ci(gitea): guard deploy sync when NODA1 origin is not deploy-safe
This commit is contained in:
Apple
@@ -100,8 +100,11 @@ jobs:
|
||||
"${SSH_USER}@${SSH_HOST}" \
|
||||
"set -euo pipefail; \
|
||||
cd /opt/microdao-daarion; \
|
||||
origin_url=\$(git remote get-url origin 2>/dev/null || true); \
|
||||
if [ -n \"\$(git status --porcelain)\" ]; then \
|
||||
echo 'WARN: dirty git tree on NODA1; skip checkout/pull and continue with gate'; \
|
||||
elif ! printf '%s' \"\$origin_url\" | grep -Eq 'daarion-admin/microdao-daarion(\\.git)?$'; then \
|
||||
echo \"WARN: origin remote (\$origin_url) is not deploy-safe; skip checkout/pull and continue with gate\"; \
|
||||
else \
|
||||
git fetch origin; \
|
||||
git checkout '${DEPLOY_REF:-main}'; \
|
||||
|
||||
@@ -32,6 +32,7 @@ Required repo secrets:
|
||||
- `redeploy_runtime=false` only syncs git on NODA1 and runs gate checks.
|
||||
- `redeploy_runtime=true` recreates `gateway` and `experience-learner` containers.
|
||||
- If NODA1 git tree is dirty, workflow skips checkout/pull and still enforces `phase6_gate` (safe mode for live nodes).
|
||||
- If NODA1 `origin` remote is not the expected deploy-safe repo, workflow skips checkout/pull and still enforces `phase6_gate` (prevents accidental downgrade from a stale remote).
|
||||
- Workflow uses SSH key validation and `IdentitiesOnly=yes` to avoid host key collisions.
|
||||
|
||||
## Expected PASS
|
||||
|
||||
Reference in New Issue
Block a user