fix(reboot): require double key for host runner sentinel
Some checks failed
Ansible / Reboot Recovery Contract / validate (push) Successful in 1m37s
Code Review / ai-code-review (push) Has been cancelled

This commit is contained in:
Your Name
2026-06-28 02:06:24 +08:00
parent 77ba5ed517
commit 7c3b1c0ab9

View File

@@ -193,9 +193,9 @@ RUNNER_SERVICE="gitea-act-runner-host.service"
RUNNER_ENABLE_SENTINEL="/run/awoooi-runner-host-enabled"
START_GITEA_RUNNER_ON_BOOT="${AWOOOI_START_GITEA_RUNNER_ON_BOOT:-0}"
START_GITEA_RUNNER_ALLOWED=0
# The runtime operator sentinel is the explicit, reversible approval to keep
# the host runner open during an authorized deployment window.
if [ -e "$RUNNER_ENABLE_SENTINEL" ]; then
# The runtime operator sentinel is the second key for an authorized deployment
# window. A single env var or a stale sentinel alone must not reopen host CI.
if [ "$START_GITEA_RUNNER_ON_BOOT" = "1" ] && [ -e "$RUNNER_ENABLE_SENTINEL" ]; then
START_GITEA_RUNNER_ALLOWED=1
fi
if [ -x "$RUNNER_DIR/act_runner" ] && [ -f "$RUNNER_DIR/config.yaml" ]; then