From e33a7ff0e50fd89ea02dcbf1d1ad8b5833ddd4b7 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Sun, 28 Jun 2026 20:23:25 +0800
Subject: [PATCH] fix(runner): require live non110 runner evidence [skip ci]

---
 .../check-awoooi-non110-runner-readiness.sh   | 58 +++++++++++++++++++
 1 file changed, 58 insertions(+)

diff --git a/ops/runner/check-awoooi-non110-runner-readiness.sh b/ops/runner/check-awoooi-non110-runner-readiness.sh
index e9974b1f..5c5dc920 100755
--- a/ops/runner/check-awoooi-non110-runner-readiness.sh
+++ b/ops/runner/check-awoooi-non110-runner-readiness.sh
@@ -9,6 +9,8 @@ set -euo pipefail
 TARGET_HOST_IP="${TARGET_HOST_IP:-192.168.0.188}"
 FORBIDDEN_HOST_IPS="${FORBIDDEN_HOST_IPS:-192.168.0.110}"
 RUNNER_CONFIG_PATHS="${RUNNER_CONFIG_PATHS:-/home/wooo/act-runner-awoooi/config.yaml /home/wooo/awoooi-act-runner/config.yaml /home/wooo/awoooi-non110-runner/config.yaml /home/wooo/act-runner/config.yaml}"
+RUNNER_BINARY_PATHS="${RUNNER_BINARY_PATHS:-/home/wooo/act-runner-awoooi/act_runner /home/wooo/awoooi-act-runner/act_runner /home/wooo/awoooi-non110-runner/act_runner /home/wooo/act-runner/act_runner}"
+RUNNER_REGISTRATION_PATHS="${RUNNER_REGISTRATION_PATHS:-/home/wooo/act-runner-awoooi/.runner /home/wooo/awoooi-act-runner/.runner /home/wooo/awoooi-non110-runner/.runner /home/wooo/act-runner/.runner}"
 RUNNER_SERVICE_NAMES="${RUNNER_SERVICE_NAMES:-awoooi-non110-runner.service gitea-act-runner-awoooi.service gitea-act-runner-host.service}"
 ALLOWED_LABEL_NAMES="${ALLOWED_LABEL_NAMES:-awoooi-non110-host awoooi-non110-ubuntu awoooi-host awoooi-ubuntu}"
 FORBIDDEN_LABEL_RE="${FORBIDDEN_LABEL_RE:-^(ubuntu-latest|ubuntu-[0-9].*|self-hosted|stockplatform.*|stock-platform.*|headless.*|playwright.*)$}"
@@ -21,7 +23,10 @@ ROLLBACK_UNIT_NAMES="${ROLLBACK_UNIT_NAMES:-awoooi-non110-runner-rollback.servic
 BLOCKERS=()
 WARNINGS=()
 READY_CONFIG_COUNT=0
+READY_BINARY_COUNT=0
+READY_REGISTRATION_COUNT=0
 READY_SERVICE_COUNT=0
+READY_ACTIVE_SERVICE_COUNT=0
 
 section() {
   printf '\n== %s ==\n' "$1"
@@ -232,6 +237,45 @@ check_configs() {
   fi
 }
 
+check_binaries() {
+  section "runner binary metadata"
+  local binary kind binary_ok
+  for binary in $RUNNER_BINARY_PATHS; do
+    binary_ok=0
+    if [ -x "$binary" ] && [ -f "$binary" ]; then
+      binary_ok=1
+      kind="$(file -b "$binary" 2>/dev/null || echo unknown)"
+      READY_BINARY_COUNT=$((READY_BINARY_COUNT + 1))
+    else
+      kind="missing_or_not_executable"
+    fi
+    printf 'RUNNER_BINARY path=%s executable=%s kind=%s\n' "$binary" "$binary_ok" "$kind"
+  done
+
+  if [ "$READY_BINARY_COUNT" -eq 0 ]; then
+    blocker "runner_binary_missing"
+  fi
+}
+
+check_registrations() {
+  section "runner registration metadata"
+  local registration mode size
+  for registration in $RUNNER_REGISTRATION_PATHS; do
+    if [ -f "$registration" ] && [ -s "$registration" ]; then
+      size="$(stat -c '%s' "$registration" 2>/dev/null || echo unknown)"
+      mode="$(stat -c '%a' "$registration" 2>/dev/null || echo unknown)"
+      printf 'RUNNER_REGISTRATION path=%s present=1 size_bytes=%s mode=%s content_read=false\n' "$registration" "$size" "$mode"
+      READY_REGISTRATION_COUNT=$((READY_REGISTRATION_COUNT + 1))
+      continue
+    fi
+    printf 'RUNNER_REGISTRATION path=%s present=0 content_read=false\n' "$registration"
+  done
+
+  if [ "$READY_REGISTRATION_COUNT" -eq 0 ]; then
+    blocker "runner_registration_missing"
+  fi
+}
+
 unit_has_required_limits() {
   local unit="$1"
   local text="$2"
@@ -254,6 +298,12 @@ check_services() {
     fi
     state="$(systemd_show "$unit" | tr '\n' ' ' || true)"
     printf 'RUNNER_SERVICE unit=%s installed=1 %s\n' "$unit" "$state"
+    if grep -q 'ActiveState=active' <<<"$state" && grep -Eq 'MainPID=[1-9][0-9]*' <<<"$state"; then
+      READY_ACTIVE_SERVICE_COUNT=$((READY_ACTIVE_SERVICE_COUNT + 1))
+      printf 'RUNNER_SERVICE_ACTIVE unit=%s active=1 main_pid=1\n' "$unit"
+    else
+      blocker "runner_service_not_active:${unit}"
+    fi
     if unit_has_required_limits "$unit" "$text"; then
       READY_SERVICE_COUNT=$((READY_SERVICE_COUNT + 1))
     else
@@ -264,6 +314,9 @@ check_services() {
   if [ "$READY_SERVICE_COUNT" -eq 0 ]; then
     blocker "no_ready_runner_service"
   fi
+  if [ "$READY_ACTIVE_SERVICE_COUNT" -eq 0 ]; then
+    blocker "no_active_runner_service"
+  fi
 }
 
 check_rollback() {
@@ -307,13 +360,18 @@ main() {
 
   check_host
   check_configs
+  check_binaries
+  check_registrations
   check_services
   check_rollback
   check_pressure
 
   section "verdict"
   printf 'READY_CONFIG_COUNT=%s\n' "$READY_CONFIG_COUNT"
+  printf 'READY_BINARY_COUNT=%s\n' "$READY_BINARY_COUNT"
+  printf 'READY_REGISTRATION_COUNT=%s\n' "$READY_REGISTRATION_COUNT"
   printf 'READY_SERVICE_COUNT=%s\n' "$READY_SERVICE_COUNT"
+  printf 'READY_ACTIVE_SERVICE_COUNT=%s\n' "$READY_ACTIVE_SERVICE_COUNT"
   printf 'WARNING_COUNT=%s\n' "${#WARNINGS[@]}"
   printf 'BLOCKER_COUNT=%s\n' "${#BLOCKERS[@]}"
   if [ "${#BLOCKERS[@]}" -eq 0 ]; then