From 563ca6554da05bc674a878c172c695e209efd7c1 Mon Sep 17 00:00:00 2001 From: ogt Date: Wed, 1 Jul 2026 21:42:48 +0800 Subject: [PATCH] fix(cd): syntax check recovery preflight in controlled lane --- .gitea/workflows/cd.yaml | 1 + docs/LOGBOOK.md | 22 +++++++++++++++++++ .../test_cd_controlled_runtime_profile.py | 1 + 3 files changed, 24 insertions(+) diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index 24441239f..b3315407c 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -782,6 +782,7 @@ jobs: ../../scripts/reboot-recovery/post-start-quick-check.sh \ ../../scripts/reboot-recovery/188-host-hygiene-maintenance-checklist.sh \ ../../scripts/reboot-recovery/full-stack-cold-start-check.sh \ + ../../scripts/reboot-recovery/momo-drive-token-source-recovery-preflight.sh \ ../../scripts/reboot-recovery/full-stack-recovery-scorecard.sh \ ../../scripts/reboot-recovery/harbor-watchdog.sh \ ../../scripts/reboot-recovery/awoooi-startup-110.sh \ diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index 5e430b9e8..a4110c8fa 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -52110,6 +52110,28 @@ production browser smoke: **下一步**: - rebase / commit / push truth-chain source split;讀回 Gitea queue 與 188 DB active query。若 deploy 收斂,立即 reset `awoooi` role 的 temporary `max_parallel_workers_per_gather=0`;若 110 SSH 恢復,第一動作仍是套用新版 systemd exporter 或暫停舊 exporter,再回讀 systemd/logind、Gitea CPU 與 load5/core。 +## 2026-07-01 — 21:41 CD controlled-runtime B5 誤觸發修正 + +**完成內容**: +- 公開 Gitea CD `#4302` 對 `10275a9d7b` 失敗;safe log 摘要確認 API tests 已通過 `3657 passed, 23 skipped`,真正紅點是 B5 step 誤跑後遇到 `BLOCKER b5_docker_socket_unavailable`。 +- 根因不是新 API service test,而是 `10275a9d` 變更包含 `scripts/reboot-recovery/momo-drive-token-source-recovery-preflight.sh`,該 cold-start preflight script 未列入 `.gitea/workflows/cd.yaml` controlled-runtime path allowlist,導致整個 run 被降回 full profile。 +- 已將 `scripts/reboot-recovery/momo-drive-token-source-recovery-preflight.sh` 納入 controlled-runtime source classifier,並加入 API tests step 的 `bash -n` syntax verifier。 +- `ops/runner/test_cd_controlled_runtime_profile.py` 新增 guard,確保該 script 的 source path 與 B5 前 syntax-check path 都維持在 controlled-runtime lane。 + +**本地驗證結果**: +- `python3.11 -m pytest ops/runner/test_cd_controlled_runtime_profile.py -q`:`41 passed`。 +- `python3 ops/runner/guard-gitea-runner-pressure.py --root .`:通過,`auto_branch_events_on_110=0`、`generic_runner_labels=0`。 +- `bash -n scripts/reboot-recovery/momo-drive-token-source-recovery-preflight.sh`:通過。 +- `python3.11 -m py_compile ops/runner/test_cd_controlled_runtime_profile.py`:通過。 +- `git diff --check`:通過。 + +**仍維持**: +- 沒有讀 secret / token / `.env` / raw sessions / SQLite / auth;沒有使用 GitHub / `gh` / GitHub API。 +- 沒有重啟主機,沒有 Docker / Nginx / K3s / DB / firewall 操作,沒有 workflow_dispatch,沒有 force push。 + +**下一步**: +- commit / push 後讀回新的 Gitea CD;目標是 controlled-runtime 直接跳過 B5,不再因 cold-start metadata/script 變更要求 Docker socket。 + ## 2026-07-01 — 08:50 P0 188 DB circuit breaker post-push readback **完成內容**: diff --git a/ops/runner/test_cd_controlled_runtime_profile.py b/ops/runner/test_cd_controlled_runtime_profile.py index 50650a3cd..6d912254b 100644 --- a/ops/runner/test_cd_controlled_runtime_profile.py +++ b/ops/runner/test_cd_controlled_runtime_profile.py @@ -728,6 +728,7 @@ def test_post_start_recovery_verifiers_stay_on_controlled_runtime_profile() -> N "../../scripts/reboot-recovery/post-start-quick-check.sh", "../../scripts/reboot-recovery/188-host-hygiene-maintenance-checklist.sh", "../../scripts/reboot-recovery/full-stack-cold-start-check.sh", + "../../scripts/reboot-recovery/momo-drive-token-source-recovery-preflight.sh", "../../scripts/reboot-recovery/full-stack-recovery-scorecard.sh", "../../scripts/reboot-recovery/harbor-watchdog.sh", "../../scripts/reboot-recovery/awoooi-startup-110.sh",