fix(ci): retry owner-required migrations safely

2026-05-06 16:31:04 +08:00
parent 1d9dbac112
commit fcf93aac11
2 changed files with 32 additions and 6 deletions
--- a/.gitea/workflows/run-migration.yml
+++ b/.gitea/workflows/run-migration.yml
@@ -66,8 +66,11 @@ jobs:
      - name: Apply new migrations
        if: steps.diff.outputs.new_files != ''
        env:
-          # 從 Gitea secrets 取,不直接明碼
+          # 從 Gitea secrets 取，不直接明碼輸出。
+          # MIGRATION_DATABASE_URL 是限權帳號；DATABASE_URL 只在 PostgreSQL
+          # 明確回報「必須是 table owner」時作為受控 fallback。
          PGURL: ${{ secrets.MIGRATION_DATABASE_URL }}
+          OWNER_PGURL: ${{ secrets.DATABASE_URL }}
        run: |
          set -euo pipefail
          if [ -z "$PGURL" ]; then
@@ -75,15 +78,37 @@ jobs:
            exit 1
          fi
          PGURL_PSQL="${PGURL/postgresql+asyncpg:\/\//postgresql:\/\/}"
+          OWNER_PGURL_PSQL="${OWNER_PGURL/postgresql+asyncpg:\/\//postgresql:\/\/}"
+
+          apply_migration() {
+            local url="$1"
+            local file="$2"
+            psql "$url" \
+              -v ON_ERROR_STOP=1 \
+              --single-transaction \
+              -f "$file"
+          }

          # 套用每個新檔 (single transaction per file)
          echo "${{ steps.diff.outputs.new_files }}" | while IFS= read -r file; do
            [ -z "$file" ] && continue
            echo "=== Applying: $file ==="
-            psql "$PGURL_PSQL" \
-              -v ON_ERROR_STOP=1 \
-              --single-transaction \
-              -f "$file"
+            migration_err="$(mktemp)"
+            if ! apply_migration "$PGURL_PSQL" "$file" 2>"$migration_err"; then
+              if grep -q "must be owner of table" "$migration_err"; then
+                if [ -z "$OWNER_PGURL_PSQL" ]; then
+                  cat "$migration_err" >&2
+                  echo "::error::migration requires table owner but DATABASE_URL secret is not set"
+                  exit 1
+                fi
+                echo "::warning::migration requires table owner; retrying with owner connection"
+                apply_migration "$OWNER_PGURL_PSQL" "$file"
+              else
+                cat "$migration_err" >&2
+                exit 1
+              fi
+            fi
+            rm -f "$migration_err"
            echo "=== OK: $file ==="
          done

--- a/docs/LOGBOOK.md
+++ b/docs/LOGBOOK.md
@@ -3790,4 +3790,5 @@ ALTER TABLE awooop_mcp_gateway_audit
 ```

 - 套用後確認 `tool_id_not_null=false`。
- 後續需獨立修正 migration 權限模型：`awoooi_migrator` 目前可新增部分 schema，但不能 ALTER 由 `awoooi` 擁有的既有表；這會讓「修既有表」類 migration 在 CI 中失敗。
+- 同輪已修正 `.gitea/workflows/run-migration.yml`：平常仍優先使用 `MIGRATION_DATABASE_URL` 限權帳號；只有 PostgreSQL 明確回報 `must be owner of table` 時，才以 `DATABASE_URL` table owner 連線重試，且不輸出任何連線串。
+- 後續仍需獨立檢討 DB ownership 模型：`awoooi_migrator` 目前可新增部分 schema，但不能 ALTER 由 `awoooi` 擁有的既有表；owner fallback 是營運修補，不是長期最終治理模型。