From db21e7e8e8dc543178c7eff4b89633c73b5c22a7 Mon Sep 17 00:00:00 2001 From: OoO Date: Thu, 30 Apr 2026 14:05:41 +0800 Subject: [PATCH] =?UTF-8?q?fix(devops):=20=E7=A7=BB=E9=99=A4=20startup=20?= =?UTF-8?q?=E8=85=B3=E6=9C=AC=E5=8D=B1=E9=9A=AA=20compose=20=E6=93=8D?= =?UTF-8?q?=E4=BD=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/SERVICE_DEPENDENCIES.md | 6 +++--- scripts/tools/system_startup_complete.sh | 6 +++--- tests/test_phase3f_cleanup_contracts.py | 20 ++++++++++++++++++++ 3 files changed, 26 insertions(+), 6 deletions(-) diff --git a/docs/SERVICE_DEPENDENCIES.md b/docs/SERVICE_DEPENDENCIES.md index 32d002d..fdb30ca 100644 --- a/docs/SERVICE_DEPENDENCIES.md +++ b/docs/SERVICE_DEPENDENCIES.md @@ -191,10 +191,10 @@ sudo tail -f /var/log/momo_startup.log # 檢查 Harbor 日誌 docker logs harbor-core -# 完全重啟 Harbor +# 安全重啟 Harbor(ADR-011:禁止 down / --remove-orphans) cd /home/wooo/devops/harbor/harbor -docker compose down --remove-orphans -docker compose up -d +docker compose stop +docker compose up -d --force-recreate ``` ### K8s Pod ImagePullBackOff diff --git a/scripts/tools/system_startup_complete.sh b/scripts/tools/system_startup_complete.sh index ebe2982..a7719b6 100644 --- a/scripts/tools/system_startup_complete.sh +++ b/scripts/tools/system_startup_complete.sh @@ -126,10 +126,10 @@ main() { log_info "[2/7] 啟動 Harbor Registry..." cd /home/wooo/devops/harbor/harbor - # 確保完全停止後再啟動 - docker compose down --remove-orphans 2>/dev/null || true + # ADR-011: 多專案共享主機避免使用會清除 orphan 資源的 compose 操作。 + docker compose stop 2>/dev/null || true sleep 5 - docker compose up -d + docker compose up -d --force-recreate wait_for_service "Harbor" "curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:5050/api/v2.0/ping | grep -q 200" 60 || { ((errors++)) diff --git a/tests/test_phase3f_cleanup_contracts.py b/tests/test_phase3f_cleanup_contracts.py index a0b39e5..d353dae 100644 --- a/tests/test_phase3f_cleanup_contracts.py +++ b/tests/test_phase3f_cleanup_contracts.py @@ -87,3 +87,23 @@ def test_tracked_backup_artifacts_stay_removed(): ] assert [path for path in forbidden_artifacts if (ROOT / path).exists()] == [] + + +def test_executable_scripts_do_not_use_remove_orphans(): + script_paths = [ + ROOT / "scripts", + ROOT / ".gitea" / "workflows", + ] + + offenders = [] + for script_root in script_paths: + if not script_root.exists(): + continue + for path in script_root.rglob("*"): + if not path.is_file(): + continue + content = path.read_text(encoding="utf-8", errors="ignore") + if "--remove-orphans" in content or "docker compose down" in content: + offenders.append(str(path.relative_to(ROOT))) + + assert offenders == []