disinto-admin/disinto
1
0
Fork 0
Code Issues 18 Pull requests 2 Projects Releases Packages Wiki Activity Actions

fix: [nomad-step-5] S5.5 — wire --with edge,staging,chat + vault-runner + full deploy ordering (#992) #1002

Merged
dev-bot merged 4 commits from fix/issue-992-2 into main 2026-04-18 09:38:28 +00:00
Conversation 3 Commits 4 Files changed 4 +210 -11
dev-bot commented 2026-04-18 09:02:18 +00:00
Collaborator
Copy link

Fixes #992

Changes

Fixes #992 ## Changes
dev-bot added 1 commit 2026-04-18 09:02:18 +00:00
fix: [nomad-step-5] S5.5 — wire --with edge,staging,chat + vault-runner + full deploy ordering (#992)
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline failed
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline failed
Details
acd6240ec4 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dev-bot added 1 commit 2026-04-18 09:05:19 +00:00
fix: update bats test to include edge in known services list (#992)
Some checks failed
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/push/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline failed
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline failed
Details
0c85339285 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dev-bot added 1 commit 2026-04-18 09:09:19 +00:00
fix: deduplicate vault-seed-chat.sh preconditions + help text for CI (#992)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
8381f88491 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
review-bot commented 2026-04-18 09:22:10 +00:00
Collaborator
Copy link

AI Review

Blocker

  • high tools/vault-seed-chat.sh:95-101 + lib/hvault.sh:_hvault_seed_key: _hvault_seed_key returns 3 distinct codes — 0=created, 1=unchanged, 2=API error — but the caller uses a bare if which treats both 1 and 2 as falsy, printing "${key} unchanged" and exiting 0 on an API failure.

    The failure path is: hvault_get_or_empty returns non-zero (vault sealed, network error, non-200/404 response) → _hvault_seed_key executes || return 2if _hvault_seed_key ... → else branch → log "${key} unchanged". The script exits 0, the key is not seeded, and no error is surfaced to the caller (deploy.sh or CI).

    Fix: capture the return code explicitly and die on rc=2:

    rc=0
_hvault_seed_key "$KV_LOGICAL_PATH" "$key" || rc=$?
case "$rc" in
  0) generated+=("$key"); log "${key} generated" ;;
  1) log "${key} unchanged" ;;
  *) die "API error seeding ${key} (rc=${rc})" ;;
esac

Confirmed correct

  • edge consistently added to validation, deploy ordering, dry-run output, and image-build paths in all four locations that reference the service list.
  • Auto-dependency expansion for edge (lines ~1197–1209) runs before the IFS=, validation loop, so auto-added deps are themselves validated.
  • vault-runner sudo/root handling matches the pattern used for other deploy.sh calls in the same function.
  • VAULT_KV_MOUNT is initialized to kv by default in hvault.sh (: "${VAULT_KV_MOUNT:=kv}"), consistent with vault-seed-chat.sh's KV_MOUNT="kv".
  • _hvault_seed_key read-merge-write preserves sibling keys correctly for KV v2's atomic .data replacement.
  • vault-runner is correctly file-guarded (if [ -f "$vault_runner_path" ]) so a missing jobspec is a skip, not a crash.
  • Test update matches the new error message string exactly.

Verdict

REQUEST_CHANGES — _hvault_seed_key rc=2 (API error) is silently treated as 'unchanged' in vault-seed-chat.sh, masking seeding failures

Reviewed at 8381f88 | AGENTS.md

## AI Review <!-- reviewed: 8381f8849136bebe03f5f8518db49b5cb610ac00 --> ### Blocker - **high** `tools/vault-seed-chat.sh:95-101` + `lib/hvault.sh:_hvault_seed_key`: `_hvault_seed_key` returns 3 distinct codes — 0=created, 1=unchanged, 2=API error — but the caller uses a bare `if` which treats both 1 and 2 as falsy, printing "${key} unchanged" and exiting 0 on an API failure. The failure path is: `hvault_get_or_empty` returns non-zero (vault sealed, network error, non-200/404 response) → `_hvault_seed_key` executes `|| return 2` → `if _hvault_seed_key ...` → else branch → `log "${key} unchanged"`. The script exits 0, the key is not seeded, and no error is surfaced to the caller (deploy.sh or CI). Fix: capture the return code explicitly and die on rc=2: ```bash rc=0 _hvault_seed_key "$KV_LOGICAL_PATH" "$key" || rc=$? case "$rc" in 0) generated+=("$key"); log "${key} generated" ;; 1) log "${key} unchanged" ;; *) die "API error seeding ${key} (rc=${rc})" ;; esac ``` ### Confirmed correct - `edge` consistently added to validation, deploy ordering, dry-run output, and image-build paths in all four locations that reference the service list. - Auto-dependency expansion for `edge` (lines ~1197–1209) runs before the `IFS=,` validation loop, so auto-added deps are themselves validated. - vault-runner sudo/root handling matches the pattern used for other `deploy.sh` calls in the same function. - `VAULT_KV_MOUNT` is initialized to `kv` by default in `hvault.sh` (`: "${VAULT_KV_MOUNT:=kv}"`), consistent with `vault-seed-chat.sh`'s `KV_MOUNT="kv"`. - `_hvault_seed_key` read-merge-write preserves sibling keys correctly for KV v2's atomic `.data` replacement. - vault-runner is correctly file-guarded (`if [ -f "$vault_runner_path" ]`) so a missing jobspec is a skip, not a crash. - Test update matches the new error message string exactly. ### Verdict **REQUEST_CHANGES** — _hvault_seed_key rc=2 (API error) is silently treated as 'unchanged' in vault-seed-chat.sh, masking seeding failures --- *Reviewed at `8381f88` | [AGENTS.md](AGENTS.md)*
review-bot requested changes 2026-04-18 09:22:11 +00:00
Dismissed
review-bot left a comment
Collaborator
Copy link

AI Review: REQUEST_CHANGES — _hvault_seed_key rc=2 (API error) is silently treated as 'unchanged' in vault-seed-chat.sh, masking seeding failures

AI Review: **REQUEST_CHANGES** — _hvault_seed_key rc=2 (API error) is silently treated as 'unchanged' in vault-seed-chat.sh, masking seeding failures
dev-bot added 1 commit 2026-04-18 09:26:22 +00:00
fix: handle _hvault_seed_key rc=2 API error explicitly in vault-seed-chat.sh (#992)
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/pr/nomad-validate Pipeline was successful
Details
ci/woodpecker/pr/secret-scan Pipeline was successful
Details
ci/woodpecker/pr/smoke-init Pipeline was successful
Details
3b82f8e3a1 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
review-bot commented 2026-04-18 09:38:24 +00:00
Collaborator
Copy link

AI Re-review (round 2)

Previous Findings\n- high tools/vault-seed-chat.sh: _hvault_seed_key rc=2 silently treated as 'unchanged' → FIXED: explicit rc=0; ... || rc=$? + case with *) die ... matches recommended fix exactly; no collateral damage in the fixup hunk.\n\n### Verdict\nAcceptance test passed. Approved.

Verdict

APPROVE — Prior blocker fixed: rc=2 from _hvault_seed_key now caught and fatal via explicit capture + case

Reviewed at 3b82f8e | Previous: 8381f88 | AGENTS.md

## AI Re-review (round 2) <!-- reviewed: 3b82f8e3a1f9afd9712158878caf24f5ef2ff22f --> ### Previous Findings\n- **high** `tools/vault-seed-chat.sh`: `_hvault_seed_key` rc=2 silently treated as 'unchanged' → **FIXED**: explicit `rc=0; ... || rc=$?` + `case` with `*) die ...` matches recommended fix exactly; no collateral damage in the fixup hunk.\n\n### Verdict\nAcceptance test passed. Approved. ### Verdict **APPROVE** — Prior blocker fixed: rc=2 from _hvault_seed_key now caught and fatal via explicit capture + case --- *Reviewed at `3b82f8e` | Previous: `8381f88` | [AGENTS.md](AGENTS.md)*
review-bot approved these changes 2026-04-18 09:38:24 +00:00
review-bot left a comment
Collaborator
Copy link

AI Re-review (round 2): APPROVE — Prior blocker fixed: rc=2 from _hvault_seed_key now caught and fatal via explicit capture + case

AI Re-review (round 2): **APPROVE** — Prior blocker fixed: rc=2 from _hvault_seed_key now caught and fatal via explicit capture + case
dev-bot merged commit 8fc3ba5b59 into main 2026-04-18 09:38:28 +00:00
dev-bot deleted branch fix/issue-992-2 2026-04-18 09:38:29 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
review-bot
Labels
Clear labels   
action

   
backlog

   
blocked

   
bug-report

   
cannot-reproduce

   
in-progress

   
in-triage

   
needs-triage

   
prediction/actioned

   
prediction/dismissed

   
prediction/unreviewed

   
priority

   
rejected

   
reproduced

   
tech-debt

   
underspecified

   
vision
No labels
action
backlog
blocked
bug-report
cannot-reproduce
in-progress
in-triage
needs-triage
prediction/actioned
prediction/dismissed
prediction/unreviewed
priority
rejected
reproduced
tech-debt
underspecified
vision
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: disinto-admin/disinto#1002
No description provided.
Delete branch "fix/issue-992-2"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?