From 526738dd7572da2377192000eb7650731fa75c13 Mon Sep 17 00:00:00 2001 From: Apple Date: Thu, 5 Mar 2026 11:35:56 -0800 Subject: [PATCH] ci(gitea): guard deploy sync when NODA1 origin is not deploy-safe --- .gitea/workflows/deploy-node1-runtime.yml | 3 +++ docs/ops/deploy_gate.md | 1 + 2 files changed, 4 insertions(+) diff --git a/.gitea/workflows/deploy-node1-runtime.yml b/.gitea/workflows/deploy-node1-runtime.yml index 524e61b1..289fe0aa 100644 --- a/.gitea/workflows/deploy-node1-runtime.yml +++ b/.gitea/workflows/deploy-node1-runtime.yml @@ -100,8 +100,11 @@ jobs: "${SSH_USER}@${SSH_HOST}" \ "set -euo pipefail; \ cd /opt/microdao-daarion; \ + origin_url=\$(git remote get-url origin 2>/dev/null || true); \ if [ -n \"\$(git status --porcelain)\" ]; then \ echo 'WARN: dirty git tree on NODA1; skip checkout/pull and continue with gate'; \ + elif ! printf '%s' \"\$origin_url\" | grep -Eq 'daarion-admin/microdao-daarion(\\.git)?$'; then \ + echo \"WARN: origin remote (\$origin_url) is not deploy-safe; skip checkout/pull and continue with gate\"; \ else \ git fetch origin; \ git checkout '${DEPLOY_REF:-main}'; \ diff --git a/docs/ops/deploy_gate.md b/docs/ops/deploy_gate.md index f43c4116..e910ddaf 100644 --- a/docs/ops/deploy_gate.md +++ b/docs/ops/deploy_gate.md @@ -32,6 +32,7 @@ Required repo secrets: - `redeploy_runtime=false` only syncs git on NODA1 and runs gate checks. - `redeploy_runtime=true` recreates `gateway` and `experience-learner` containers. - If NODA1 git tree is dirty, workflow skips checkout/pull and still enforces `phase6_gate` (safe mode for live nodes). +- If NODA1 `origin` remote is not the expected deploy-safe repo, workflow skips checkout/pull and still enforces `phase6_gate` (prevents accidental downgrade from a stale remote). - Workflow uses SSH key validation and `IdentitiesOnly=yes` to avoid host key collisions. ## Expected PASS -- 2.50.1 (Apple Git-155)