diff --git a/docs/LOGBOOK.md b/docs/LOGBOOK.md index ea7e4071..8473935c 100644 --- a/docs/LOGBOOK.md +++ b/docs/LOGBOOK.md @@ -1,3 +1,12 @@ +## 2026-06-29 — 10:53 non-110 runner registration TTY 指引修正 + +**完成內容**: +- 補強 `ops/runner/register-awoooi-non110-runner.sh --help` 與 `ops/runner/README.md`,明確說明正式註冊不能用 `ssh -t ... 'bash -s' < script`,因為 stdin 會被 script 佔用而不是互動 TTY。 +- 文件改為要求先把 helper 放在 188,再用 `ssh -tt ollama@192.168.0.188 'cd /home/ollama/act-runner-awoooi && ./register-awoooi-non110-runner.sh'` 執行 hidden token prompt。 +- 補測試鎖住 no-token-argv 與 no-stdin-pipe registration 指引;`runner registration token not found` 被記錄為 token scope / freshness 問題,不要求 Codex 取得 token。 + +**邊界**:只改 committed docs / helper usage / tests;未使用 GitHub;未讀 token / `.runner` 內容 / cookie / session / secret;未操作 host / Docker / K8s / runner service;未 workflow_dispatch。 + ## 2026-06-29 — 10:44 non-110 CD closure verifier snapshot fallback **完成內容**: diff --git a/ops/runner/README.md b/ops/runner/README.md index edeb5d0f..5447f16b 100644 --- a/ops/runner/README.md +++ b/ops/runner/README.md @@ -509,7 +509,19 @@ ssh ollama@192.168.0.188 'bash -s -- --check' \ 正式註冊時,helper 會用 silent TTY 讀取 runner token,透過 stdin 餵給 `act_runner register`,不使用 `--token` argv、不列印 token、不讀 `.runner` -內容;若 `.runner` 已存在,預設只回報下一步 enable / verifier,不覆寫。 +內容;若 `.runner` 已存在,預設只回報下一步 enable / verifier,不覆寫。正式註冊 +不能用 `ssh -t ... 'bash -s' < ops/runner/register-awoooi-non110-runner.sh`, +因為 stdin 會被 script 佔用而不是互動 TTY;請先把 helper 放在 188 上,再用: + +```bash +ssh -tt ollama@192.168.0.188 \ + 'cd /home/ollama/act-runner-awoooi && ./register-awoooi-non110-runner.sh' +``` + +若 Gitea 回 `runner registration token not found`,代表貼入的不是 +`http://192.168.0.110:3001` 當前 scope 的 runner registration token、token 已過期, +或 scope 錯誤;重新從 `wooo/awoooi` repo / `wooo` org / instance runner 頁產生 +registration token,不要使用 Personal Access Token 或 API token。 註冊與 autostart 後,CD lane 不能只靠「runner 已註冊」宣稱恢復;必須用 sanitized evidence 彙整 verifier: diff --git a/ops/runner/register-awoooi-non110-runner.sh b/ops/runner/register-awoooi-non110-runner.sh index 23fb0fc4..009bd375 100755 --- a/ops/runner/register-awoooi-non110-runner.sh +++ b/ops/runner/register-awoooi-non110-runner.sh @@ -20,6 +20,11 @@ Usage: ops/runner/register-awoooi-non110-runner.sh --check ops/runner/register-awoooi-non110-runner.sh +Remote registration: + Copy this script to the target host first, then run it from ssh -tt. + Do not pipe the script over stdin for the real registration path, because + token entry needs the interactive TTY. + Environment overrides: GITEA_INSTANCE, RUNNER_NAME, RUNNER_LABELS, RUNNER_DIR, RUNNER_BINARY, RUNNER_CONFIG, RUNNER_REGISTRATION diff --git a/ops/runner/test_register_awoooi_non110_runner.py b/ops/runner/test_register_awoooi_non110_runner.py index 86d850d7..6e000192 100644 --- a/ops/runner/test_register_awoooi_non110_runner.py +++ b/ops/runner/test_register_awoooi_non110_runner.py @@ -19,6 +19,8 @@ def test_register_helper_has_no_token_argv_path() -> None: assert "runner_token_in_argv=false" in text assert "runner_token_echoed=false" in text assert "raw_runner_registration_read=false" in text + assert "Copy this script to the target host first" in text + assert "Do not pipe the script over stdin" in text def test_register_helper_rejects_runner_token_env(tmp_path: Path) -> None: