diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index 3692e5e72..5d520da86 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -518,6 +518,8 @@ jobs: ;; scripts/reboot-recovery/harbor-watchdog.sh) ;; + scripts/reboot-recovery/awoooi-startup-110.sh) + ;; scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh) ;; scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh) @@ -710,6 +712,7 @@ jobs: ../../scripts/reboot-recovery/full-stack-cold-start-check.sh \ ../../scripts/reboot-recovery/full-stack-recovery-scorecard.sh \ ../../scripts/reboot-recovery/harbor-watchdog.sh \ + ../../scripts/reboot-recovery/awoooi-startup-110.sh \ ../../scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh \ ../../scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh \ ../../scripts/reboot-recovery/verify-cold-start-monitor-deploy.sh \ diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index a33991838..c4f9f4426 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,16 @@ +## 2026-06-30 — 21:34 110 startup recovery changes stay on controlled-runtime CD profile + +**照主線修正的問題**: +- Gitea CD `#4078` 在 `fix(recovery): open controlled drain lane after guardrails` 後未進 Harbor login,tests job 跑到 full B5 真 DB integration 並因 socket / DB setup error 失敗。 +- Root cause 是 `scripts/reboot-recovery/awoooi-startup-110.sh` 屬於 110 runner / recovery guard source,但尚未列入 `.gitea/workflows/cd.yaml` 的 controlled-runtime allowlist;recovery-only 變更因此被錯送 full profile。 +- 已把 `awoooi-startup-110.sh` 加入 controlled-runtime changed-file allowlist 與 `bash -n` 檢查,並補 `ops/runner/test_cd_controlled_runtime_profile.py` 斷言,讓後續 110 runner guard/repair source 變更不再觸發 B5。 + +**驗證**: +- `pytest ops/runner/test_cd_controlled_runtime_profile.py -q` 通過。 +- `python3.11 ops/runner/guard-gitea-runner-pressure.py --root .`、`node scripts/ci/check-gitea-step-env-secrets.js`、`git diff --check` 通過。 + +**邊界**:只改 CD profile / profile test / LOGBOOK;未讀 secret / token / `.env` / raw sessions / SQLite / auth;未使用 GitHub / `gh` / GitHub API;未 workflow_dispatch;未 SSH / Docker / Nginx / K3s / DB / firewall runtime 寫入。 + ## 2026-06-30 — 21:23 Harbor 110 repair `awoooi-host` runner blocker closure readback **照主線修正的問題**: diff --git a/ops/runner/test_cd_controlled_runtime_profile.py b/ops/runner/test_cd_controlled_runtime_profile.py index 0f324b083..8917bddf3 100644 --- a/ops/runner/test_cd_controlled_runtime_profile.py +++ b/ops/runner/test_cd_controlled_runtime_profile.py @@ -456,6 +456,7 @@ def test_reboot_auto_recovery_slo_sources_stay_on_controlled_runtime_profile() - "scripts/reboot-recovery/full-stack-cold-start-check.sh)", "scripts/reboot-recovery/full-stack-recovery-scorecard.sh)", "scripts/reboot-recovery/harbor-watchdog.sh)", + "scripts/reboot-recovery/awoooi-startup-110.sh)", "scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh)", "scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh)", "scripts/reboot-recovery/verify-cold-start-monitor-deploy.sh)", @@ -499,6 +500,7 @@ def test_post_start_recovery_verifiers_stay_on_controlled_runtime_profile() -> N "../../scripts/reboot-recovery/full-stack-cold-start-check.sh", "../../scripts/reboot-recovery/full-stack-recovery-scorecard.sh", "../../scripts/reboot-recovery/harbor-watchdog.sh", + "../../scripts/reboot-recovery/awoooi-startup-110.sh", "../../scripts/reboot-recovery/diagnose-110-ssh-publickey-auth.sh", "../../scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh", "../../scripts/reboot-recovery/verify-cold-start-monitor-deploy.sh",