOptions): Promise<Record<string, unknown>> {
|
|
const steps: StepResult[] = [];
|
|
const startedAt = nowIso();
|
|
const reason = unsupportedReason(service);
|
|
if (reason !== null) return { ok: false, serviceId: service.id, skipped: true, reason, steps };
|
|
const before = await readRuntimeState(config, service, desired);
|
|
if (!options.force && before.upToDate) return { ok: true, serviceId: service.id, action: "noop", before, steps };
|
|
if (options.dryRun) return { ok: true, serviceId: service.id, action: "would-deploy", before, steps };
|
|
|
|
const runId = `${Date.now().toString(36)}-${Math.random().toString(16).slice(2, 8)}`;
|
|
const exportDir = targetExportDir(service, runId);
|
|
if (service.id === "code-queue" && !targetIsMain(service)) {
|
|
const identity = await ensureGithubSshIdentityStep(config, service);
|
|
if (!pushStep(steps, identity)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), before, steps };
|
|
}
|
|
const prepare = await step(config, service, "prepare-source", prepareSourceScript(service, desired, exportDir), targetIsMain(service) ? repoRoot : "/home/ubuntu", Math.min(options.timeoutMs, 180_000), !targetIsMain(service));
|
|
if (!pushStep(steps, prepare)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), before, steps };
|
|
const resolvedCommit = parseFullCommit(prepare.detail) || parseFullCommit(JSON.stringify(prepare.raw));
|
|
if (resolvedCommit.length !== 40) {
|
|
const failure = { step: "resolve-commit", ok: false, detail: "prepare-source did not expose a full 40-char commit", startedAt: nowIso(), finishedAt: nowIso(), raw: prepare };
|
|
steps.push(failure);
|
|
return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), before, steps };
|
|
}
|
|
|
|
const sync = await step(config, service, "sync-source", syncSourceScript(service, exportDir), targetIsMain(service) ? repoRoot : "/home/ubuntu", 90_000, false);
|
|
if (!pushStep(steps, sync)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
|
|
const buildScript = service.deployment.mode === "unidesk-direct"
|
|
? buildDirectImageScript(service, desired, resolvedCommit)
|
|
: buildImageScript(service, desired, resolvedCommit);
|
|
const build = await step(config, service, "docker-build", buildScript, targetWorkDir(service), Math.min(options.timeoutMs, 540_000), !targetIsMain(service));
|
|
if (!pushStep(steps, build)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
|
|
if (service.deployment.mode === "k3sctl-managed") {
|
|
const nativeK3s = await step(config, service, "ensure-native-k3s", ensureNativeK3sScript(), "/home/ubuntu", 600_000, true);
|
|
if (!pushStep(steps, nativeK3s)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
const imageImport = await step(config, service, "import-k3s-image", importK3sImageScript(service), targetWorkDir(service), 180_000, true);
|
|
if (!pushStep(steps, imageImport)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
const apply = await step(config, service, "kubectl-apply", applyK8sScript(service), targetWorkDir(service), 60_000, false);
|
|
if (!pushStep(steps, apply)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
const stamp = await step(config, service, "stamp-deploy-commit", stampK8sScript(service, desired, resolvedCommit), targetWorkDir(service), 60_000, false);
|
|
if (!pushStep(steps, stamp)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
const rollout = await step(config, service, "rollout", rolloutK8sScript(service), targetWorkDir(service), 240_000, true);
|
|
if (!pushStep(steps, rollout)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
} else {
|
|
const deploy = await step(config, service, "compose-up", composeDeployScript(service), targetIsMain(service) ? repoRoot : targetWorkDir(service), 180_000, !targetIsMain(service));
|
|
if (!pushStep(steps, deploy)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
const imageVerify = await step(config, service, "image-label-verify", imageLabelVerifyScript(service, resolvedCommit), targetIsMain(service) ? repoRoot : targetWorkDir(service), 60_000, false);
|
|
if (!pushStep(steps, imageVerify)) return { ok: false, serviceId: service.id, startedAt, finishedAt: nowIso(), resolvedCommit, before, steps };
|
|
}
|
|
|
|
const health = await healthVerify(config, service, desired, resolvedCommit, 90_000);
|
|
steps.push(health);
|
|
return {
|
|
ok: health.ok,
|
|
serviceId: service.id,
|
|
action: "deployed",
|
|
startedAt,
|
|
finishedAt: nowIso(),
|
|
resolvedCommit,
|
|
before,
|
|
after: health.raw,
|
|
steps,
|
|
};
|
|
}
|
|
|
|
async function checkOrPlan(config: UniDeskConfig, manifest: DeployManifest, options: DeployOptions, action: "check" | "plan"): Promise<Record<string, unknown>> {
|
|
const services = selectServices(config, manifest, options.serviceId);
|
|
const items = [];
|
|
for (const item of services) {
|
|
const state = await readRuntimeState(config, item.config, item.desired);
|
|
items.push({
|
|
...state,
|
|
action: action === "plan"
|
|
? state.supported
|
|
? state.upToDate ? "noop" : "deploy"
|
|
: "unsupported"
|
|
: undefined,
|
|
});
|
|
}
|
|
return {
|
|
ok: items.every((item) => item.supported && (action === "plan" || item.healthOk)),
|
|
action,
|
|
file: options.file,
|
|
services: items,
|
|
};
|
|
}
|
|
|
|
async function runApplyNow(config: UniDeskConfig, manifest: DeployManifest, options: DeployOptions): Promise<Record<string, unknown>> {
|
|
const selected = selectServices(config, manifest, options.serviceId);
|
|
const startedAt = nowIso();
|
|
const results = [];
|
|
for (const item of selected) {
|
|
progressLine("service", "reconcile", { serviceId: item.config.id, providerId: item.config.providerId, mode: item.config.deployment.mode });
|
|
results.push(await applyOneService(config, item.config, item.desired, options));
|
|
const latest = results.at(-1) as Record<string, unknown>;
|
|
if (latest.ok !== true) break;
|
|
}
|
|
return {
|
|
ok: results.every((result) => result.ok === true),
|
|
action: "apply",
|
|
file: options.file,
|
|
dryRun: options.dryRun,
|
|
startedAt,
|
|
finishedAt: nowIso(),
|
|
results,
|
|
};
|
|
}
|
|
|
|
function applyJob(config: UniDeskConfig, args: string[], options: DeployOptions): Record<string, unknown> {
|
|
const runArgs = args.includes("--run-now") ? args : [...args, "--run-now"];
|
|
const command = [process.execPath, rootPath("scripts", "cli.ts"), "deploy", ...runArgs];
|
|
const job = startJob("deploy_apply", command, `Reconcile services from ${options.file}${options.serviceId === null ? "" : ` service=${options.serviceId}`}`);
|
|
return {
|
|
ok: true,
|
|
mode: "async-job",
|
|
job,
|
|
statusCommand: `bun scripts/cli.ts job status ${job.id}`,
|
|
tailCommand: `bun scripts/cli.ts job status ${job.id} --tail-bytes 30000`,
|
|
note: "Deployment continues in the background: target-side fetch, one-shot proxied build, deploy, stamp, and live health verification.",
|
|
configProject: config.project.name,
|
|
};
|
|
}
|
|
|
|
export async function runDeployCommand(config: UniDeskConfig, args: string[]): Promise<unknown> {
|
|
const [actionRaw = "check"] = args;
|
|
if (isHelpArg(actionRaw) || args.slice(1).some(isHelpArg)) return deployHelp(isHelpArg(actionRaw) ? undefined : actionRaw);
|
|
if (!["check", "plan", "apply"].includes(actionRaw)) throw new Error("deploy command must be one of: check, plan, apply");
|
|
const action = actionRaw as DeployAction;
|
|
const options = parseOptions(args.slice(1));
|
|
const manifest = resolveManifestCommits(readDeployManifest(options.file), options.serviceId);
|
|
if (action === "check" || action === "plan") return await checkOrPlan(config, manifest, options, action);
|
|
if (!options.runNow) return applyJob(config, args, options);
|
|
return await runApplyNow(config, manifest, options);
|
|
}
|
|
|
|
export async function runCodeQueueDeployCompatCommand(config: UniDeskConfig, args: string[]): Promise<unknown> {
|
|
if (args.includes("--skip-build")) throw new Error("codex deploy no longer supports --skip-build; target-side Docker build is mandatory");
|
|
const providerId = optionValue(args, ["--provider-id", "--provider"]) ?? "D601";
|
|
if (providerId !== "D601") throw new Error(`codex deploy compatibility path only supports D601; got ${providerId}`);
|
|
const commitId = optionValue(args, ["--commit", "--commit-id"]) ?? positionalArgs(args)[0] ?? "";
|
|
if (!/^[0-9a-f]{7,40}$/iu.test(commitId)) throw new Error("codex deploy requires a 7-40 char commit id");
|
|
const service = config.microservices.find((item) => item.id === "code-queue");
|
|
if (service === undefined) throw new Error("config.json does not contain microservice id=code-queue");
|
|
const manifestRelDir = join(".state", "deploy", "manifests");
|
|
mkdirSync(rootPath(manifestRelDir), { recursive: true });
|
|
const manifestRelPath = join(manifestRelDir, `code-queue-${commitId.toLowerCase()}.json`);
|
|
writeFileSync(rootPath(manifestRelPath), `${JSON.stringify({
|
|
schemaVersion: 1,
|
|
services: [{ id: "code-queue", repo: service.repository.url, commitId: commitId.toLowerCase() }],
|
|
}, null, 2)}\n`, "utf8");
|
|
const deployArgs = [
|
|
"apply",
|
|
"--file",
|
|
manifestRelPath,
|
|
"--service",
|
|
"code-queue",
|
|
...(args.includes("--run-now") ? ["--run-now"] : []),
|
|
...(args.includes("--force") ? ["--force"] : []),
|
|
...(optionValue(args, ["--timeout-ms"]) === undefined ? [] : ["--timeout-ms", optionValue(args, ["--timeout-ms"]) as string]),
|
|
];
|
|
return await runDeployCommand(config, deployArgs);
|
|
}
|