Merge remote-tracking branch 'origin/main' into codex/p0-obs-002-20260715
This commit is contained in:
@@ -27,8 +27,12 @@ def test_gitea_actions_secret_variable_name_inventory_loader_is_value_safe() ->
|
||||
assert payload["status"] == "gitea_actions_secret_variable_name_inventory_ready"
|
||||
assert payload["ready"] is True
|
||||
assert payload["summary"]["workflow_file_count"] == committed_workflow_file_count
|
||||
assert payload["summary"]["referenced_secret_name_count"] == 26
|
||||
assert payload["summary"]["referenced_variable_name_count"] == 0
|
||||
assert payload["summary"]["referenced_secret_name_count"] == len(
|
||||
payload["secret_name_rows"]
|
||||
)
|
||||
assert payload["summary"]["referenced_variable_name_count"] == len(
|
||||
payload["variable_name_rows"]
|
||||
)
|
||||
assert payload["summary"]["secret_values_collected"] is False
|
||||
assert payload["summary"]["variable_values_collected"] is False
|
||||
assert payload["operation_boundaries"]["secret_value_read_allowed"] is False
|
||||
|
||||
@@ -160,12 +160,12 @@ spec:
|
||||
- name: AWOOOI_BUILD_COMMIT_SHA
|
||||
# 2026-06-29 Codex: CD rewrites this to the deployed image tag so
|
||||
# production deploy readback does not rely on a stale static snapshot.
|
||||
value: "bb60c78ef324879680829b45df05363e7b08c280"
|
||||
value: "e01db7391e89a52958d9c3f06c3218fdc5053eb7"
|
||||
- name: AWOOOI_DESIRED_API_IMAGE_TAG
|
||||
# 2026-06-30 Codex: CD rewrites this alongside AWOOOI_BUILD_COMMIT_SHA.
|
||||
# Production readback compares runtime image truth against this
|
||||
# GitOps desired tag instead of doing a slow Gitea raw fetch.
|
||||
value: "bb60c78ef324879680829b45df05363e7b08c280"
|
||||
value: "e01db7391e89a52958d9c3f06c3218fdc5053eb7"
|
||||
- name: DATABASE_POOL_SIZE
|
||||
# 2026-07-01 Codex: production role `awoooi` currently has a low
|
||||
# connection limit. Keep API pool conservative until DB role
|
||||
|
||||
@@ -66,7 +66,7 @@ spec:
|
||||
- name: DATABASE_NULL_POOL
|
||||
value: "true"
|
||||
- name: AWOOOI_BUILD_COMMIT_SHA
|
||||
value: "bb60c78ef324879680829b45df05363e7b08c280"
|
||||
value: "e01db7391e89a52958d9c3f06c3218fdc5053eb7"
|
||||
- name: ENABLE_AWOOOP_ANSIBLE_CANDIDATE_BACKFILL_WORKER
|
||||
value: "false"
|
||||
- name: ENABLE_AWOOOP_ANSIBLE_CHECK_MODE_WORKER
|
||||
|
||||
@@ -177,7 +177,7 @@ spec:
|
||||
- name: DATABASE_BOOTSTRAP_DDL_ENABLED
|
||||
value: "false"
|
||||
- name: AWOOOI_BUILD_COMMIT_SHA
|
||||
value: "bb60c78ef324879680829b45df05363e7b08c280"
|
||||
value: "e01db7391e89a52958d9c3f06c3218fdc5053eb7"
|
||||
- name: ENABLE_AWOOOP_ANSIBLE_CANDIDATE_BACKFILL_WORKER
|
||||
value: "true"
|
||||
- name: ENABLE_SECURITY_CONTROL_PLANE_MAINTENANCE_WORKER
|
||||
|
||||
@@ -40,9 +40,9 @@ resources:
|
||||
# ⚠️ 重要: name 必須與 deployment YAML 中的 image 完全匹配 (含 tag)
|
||||
# newName + newTag 由 CI 透過 kustomize edit set image 注入
|
||||
images:
|
||||
- digest: sha256:07912102ac09f002d64290b24f83f358587b0c81a9ea487362924157a04db037
|
||||
- digest: sha256:a06af69531087ef123b91bcae5f4170f322035156a64e5d09ef8ebdc23ea1c7a
|
||||
name: 192.168.0.110:5000/library/api:IMAGE_TAG_PLACEHOLDER
|
||||
newName: 192.168.0.110:5000/awoooi/api
|
||||
- digest: sha256:b31dbb79ffe82d7bd3dde4e3786ab79e25dd2d2302ed06068f9acbea64b425f5
|
||||
- digest: sha256:9e6ada8cef17243c83230d7890acc1da154add49569b407a590e633d5a5ea70a
|
||||
name: 192.168.0.110:5000/library/web:IMAGE_TAG_PLACEHOLDER
|
||||
newName: 192.168.0.110:5000/awoooi/web
|
||||
|
||||
@@ -336,11 +336,12 @@ compressed = gzip.compress(
|
||||
)
|
||||
payload = base64.b64encode(compressed).decode("ascii")
|
||||
line_width = 65536
|
||||
max_payload_lines = 16
|
||||
payload_lines = [
|
||||
payload[offset : offset + line_width]
|
||||
for offset in range(0, len(payload), line_width)
|
||||
]
|
||||
if not payload_lines or len(payload_lines) > 8:
|
||||
if not payload_lines or len(payload_lines) > max_payload_lines:
|
||||
raise SystemExit("remote_bootstrap_payload_line_contract_failed")
|
||||
output_path.write_text(
|
||||
"\n".join(payload_lines) + "\n" + sentinel + "\n",
|
||||
@@ -504,8 +505,9 @@ if ($allLines.Count -lt 2 -or $allLines[-1] -cne $sentinel) {{
|
||||
throw "remote_bootstrap_sentinel_missing"
|
||||
}}
|
||||
$payloadLines = @($allLines[0..($allLines.Count - 2)])
|
||||
$maxPayloadLines = 16
|
||||
$charCount = [int](($payloadLines | Measure-Object -Property Length -Sum).Sum) + (2 * $payloadLines.Count)
|
||||
if ($payloadLines.Count -gt 8 -or $charCount -gt 1048576) {{
|
||||
if ($payloadLines.Count -gt $maxPayloadLines -or $charCount -gt 1048576) {{
|
||||
throw "remote_bootstrap_input_limit_exceeded"
|
||||
}}
|
||||
$payload = [string]::Join("", $payloadLines)
|
||||
|
||||
@@ -163,10 +163,12 @@ def test_sender_builds_sha256_envelope_and_streams_it_without_remote_cli_data()
|
||||
assert "remote_bootstrap_input_limit_exceeded" in source
|
||||
assert "remote_bootstrap_sentinel_missing" in source
|
||||
assert "line_width = 65536" in source
|
||||
assert "len(payload_lines) > 8" in source
|
||||
assert "max_payload_lines = 16" in source
|
||||
assert "len(payload_lines) > max_payload_lines" in source
|
||||
assert '"\\n".join(payload_lines)' in source
|
||||
assert "remote_bootstrap_payload_line_contract_failed" in source
|
||||
assert "$payloadLines.Count -gt 8" in source
|
||||
assert "$maxPayloadLines = 16" in source
|
||||
assert "$payloadLines.Count -gt $maxPayloadLines" in source
|
||||
assert "$charCount -gt 1048576" in source
|
||||
assert '<"${BOOTSTRAP_PAYLOAD_PATH}"' not in source
|
||||
assert "rawEnvelope" not in source
|
||||
|
||||
Reference in New Issue
Block a user