fix(ci): harden migration audit seed
All checks were successful
Code Review / ai-code-review (push) Successful in 10s
All checks were successful
Code Review / ai-code-review (push) Successful in 10s
This commit is contained in:
Your Name
@@ -133,13 +133,15 @@ jobs:
|
||||
PGURL_PSQL="${PGURL/postgresql+asyncpg:\/\//postgresql:\/\/}"
|
||||
OWNER_PGURL_PSQL="${OWNER_PGURL/postgresql+asyncpg:\/\//postgresql:\/\/}"
|
||||
FILES_JSON=$(echo "${{ steps.diff.outputs.new_files }}" | jq -Rn '[inputs | select(length > 0)]')
|
||||
SUMMARY_JSON=$(jq -cn \
|
||||
--arg commit_sha "${{ github.sha }}" \
|
||||
--argjson files "$FILES_JSON" \
|
||||
'{type: "ci_migration", commit_sha: $commit_sha, files: $files}')
|
||||
SUMMARY_JSON_SQL=${SUMMARY_JSON//\'/\'\'}
|
||||
|
||||
seed_audit() {
|
||||
local url="$1"
|
||||
psql "$url" \
|
||||
-v ON_ERROR_STOP=1 \
|
||||
-v commit_sha="${{ github.sha }}" \
|
||||
-v files_json="$FILES_JSON" <<'SQL'
|
||||
psql "$url" -v ON_ERROR_STOP=1 <<SQL
|
||||
INSERT INTO asset_discovery_run (
|
||||
run_id, triggered_by, scope, scan_depth, status,
|
||||
started_at, ended_at, tools_used, summary
|
||||
@@ -152,11 +154,7 @@ jobs:
|
||||
NOW(),
|
||||
NOW(),
|
||||
'{\"psql\": 1, \"gitea_ci\": 1}'::jsonb,
|
||||
jsonb_build_object(
|
||||
'type', 'ci_migration',
|
||||
'commit_sha', :'commit_sha',
|
||||
'files', :'files_json'::jsonb
|
||||
)
|
||||
'${SUMMARY_JSON_SQL}'::jsonb
|
||||
);
|
||||
SQL
|
||||
}
|
||||
|
||||
@@ -1,3 +1,31 @@
|
||||
## 2026-05-12 | run-migration audit seed 再修正
|
||||
|
||||
**背景**:Gitea `run-migration` 在 `Seed asset_discovery_run (audit)` 再次失敗:
|
||||
|
||||
```text
|
||||
ERROR: syntax error at or near ":"
|
||||
LINE 16: 'commit_sha', :'commit_sha',
|
||||
```
|
||||
|
||||
**修正**:
|
||||
- `.gitea/workflows/run-migration.yml` 不再依賴 `psql` 的 `:'commit_sha'` / `:'files_json'` 變數展開。
|
||||
- 改由 `jq` 先產生完整 `summary` JSON,再以 shell-safe SQL literal 寫入 `asset_discovery_run.summary`。
|
||||
- 保留 owner connection fallback,只修 audit seed,不改 migration apply 流程。
|
||||
|
||||
**驗證**:
|
||||
- `ruby -e 'require "yaml"; YAML.load_file(".gitea/workflows/run-migration.yml")'`:yaml ok。
|
||||
- 抽出 `Seed asset_discovery_run (audit)` step 後 `bash -n`:通過。
|
||||
- mock `psql` 實跑該 step:rendered SQL 已無 `:'...'` psql 變數,並包含 `commit_sha` / `files` JSON。
|
||||
- `git diff --check`:通過。
|
||||
|
||||
**整體進度**:
|
||||
- Wave 0:MOMO PostgreSQL backup → AwoooP 失敗通知接線完成並已推版。
|
||||
- Truth-chain T0:read-only truth-chain API 完成、部署、production smoke 完成。
|
||||
- T1:Channel Event hardening 完成、部署、production smoke 完成。
|
||||
- T2:legacy MCP audit bridge / backfill / truth-chain visibility 完成、部署、production smoke 完成;first-class MCP Gateway enforced path 仍待後續 wave。
|
||||
- 本次:CI migration audit seed 紅燈修正完成,待推 Gitea main 觀察下一次 `run-migration`。
|
||||
- 下一步:回到 T3 Ansible declarative executor 盤點與 first-class audit surface。
|
||||
|
||||
## 2026-05-12 | Truth-chain T0 read-only API 第一版
|
||||
|
||||
**背景**:完成 Telegram / AwoooP truth-chain live audit 後,下一步先做不改 runtime 的 T0 查詢端點,避免再只靠 Telegram 文案或人工 SQL 判斷流程卡點。
|
||||
|
||||
Reference in New Issue
Block a user