fix(cd): keep startup recovery on controlled profile
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 31s
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled

This commit is contained in:
Your Name
2026-06-30 21:32:48 +08:00
parent 3397f5a9aa
commit c2df760e40
3 changed files with 18 additions and 0 deletions

View File

@@ -518,6 +518,8 @@ jobs:
;;
scripts/reboot-recovery/harbor-watchdog.sh)
;;
scripts/reboot-recovery/awoooi-startup-110.sh)
;;
scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh)
;;
scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh)
@@ -710,6 +712,7 @@ jobs:
../../scripts/reboot-recovery/full-stack-cold-start-check.sh \
../../scripts/reboot-recovery/full-stack-recovery-scorecard.sh \
../../scripts/reboot-recovery/harbor-watchdog.sh \
../../scripts/reboot-recovery/awoooi-startup-110.sh \
../../scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh \
../../scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh \
../../scripts/reboot-recovery/verify-cold-start-monitor-deploy.sh \

View File

@@ -1,3 +1,16 @@
## 2026-06-30 — 21:34 110 startup recovery changes stay on controlled-runtime CD profile
**照主線修正的問題**
- Gitea CD `#4078``fix(recovery): open controlled drain lane after guardrails` 後未進 Harbor logintests job 跑到 full B5 真 DB integration 並因 socket / DB setup error 失敗。
- Root cause 是 `scripts/reboot-recovery/awoooi-startup-110.sh` 屬於 110 runner / recovery guard source但尚未列入 `.gitea/workflows/cd.yaml` 的 controlled-runtime allowlistrecovery-only 變更因此被錯送 full profile。
- 已把 `awoooi-startup-110.sh` 加入 controlled-runtime changed-file allowlist 與 `bash -n` 檢查,並補 `ops/runner/test_cd_controlled_runtime_profile.py` 斷言,讓後續 110 runner guard/repair source 變更不再觸發 B5。
**驗證**
- `pytest ops/runner/test_cd_controlled_runtime_profile.py -q` 通過。
- `python3.11 ops/runner/guard-gitea-runner-pressure.py --root .``node scripts/ci/check-gitea-step-env-secrets.js``git diff --check` 通過。
**邊界**:只改 CD profile / profile test / LOGBOOK未讀 secret / token / `.env` / raw sessions / SQLite / auth未使用 GitHub / `gh` / GitHub API未 workflow_dispatch未 SSH / Docker / Nginx / K3s / DB / firewall runtime 寫入。
## 2026-06-30 — 21:23 Harbor 110 repair `awoooi-host` runner blocker closure readback
**照主線修正的問題**

View File

@@ -456,6 +456,7 @@ def test_reboot_auto_recovery_slo_sources_stay_on_controlled_runtime_profile() -
"scripts/reboot-recovery/full-stack-cold-start-check.sh)",
"scripts/reboot-recovery/full-stack-recovery-scorecard.sh)",
"scripts/reboot-recovery/harbor-watchdog.sh)",
"scripts/reboot-recovery/awoooi-startup-110.sh)",
"scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh)",
"scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh)",
"scripts/reboot-recovery/verify-cold-start-monitor-deploy.sh)",
@@ -499,6 +500,7 @@ def test_post_start_recovery_verifiers_stay_on_controlled_runtime_profile() -> N
"../../scripts/reboot-recovery/full-stack-cold-start-check.sh",
"../../scripts/reboot-recovery/full-stack-recovery-scorecard.sh",
"../../scripts/reboot-recovery/harbor-watchdog.sh",
"../../scripts/reboot-recovery/awoooi-startup-110.sh",
"../../scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh",
"../../scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh",
"../../scripts/reboot-recovery/verify-cold-start-monitor-deploy.sh",