ddb902f1ff
Some checks failed
CD Pipeline / build-and-deploy (push) Has been cancelled
CI 修復 (b636d3b第二次 fail 真因): cd.yaml line 161 ACT_NET=$(docker network ls | grep -E '^GITEA-ACTIONS-...') act runner 用 'bash -e -o pipefail',grep 無 match 時 exit 1 → 整 step 中斷 (前一次e7ba8cbfail 是 PG IP 不通,b636d3b 是 grep set-e bug — 兩個不同錯誤) 修復: ACT_NET=$(... | (grep -E '...' || echo "") | head -1) 把 grep 包在 subshell 並 || echo "" 確保失敗時 ACT_NET 為空字串 新增 asset_scanner_job (ADR-090 § Phase 7 第 1 個 service): + apps/api/src/jobs/asset_scanner_job.py (~360 行) - run_asset_scanner_loop: 每 1h cron,首次延遲 60s - scan_once: 用 K8sProvider kubectl_get pods --all-namespaces - UPSERT asset_inventory (asset_key 為 UNIQUE,跨 run 沿用同 asset_id) - 為每個 active asset 寫 7 維 asset_coverage_snapshot (預設 unknown) - 寫 automation_operation_log(asset_discovered) + main.py lifespan asyncio.create_task() wire 預期解鎖: - asset_inventory: 從 0 → 數百 (全 namespace pods) - asset_discovery_run: 每小時 1 筆 - asset_coverage_snapshot: 每筆 asset × 7 dim - automation_operation_log: 新增 'asset_discovered' op_type 下一階段 (rule_catalog / capacity / compliance scanner) 待 CI 通過後分批提交. Refs: ADR-090 §4.1, MASTER §3.4 D4, project_blindspot_governance.md Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>