fix(cd): run smoke from isolated workspace
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 35s
CD Pipeline / build-and-deploy (push) Successful in 3m48s
CD Pipeline / post-deploy-checks (push) Successful in 1m38s
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 1s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 35s
CD Pipeline / build-and-deploy (push) Successful in 3m48s
CD Pipeline / post-deploy-checks (push) Successful in 1m38s
This commit is contained in:
@@ -2394,23 +2394,38 @@ jobs:
|
|||||||
# 首席架構師 Review I4 + 2026-04-05 Claude Code cache優化:
|
# 首席架構師 Review I4 + 2026-04-05 Claude Code cache優化:
|
||||||
# playwright.config.ts import @playwright/test — 必須先安裝 pnpm node_modules
|
# playwright.config.ts import @playwright/test — 必須先安裝 pnpm node_modules
|
||||||
# pnpm store 持久化到 /opt/pnpm-store,pnpm-lock.yaml hash 未變則 --prefer-offline
|
# pnpm store 持久化到 /opt/pnpm-store,pnpm-lock.yaml hash 未變則 --prefer-offline
|
||||||
|
SOURCE_WORKDIR=/source
|
||||||
|
SMOKE_WORKDIR=/tmp/awoooi-smoke-workspace
|
||||||
cleanup_smoke_workspace_artifacts() {
|
cleanup_smoke_workspace_artifacts() {
|
||||||
# 2026-05-19 Codex: pnpm creates a symlink-heavy node_modules tree
|
rm -rf "$SMOKE_WORKDIR" \
|
||||||
# inside the bind-mounted checkout. Remove it before act-runner's
|
/tmp/pnpm-install.log \
|
||||||
# post-job cleanup so successful smoke jobs do not end with
|
/tmp/playwright-install-deps.log \
|
||||||
# errSymlink cleanup noise.
|
|
||||||
rm -rf /workspace/node_modules \
|
|
||||||
/workspace/apps/web/node_modules \
|
|
||||||
/workspace/apps/web/tests/e2e/.auth \
|
|
||||||
/workspace/apps/web/test-results \
|
|
||||||
/workspace/apps/web/playwright-report \
|
|
||||||
2>/dev/null || true
|
|
||||||
find /workspace/apps /workspace/packages \
|
|
||||||
-mindepth 2 -maxdepth 2 -type d -name node_modules -prune -exec rm -rf {} + \
|
|
||||||
2>/dev/null || true
|
2>/dev/null || true
|
||||||
}
|
}
|
||||||
trap cleanup_smoke_workspace_artifacts EXIT
|
trap cleanup_smoke_workspace_artifacts EXIT
|
||||||
|
|
||||||
|
rm -rf "$SMOKE_WORKDIR"
|
||||||
|
mkdir -p "$SMOKE_WORKDIR"
|
||||||
|
if command -v tar >/dev/null 2>&1; then
|
||||||
|
tar \
|
||||||
|
--exclude='./.git' \
|
||||||
|
--exclude='./node_modules' \
|
||||||
|
--exclude='./apps/web/node_modules' \
|
||||||
|
--exclude='./apps/web/test-results' \
|
||||||
|
--exclude='./apps/web/playwright-report' \
|
||||||
|
--exclude='./packages/*/node_modules' \
|
||||||
|
-cf - -C "$SOURCE_WORKDIR" . | tar -xf - -C "$SMOKE_WORKDIR"
|
||||||
|
else
|
||||||
|
cp -a "$SOURCE_WORKDIR/." "$SMOKE_WORKDIR/"
|
||||||
|
rm -rf "$SMOKE_WORKDIR/.git" \
|
||||||
|
"$SMOKE_WORKDIR/node_modules" \
|
||||||
|
"$SMOKE_WORKDIR/apps/web/node_modules" \
|
||||||
|
"$SMOKE_WORKDIR/apps/web/test-results" \
|
||||||
|
"$SMOKE_WORKDIR/apps/web/playwright-report" \
|
||||||
|
2>/dev/null || true
|
||||||
|
fi
|
||||||
|
cd "$SMOKE_WORKDIR"
|
||||||
|
|
||||||
PNPM_STORE=/opt/pnpm-store
|
PNPM_STORE=/opt/pnpm-store
|
||||||
PNPM_HASH_FILE=/opt/pnpm-store/.lock_hash
|
PNPM_HASH_FILE=/opt/pnpm-store/.lock_hash
|
||||||
CURRENT_PNPM_HASH=$(md5sum pnpm-lock.yaml | awk '{print $1}')
|
CURRENT_PNPM_HASH=$(md5sum pnpm-lock.yaml | awk '{print $1}')
|
||||||
@@ -2472,12 +2487,13 @@ jobs:
|
|||||||
--name "awoooi-cd-${GITHUB_RUN_ID:-manual}-${GITHUB_RUN_ATTEMPT:-1}-e2e-smoke" \
|
--name "awoooi-cd-${GITHUB_RUN_ID:-manual}-${GITHUB_RUN_ATTEMPT:-1}-e2e-smoke" \
|
||||||
--cpus "1.5" \
|
--cpus "1.5" \
|
||||||
--memory "2g" \
|
--memory "2g" \
|
||||||
-v "$PWD:/workspace" \
|
-v "$PWD:/source:ro" \
|
||||||
|
-v "$SMOKE_OUTPUT:/github-output" \
|
||||||
-v /tmp/awoooi-smoke.sh:/tmp/awoooi-smoke.sh:ro \
|
-v /tmp/awoooi-smoke.sh:/tmp/awoooi-smoke.sh:ro \
|
||||||
-v awoooi-pnpm-store:/opt/pnpm-store \
|
-v awoooi-pnpm-store:/opt/pnpm-store \
|
||||||
-v awoooi-playwright-browsers:/opt/playwright-browsers \
|
-v awoooi-playwright-browsers:/opt/playwright-browsers \
|
||||||
-w /workspace \
|
-w /tmp \
|
||||||
-e GITHUB_OUTPUT=/workspace/.awoooi-smoke-output \
|
-e GITHUB_OUTPUT=/github-output \
|
||||||
-e CI=true \
|
-e CI=true \
|
||||||
-e PLAYWRIGHT_BASE_URL=https://awoooi.wooo.work \
|
-e PLAYWRIGHT_BASE_URL=https://awoooi.wooo.work \
|
||||||
"${{ env.CI_IMAGE }}" \
|
"${{ env.CI_IMAGE }}" \
|
||||||
@@ -2487,12 +2503,13 @@ jobs:
|
|||||||
--name "awoooi-cd-${GITHUB_RUN_ID:-manual}-${GITHUB_RUN_ATTEMPT:-1}-e2e-smoke" \
|
--name "awoooi-cd-${GITHUB_RUN_ID:-manual}-${GITHUB_RUN_ATTEMPT:-1}-e2e-smoke" \
|
||||||
--cpus "1.5" \
|
--cpus "1.5" \
|
||||||
--memory "2g" \
|
--memory "2g" \
|
||||||
-v "$PWD:/workspace" \
|
-v "$PWD:/source:ro" \
|
||||||
|
-v "$SMOKE_OUTPUT:/github-output" \
|
||||||
-v /tmp/awoooi-smoke.sh:/tmp/awoooi-smoke.sh:ro \
|
-v /tmp/awoooi-smoke.sh:/tmp/awoooi-smoke.sh:ro \
|
||||||
-v awoooi-pnpm-store:/opt/pnpm-store \
|
-v awoooi-pnpm-store:/opt/pnpm-store \
|
||||||
-v awoooi-playwright-browsers:/opt/playwright-browsers \
|
-v awoooi-playwright-browsers:/opt/playwright-browsers \
|
||||||
-w /workspace \
|
-w /tmp \
|
||||||
-e GITHUB_OUTPUT=/workspace/.awoooi-smoke-output \
|
-e GITHUB_OUTPUT=/github-output \
|
||||||
-e CI=true \
|
-e CI=true \
|
||||||
-e PLAYWRIGHT_BASE_URL=https://awoooi.wooo.work \
|
-e PLAYWRIGHT_BASE_URL=https://awoooi.wooo.work \
|
||||||
"${{ env.CI_IMAGE }}" \
|
"${{ env.CI_IMAGE }}" \
|
||||||
|
|||||||
@@ -1,3 +1,15 @@
|
|||||||
|
## 2026-07-01 — 17:29 Gitea CD post-deploy smoke workspace 權限修正
|
||||||
|
|
||||||
|
**照主線修正的問題**:
|
||||||
|
- CD `#4272` 已成功完成 tests、image build/push、ArgoCD `Synced/Healthy`、K8s rollout 與 production deploy readback,並讀回 `792de2553c` 與 GitOps desired image tag 一致;但 post-deploy browser smoke 仍回 `SMOKE_RESULT=⚠️`。
|
||||||
|
- smoke log 顯示 `pnpm install` 在 bind-mounted checkout 的 `/workspace/node_modules` 建目錄時 `EACCES`,代表 smoke container 不應直接在 runner checkout 安裝依賴。
|
||||||
|
- `.gitea/workflows/cd.yaml` 改成把 source checkout 唯讀掛到 `/source`,在 container 內建立 `/tmp/awoooi-smoke-workspace` 後用 `tar` 排除 `.git`、`node_modules`、`test-results`、`playwright-report` 再安裝與執行 Playwright;`GITHUB_OUTPUT` 改用單檔 bind mount `/github-output` 寫回,不再把整個 checkout 當可寫 workspace。
|
||||||
|
- `ops/runner/test_cd_controlled_runtime_profile.py` 新增 guard,禁止 smoke 回到 `-v "$PWD:/workspace"`、`-w /workspace` 或 `/workspace/.awoooi-smoke-output`,避免下一次權限 / symlink cleanup 問題再讓 smoke 假黃。
|
||||||
|
|
||||||
|
**邊界**:未讀 secret / token / `.env` / raw sessions / SQLite / auth;未使用 GitHub / `gh` / GitHub API;未重啟主機 / Docker / Nginx / K3s / DB / firewall;未 force push。
|
||||||
|
|
||||||
|
**下一步**:跑本地 workflow guard 後推 Gitea main,等待下一個 CD 重新產生 post-deploy smoke `pass` 證據;若 smoke 還是黃,繼續只收斂最新失敗段落。
|
||||||
|
|
||||||
## 2026-07-01 — 17:18 Gitea CD post-deploy smoke 依賴證據修正
|
## 2026-07-01 — 17:18 Gitea CD post-deploy smoke 依賴證據修正
|
||||||
|
|
||||||
**照主線修正的問題**:
|
**照主線修正的問題**:
|
||||||
|
|||||||
@@ -136,6 +136,15 @@ def test_post_deploy_smoke_uses_workspace_playwright_dependency() -> None:
|
|||||||
assert "pnpm exec playwright install chromium --with-deps" in block
|
assert "pnpm exec playwright install chromium --with-deps" in block
|
||||||
assert "pnpm exec playwright install-deps chromium" in block
|
assert "pnpm exec playwright install-deps chromium" in block
|
||||||
assert "pnpm exec playwright test tests/e2e/smoke.spec.ts --reporter=line" in block
|
assert "pnpm exec playwright test tests/e2e/smoke.spec.ts --reporter=line" in block
|
||||||
|
assert "SMOKE_WORKDIR=/tmp/awoooi-smoke-workspace" in block
|
||||||
|
assert "-v \"$PWD:/source:ro\"" in block
|
||||||
|
assert "-v \"$SMOKE_OUTPUT:/github-output\"" in block
|
||||||
|
assert "-w /tmp" in block
|
||||||
|
assert "-e GITHUB_OUTPUT=/github-output" in block
|
||||||
|
assert "-v \"$PWD:/workspace\"" not in block
|
||||||
|
assert "-w /workspace" not in block
|
||||||
|
assert "GITHUB_OUTPUT=/workspace/.awoooi-smoke-output" not in block
|
||||||
|
assert "rm -rf /workspace/node_modules" not in block
|
||||||
assert "npx playwright" not in block
|
assert "npx playwright" not in block
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user