fix: Woodpecker pipeline YAML quoting + trigger test [ci skip]
This commit is contained in:
parent
b3cc5fcc32
commit
7f5115f9fe
1 changed files with 19 additions and 60 deletions
|
|
@ -12,70 +12,29 @@ steps:
|
||||||
image: python:3.12-alpine
|
image: python:3.12-alpine
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache jq curl git openssh-client
|
- apk add --no-cache jq curl git openssh-client
|
||||||
# Find which post-mortem changed
|
- "PM_FILE=$(git diff HEAD~1 --name-only | grep 'docs/post-mortems/.*\\.md' | head -1)"
|
||||||
- PM_FILE=$(git diff HEAD~1 --name-only | grep 'docs/post-mortems/.*\.md' | head -1)
|
- "if [ -z \"$PM_FILE\" ]; then echo 'No post-mortem changes'; exit 0; fi"
|
||||||
- |
|
- "echo \"Post-mortem changed: $PM_FILE\""
|
||||||
if [ -z "$PM_FILE" ]; then
|
- "if ! git diff HEAD~1 -- \"$PM_FILE\" | grep -q '+.*TODO'; then echo 'No new TODOs'; exit 0; fi"
|
||||||
echo "No post-mortem markdown changes detected"
|
- "bash scripts/parse-postmortem-todos.sh \"$PM_FILE\" > /tmp/todos.json"
|
||||||
exit 0
|
- "cat /tmp/todos.json"
|
||||||
fi
|
- "TODO_COUNT=$(jq '.safe_todos' /tmp/todos.json)"
|
||||||
- echo "Post-mortem changed: $PM_FILE"
|
- "echo \"$TODO_COUNT safe TODO(s) found\""
|
||||||
# Check if there are new TODOs (not just TODO→Done updates)
|
- "if [ \"$TODO_COUNT\" -eq 0 ]; then echo 'No auto-implementable TODOs'; exit 0; fi"
|
||||||
- |
|
- "SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
|
||||||
if ! git diff HEAD~1 -- "$PM_FILE" | grep -q '+.*TODO'; then
|
- "VAULT_TOKEN=$(curl -sf -X POST http://vault-active.vault.svc.cluster.local:8200/v1/auth/kubernetes/login -d \"{\\\"role\\\":\\\"ci\\\",\\\"jwt\\\":\\\"$SA_TOKEN\\\"}\" | jq -r .auth.client_token)"
|
||||||
echo "No new TODOs added (only status updates) — skipping"
|
- "if [ -z \"$VAULT_TOKEN\" ] || [ \"$VAULT_TOKEN\" = 'null' ]; then echo 'Vault auth failed'; exit 1; fi"
|
||||||
exit 0
|
- "curl -sf -H \"X-Vault-Token: $VAULT_TOKEN\" http://vault-active.vault.svc.cluster.local:8200/v1/secret/data/ci/infra | jq -r '.data.data.devvm_ssh_key' > /tmp/devvm-key"
|
||||||
fi
|
- "chmod 600 /tmp/devvm-key"
|
||||||
# Parse TODOs
|
- "TODOS=$(cat /tmp/todos.json | tr '\\n' ' ')"
|
||||||
- bash scripts/parse-postmortem-todos.sh "$PM_FILE" > /tmp/todos.json
|
- "ssh -i /tmp/devvm-key -o StrictHostKeyChecking=no wizard@10.0.10.10 \"cd ~/code/infra && git pull && claude -p --agent postmortem-todo-resolver --dangerously-skip-permissions --max-budget-usd 5 'Implement TODOs from $PM_FILE: $TODOS'\""
|
||||||
- cat /tmp/todos.json
|
- "rm -f /tmp/devvm-key"
|
||||||
- TODO_COUNT=$(jq '.safe_todos' /tmp/todos.json)
|
|
||||||
- |
|
|
||||||
if [ "$TODO_COUNT" -eq 0 ]; then
|
|
||||||
echo "No auto-implementable TODOs — skipping"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
- echo "$TODO_COUNT safe TODO(s) to implement"
|
|
||||||
# Vault: authenticate via K8s SA JWT and fetch DevVM SSH key
|
|
||||||
- |
|
|
||||||
SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
|
|
||||||
VAULT_TOKEN=$(curl -sf -X POST http://vault-active.vault.svc.cluster.local:8200/v1/auth/kubernetes/login \
|
|
||||||
-d "{\"role\":\"ci\",\"jwt\":\"$SA_TOKEN\"}" | jq -r .auth.client_token)
|
|
||||||
if [ -z "$VAULT_TOKEN" ] || [ "$VAULT_TOKEN" = "null" ]; then
|
|
||||||
echo "ERROR: Vault authentication failed"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
- |
|
|
||||||
curl -sf -H "X-Vault-Token: $VAULT_TOKEN" \
|
|
||||||
http://vault-active.vault.svc.cluster.local:8200/v1/secret/data/ci/infra | \
|
|
||||||
jq -r '.data.data.devvm_ssh_key' > /tmp/devvm-key
|
|
||||||
chmod 600 /tmp/devvm-key
|
|
||||||
if [ ! -s /tmp/devvm-key ]; then
|
|
||||||
echo "ERROR: Failed to fetch DevVM SSH key from Vault"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
echo "SSH key fetched from Vault"
|
|
||||||
# SSH to DevVM and run Claude Code headless
|
|
||||||
- |
|
|
||||||
TODOS=$(cat /tmp/todos.json | tr '\n' ' ')
|
|
||||||
ssh -i /tmp/devvm-key -o StrictHostKeyChecking=no wizard@10.0.10.10 \
|
|
||||||
"cd ~/code/infra && git pull && claude -p \
|
|
||||||
--agent postmortem-todo-resolver \
|
|
||||||
--dangerously-skip-permissions \
|
|
||||||
--max-budget-usd 5 \
|
|
||||||
'Implement the auto-implementable TODOs from $PM_FILE. Parsed TODOs: $TODOS'"
|
|
||||||
- rm -f /tmp/devvm-key
|
|
||||||
|
|
||||||
- name: notify-slack
|
- name: notify-slack
|
||||||
image: alpine
|
image: alpine
|
||||||
commands:
|
commands:
|
||||||
- apk add --no-cache curl
|
- "apk add --no-cache curl"
|
||||||
- |
|
- "curl -sf -X POST \"https://hooks.slack.com/services/${SLACK_WEBHOOK}\" -H 'Content-Type: application/json' -d '{\"text\": \"Post-mortem TODO resolver pipeline completed\"}' || true"
|
||||||
PM_FILE=$(git diff HEAD~1 --name-only | grep 'docs/post-mortems/.*\.md' | head -1)
|
|
||||||
STATUS="${CI_PIPELINE_STATUS:-unknown}"
|
|
||||||
curl -sf -X POST "https://hooks.slack.com/services/$${SLACK_WEBHOOK}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
-d "{\"text\": \"*Post-mortem TODO resolver* ($STATUS)\\nFile: \`$PM_FILE\`\\nPipeline: ${CI_PIPELINE_URL:-N/A}\"}" || true
|
|
||||||
secrets:
|
secrets:
|
||||||
- slack_webhook
|
- slack_webhook
|
||||||
when:
|
when:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue