fix(cd): schedule bounded 110 harbor repair
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled
AWOOOI Harbor 110 Local Repair / workflow-shape (push) Successful in 0s
AWOOOI Harbor 110 Local Repair / harbor-110-local-repair (push) Has been cancelled

This commit is contained in:
Your Name
2026-06-30 20:37:58 +08:00
parent b8258c7c4a
commit 3ed4ce08c3
2 changed files with 35 additions and 17 deletions

View File

@@ -1,7 +1,8 @@
# AWOOOI Harbor 110 Local Repair
#
# Controlled runtime:
# - workflow_dispatch only; no push / pull_request / pull_request_target trigger
# - workflow_dispatch + low-frequency schedule only
# - no push / pull_request / pull_request_target trigger
# - runs only on the 110-local awoooi-host lane
# - no secret read, no Docker daemon restart, no reboot, no node drain
# - runs the existing bounded recovery script, then verifies local and public /v2/
@@ -10,10 +11,13 @@ name: AWOOOI Harbor 110 Local Repair
on:
workflow_dispatch:
schedule:
- cron: "*/10 * * * *"
env:
AWOOOI_HARBOR_110_LOCAL_REPAIR_ENABLED: "1"
AWOOOI_110_EXPECTED_HOST_IP: 192.168.0.110
AWOOOI_HARBOR_110_LOCAL_REPAIR_TRIGGER: ${{ github.event_name }}
jobs:
workflow-shape:
@@ -58,25 +62,35 @@ jobs:
chmod +x scripts/reboot-recovery/harbor-watchdog.sh
chmod +x scripts/reboot-recovery/recover-110-control-path-and-harbor-local.sh
run_recovery() {
sudo -n env \
TARGET_USER=wooo \
RELOAD_SSH=0 \
AWOOOI_110_EXPECTED_HOST_IP="${AWOOOI_110_EXPECTED_HOST_IP}" \
AWOOOI_110_SSH_REPAIR_SCRIPT="${PWD}/scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh" \
AWOOOI_HARBOR_WATCHDOG_SCRIPT="${PWD}/scripts/reboot-recovery/harbor-watchdog.sh" \
"${PWD}/scripts/reboot-recovery/recover-110-control-path-and-harbor-local.sh" \
"$@"
}
echo "harbor_110_local_repair_check_start=1"
sudo -n env \
TARGET_USER=wooo \
RELOAD_SSH=0 \
AWOOOI_110_EXPECTED_HOST_IP="${AWOOOI_110_EXPECTED_HOST_IP}" \
AWOOOI_110_SSH_REPAIR_SCRIPT="${PWD}/scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh" \
AWOOOI_HARBOR_WATCHDOG_SCRIPT="${PWD}/scripts/reboot-recovery/harbor-watchdog.sh" \
"${PWD}/scripts/reboot-recovery/recover-110-control-path-and-harbor-local.sh" \
--check
set +e
check_output="$(run_recovery --check 2>&1)"
check_rc=$?
set -e
printf '%s\n' "${check_output}"
echo "harbor_110_local_repair_check_rc=${check_rc}"
trigger="${GITHUB_EVENT_NAME:-${AWOOOI_HARBOR_110_LOCAL_REPAIR_TRIGGER:-unknown}}"
echo "harbor_110_local_repair_trigger=${trigger}"
if [ "${trigger}" != "workflow_dispatch" ] \
&& printf '%s\n' "${check_output}" | grep -q "harbor_ready=true"; then
echo "harbor_110_local_repair_skipped=already_ready"
exit 0
fi
echo "harbor_110_local_repair_apply_all_start=1"
sudo -n env \
TARGET_USER=wooo \
RELOAD_SSH=0 \
AWOOOI_110_EXPECTED_HOST_IP="${AWOOOI_110_EXPECTED_HOST_IP}" \
AWOOOI_110_SSH_REPAIR_SCRIPT="${PWD}/scripts/reboot-recovery/repair-110-ssh-publickey-auth-local.sh" \
AWOOOI_HARBOR_WATCHDOG_SCRIPT="${PWD}/scripts/reboot-recovery/harbor-watchdog.sh" \
"${PWD}/scripts/reboot-recovery/recover-110-control-path-and-harbor-local.sh" \
--apply-all
run_recovery --apply-all
- name: Verify Harbor registry routes after local repair
run: |

View File

@@ -109,6 +109,8 @@ def test_harbor_110_local_repair_workflow_is_dispatch_only_and_bounded() -> None
text = HARBOR_110_REPAIR_WORKFLOW.read_text(encoding="utf-8")
assert "workflow_dispatch:" in text
assert "schedule:" in text
assert 'cron: "*/10 * * * *"' in text
assert "push:" not in text
assert "pull_request:" not in text
assert "pull_request_target:" not in text
@@ -119,6 +121,8 @@ def test_harbor_110_local_repair_workflow_is_dispatch_only_and_bounded() -> None
assert "--check" in text
assert "--apply-all" in text
assert "sudo -n env" in text
assert "GITHUB_EVENT_NAME" in text
assert "harbor_110_local_repair_skipped=already_ready" in text
assert "192.168.0.110" in text
assert "http://127.0.0.1:5000/v2/" in text
assert "https://registry.wooo.work/v2/" in text