disinto-admin/disinto
1
0
Fork 0
Code Issues 23 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: [nomad-step-3] S3.4 — wire --with woodpecker + deploy ordering + OAuth seed (#937) #941

Closed
dev-qwen wants to merge 1 commit from fix/issue-937 into main
pull from: fix/issue-937
merge into: disinto-admin:main
Conversation 0 Commits 1 Files changed 1 +69 -16
1 changed files with 69 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

85
bin/disinto
View file

@ -82,7 +82,7 @@ Init options:
--ci-id <n> Woodpecker CI repo ID (default: 0 = no CI) --ci-id <n> Woodpecker CI repo ID (default: 0 = no CI)
--forge-url <url> Forge base URL (default: http://localhost:3000) --forge-url <url> Forge base URL (default: http://localhost:3000)
--backend <value> Orchestration backend: docker (default) | nomad --backend <value> Orchestration backend: docker (default) | nomad
--with <services> (nomad) Deploy services: forgejo[,...] (S1.3) --with <services> (nomad) Deploy services: forgejo,woodpecker-server,woodpecker-agent[,...] (S1.3, S3.4)
--empty (nomad) Bring up cluster only, no jobs (S0.4) --empty (nomad) Bring up cluster only, no jobs (S0.4)
--bare Skip compose generation (bare-metal setup) --bare Skip compose generation (bare-metal setup)
--build Use local docker build instead of registry images (dev mode) --build Use local docker build instead of registry images (dev mode)
@ -783,6 +783,27 @@ _disinto_init_nomad() {
fi fi
if [ -n "$with_services" ]; then if [ -n "$with_services" ]; then
# Normalize services: auto-include forgejo when woodpecker is requested
# (woodpecker without forgejo is nonsensical)
local normalized_services="$with_services"
if echo "$with_services" | grep -q "woodpecker" && ! echo "$with_services" | grep -q "forgejo"; then
echo "Note: --with woodpecker implies --with forgejo (OAuth dependency)"
normalized_services="forgejo,${with_services}"
fi
# Define deployment order: forgejo -> woodpecker-server -> woodpecker-agent
# Only include services that are requested (after normalization)
local DEPLOY_ORDER=""
for ordered_svc in forgejo woodpecker-server woodpecker-agent; do
if echo ",$normalized_services," | grep -q ",$ordered_svc,"; then
if [ -z "$DEPLOY_ORDER" ]; then
DEPLOY_ORDER="$ordered_svc"
else
DEPLOY_ORDER="$DEPLOY_ORDER $ordered_svc"
fi
fi
done
# Vault seed plan (S2.6, #928): one line per service whose # Vault seed plan (S2.6, #928): one line per service whose
# tools/vault-seed-<svc>.sh ships. Services without a seeder are # tools/vault-seed-<svc>.sh ships. Services without a seeder are
# silently skipped — the real-run loop below mirrors this, # silently skipped — the real-run loop below mirrors this,
@ -791,7 +812,7 @@ _disinto_init_nomad() {
# any further change to bin/disinto. # any further change to bin/disinto.
local seed_hdr_printed=false local seed_hdr_printed=false
local IFS=',' local IFS=','
for svc in $with_services; do for svc in $normalized_services; do
svc=$(echo "$svc" | xargs) # trim whitespace svc=$(echo "$svc" | xargs) # trim whitespace
local seed_script="${FACTORY_ROOT}/tools/vault-seed-${svc}.sh" local seed_script="${FACTORY_ROOT}/tools/vault-seed-${svc}.sh"
if [ -x "$seed_script" ]; then if [ -x "$seed_script" ]; then
@ -805,14 +826,14 @@ _disinto_init_nomad() {
[ "$seed_hdr_printed" = true ] && echo "" [ "$seed_hdr_printed" = true ] && echo ""
echo "── Deploy services dry-run ────────────────────────────" echo "── Deploy services dry-run ────────────────────────────"
echo "[deploy] services to deploy: ${with_services}" echo "[deploy] services to deploy: ${normalized_services}"
for svc in $with_services; do echo "[deploy] deployment order: ${DEPLOY_ORDER}"
svc=$(echo "$svc" | xargs) # trim whitespace for svc in $DEPLOY_ORDER; do
# Validate known services first # Validate known services first
case "$svc" in case "$svc" in
forgejo) ;; forgejo|woodpecker-server|woodpecker-agent) ;;
*) *)
echo "Error: unknown service '${svc}' — known: forgejo" >&2 echo "Error: unknown service '${svc}' — known: forgejo, woodpecker-server, woodpecker-agent" >&2
exit 1 exit 1
;; ;;
esac esac
@ -936,9 +957,15 @@ _disinto_init_nomad() {
# `env_keep` (VAULT_ADDR is not). Using `env` as the actual command # `env_keep` (VAULT_ADDR is not). Using `env` as the actual command
# sets VAULT_ADDR in the child process regardless of sudoers policy. # sets VAULT_ADDR in the child process regardless of sudoers policy.
if [ -n "$with_services" ]; then if [ -n "$with_services" ]; then
# Normalize services: auto-include forgejo when woodpecker is requested
local normalized_services="$with_services"
if echo "$with_services" | grep -q "woodpecker" && ! echo "$with_services" | grep -q "forgejo"; then
normalized_services="forgejo,${with_services}"
fi
local vault_addr="${VAULT_ADDR:-http://127.0.0.1:8200}" local vault_addr="${VAULT_ADDR:-http://127.0.0.1:8200}"
local IFS=',' local IFS=','
for svc in $with_services; do for svc in $normalized_services; do
svc=$(echo "$svc" | xargs) # trim whitespace svc=$(echo "$svc" | xargs) # trim whitespace
local seed_script="${FACTORY_ROOT}/tools/vault-seed-${svc}.sh" local seed_script="${FACTORY_ROOT}/tools/vault-seed-${svc}.sh"
if [ -x "$seed_script" ]; then if [ -x "$seed_script" ]; then
@ -959,22 +986,42 @@ _disinto_init_nomad() {
# Deploy services if requested # Deploy services if requested
if [ -n "$with_services" ]; then if [ -n "$with_services" ]; then
# Normalize services: auto-include forgejo when woodpecker is requested
# (woodpecker without forgejo is nonsensical)
local normalized_services="$with_services"
if echo "$with_services" | grep -q "woodpecker" && ! echo "$with_services" | grep -q "forgejo"; then
echo "Note: --with woodpecker implies --with forgejo (OAuth dependency)"
normalized_services="forgejo,${with_services}"
fi
# Define deployment order: forgejo -> woodpecker-server -> woodpecker-agent
# Only include services that are requested (after normalization)
local DEPLOY_ORDER=""
for ordered_svc in forgejo woodpecker-server woodpecker-agent; do
if echo ",$normalized_services," | grep -q ",$ordered_svc,"; then
if [ -z "$DEPLOY_ORDER" ]; then
DEPLOY_ORDER="$ordered_svc"
else
DEPLOY_ORDER="$DEPLOY_ORDER $ordered_svc"
fi
fi
done
echo "" echo ""
echo "── Deploying services ─────────────────────────────────" echo "── Deploying services ─────────────────────────────────"
local -a deploy_cmd=("$deploy_sh") local -a deploy_cmd=("$deploy_sh")
# Split comma-separated service list into positional args # Split comma-separated service list into positional args (in deploy order)
local IFS=',' local IFS=' '
for svc in $with_services; do for svc in $DEPLOY_ORDER; do
svc=$(echo "$svc" | xargs) # trim whitespace
if ! echo "$svc" | grep -qE '^[a-zA-Z0-9_-]+$'; then if ! echo "$svc" | grep -qE '^[a-zA-Z0-9_-]+$'; then
echo "Error: invalid service name '${svc}' — must match ^[a-zA-Z0-9_-]+$" >&2 echo "Error: invalid service name '${svc}' — must match ^[a-zA-Z0-9_-]+$" >&2
exit 1 exit 1
fi fi
# Validate known services FIRST (before jobspec check) # Validate known services FIRST (before jobspec check)
case "$svc" in case "$svc" in
forgejo) ;; forgejo|woodpecker-server|woodpecker-agent) ;;
*) *)
echo "Error: unknown service '${svc}' — known: forgejo" >&2 echo "Error: unknown service '${svc}' — known: forgejo, woodpecker-server, woodpecker-agent" >&2
exit 1 exit 1
;; ;;
esac esac
@ -1011,10 +1058,16 @@ _disinto_init_nomad() {
else else
echo "Imported: (none — seed kv/disinto/* manually before deploying secret-dependent services)" echo "Imported: (none — seed kv/disinto/* manually before deploying secret-dependent services)"
fi fi
echo "Deployed: ${with_services}" echo "Deployed: ${normalized_services}"
if echo "$with_services" | grep -q "forgejo"; then if echo "$normalized_services" | grep -q "forgejo"; then
echo "Ports: forgejo: 3000" echo "Ports: forgejo: 3000"
fi fi
if echo "$normalized_services" | grep -q "woodpecker-server"; then
echo " woodpecker-server: 8000"
fi
if echo "$normalized_services" | grep -q "woodpecker-agent"; then
echo " woodpecker-agent: (agent connected)"
fi
echo "────────────────────────────────────────────────────────" echo "────────────────────────────────────────────────────────"
fi fi