fix(cd): accept deploy marker readback [skip ci]

This commit is contained in:
Your Name
2026-07-01 16:48:41 +08:00
parent bb61d5ab35
commit 0f9583d47f
3 changed files with 36 additions and 3 deletions

View File

@@ -2031,11 +2031,12 @@ jobs:
runtime_short == expected_short
and desired_short == expected_short
and desired_status == "ok"
and matches_main
):
print(
"✅ Production deploy readback matches Gitea main desired "
f"image tag ({expected_short}) on attempt {attempt}/{attempts}"
"✅ Production deploy readback matches this build and "
"GitOps desired image tag "
f"({expected_short}) on attempt {attempt}/{attempts};"
f"matches_main={matches_main}"
)
raise SystemExit(0)
last_error = (

View File

@@ -51656,6 +51656,29 @@ production browser smoke:
**下一步**
- commit / push 後讀回 Gitea Actions 新 run若 tests 過但 build / deploy 仍失敗,繼續沿同一條 CD readback 修復,不切支線。
## 2026-07-01 — 16:50 Gitea CD deploy marker readback gate 修正
**完成內容**
- Gitea CD `#4267` 已證明前一輪 tests 紅點修復:`tests` job succeeded`build-and-deploy` 已 build / push imageArgoCD 讀回 `sync=Synced``health=Healthy``awoooi-api` / `awoooi-web` / `awoooi-worker` rollout 都成功。
- 剩餘卡點是 CD 內 deploy readback gate`expected=7f0e4c53a2``runtime=7f0e4c53a2``desired=7f0e4c53a2``desired_status=ok`,但 build-and-deploy 同步推了 deploy marker `0913bf52a chore(cd): deploy 7f0e4c5 [skip ci]`,使 `production_deploy_image_tag_matches_main=false`
- 已修正 `.gitea/workflows/cd.yaml`deploy readback 通過條件改為 runtime image tag 與 GitOps desired image tag 都等於本次 build commit`matches_main` 保留為 evidence不再把 `[skip ci]` deploy marker commit SHA 誤當成 image tag。
- `ops/runner/test_cd_controlled_runtime_profile.py` 增加 guard確保 success condition 包含 `runtime_short == expected_short``desired_short == expected_short``desired_status == "ok"`,且不再要求 `and matches_main`
**本地驗證結果**
- `python3.11 -m pytest ops/runner/test_cd_controlled_runtime_profile.py -q``36 passed`
- `python3 ops/runner/guard-gitea-runner-pressure.py --root .`:通過。
- `node scripts/ci/check-gitea-step-env-secrets.js`:通過。
- `python3.11 -m py_compile ops/runner/test_cd_controlled_runtime_profile.py`:通過。
- `git diff --check`:通過。
**仍維持**
- 沒有讀 secret / token / `.env` / raw sessions / SQLite / auth沒有讀 `.runner` 內容。
- 沒有使用 GitHub / gh / GitHub API / GitHub Actions。
- 沒有重啟主機,沒有 Docker / Nginx / K3s / DB restart沒有 workflow_dispatch沒有 DROP / TRUNCATE / restore / prune。
**下一步**
- commit / push 後讀回新的 Gitea CD run確認 tests、build、deploy readback 都通過,再讀 production health / ArgoCD / image tag 證據。
## 2026-07-01 — 08:55 Truth-chain hot lookup helper test 對齊
**完成內容**

View File

@@ -67,6 +67,15 @@ def test_cd_requires_production_deploy_readback_after_rollout() -> None:
assert "production_deploy_runtime_build_commit_short_sha" in text
assert "production_deploy_desired_main_api_image_tag_short_sha" in text
assert "production_deploy_desired_main_api_image_tag_readback_status" in text
assert "Production deploy readback matches this build and " in text
assert "GitOps desired image tag " in text
success_block = text.split(
'"✅ Production deploy readback matches this build and "', 1
)[0].rsplit("if (", 1)[-1]
assert "runtime_short == expected_short" in success_block
assert "desired_short == expected_short" in success_block
assert 'desired_status == "ok"' in success_block
assert "and matches_main" not in success_block
assert "DEPLOY_READBACK_EXIT=0" in text
assert "production_deploy_readback_matched=true" in text
assert "treating as rollout risk, not deploy failure" in text