name: phase6-smoke on: workflow_dispatch: inputs: ssh_host: description: "NODA1 SSH host (optional override)" required: false type: string ssh_user: description: "NODA1 SSH user (optional override, default root)" required: false type: string workflow_call: inputs: ssh_host: required: false type: string ssh_user: required: false type: string secrets: NODA1_SSH_HOST: required: false NODA1_SSH_USER: required: false NODA1_SSH_KEY: required: true workflow_run: workflows: - Deploy Node1 - deploy-node1 - deploy-node1-runtime types: - completed jobs: phase6-smoke: if: > github.event_name == 'workflow_dispatch' || github.event_name == 'workflow_call' || (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') runs-on: ubuntu-latest timeout-minutes: 5 env: DEFAULT_SSH_HOST: ${{ secrets.NODA1_SSH_HOST }} DEFAULT_SSH_USER: ${{ secrets.NODA1_SSH_USER }} steps: - name: Resolve SSH target shell: bash run: | set -euo pipefail host="${DEFAULT_SSH_HOST}" user="${DEFAULT_SSH_USER:-root}" if [ "${{ github.event_name }}" = "workflow_dispatch" ] || [ "${{ github.event_name }}" = "workflow_call" ]; then if [ -n "${{ inputs.ssh_host }}" ]; then host="${{ inputs.ssh_host }}" fi if [ -n "${{ inputs.ssh_user }}" ]; then user="${{ inputs.ssh_user }}" fi fi if [ -z "${host}" ]; then echo "Missing SSH host (workflow input or secret NODA1_SSH_HOST)" >&2 exit 1 fi echo "SSH_HOST=${host}" >> "${GITHUB_ENV}" echo "SSH_USER=${user:-root}" >> "${GITHUB_ENV}" - name: Prepare SSH key shell: bash env: SSH_PRIVATE_KEY: ${{ secrets.NODA1_SSH_KEY }} run: | set -euo pipefail set +x if [ -z "${SSH_PRIVATE_KEY}" ]; then echo "Missing secret NODA1_SSH_KEY" >&2 exit 1 fi mkdir -p ~/.ssh chmod 700 ~/.ssh key_path=~/.ssh/noda1_ci_key if printf '%s' "${SSH_PRIVATE_KEY}" | grep -q 'BEGIN OPENSSH PRIVATE KEY'; then printf '%s\n' "${SSH_PRIVATE_KEY}" | tr -d '\r' > "${key_path}" else # Support base64-encoded key payloads in secrets as a fallback. printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | base64 --decode > "${key_path}" fi chmod 600 "${key_path}" if ! ssh-keygen -y -f "${key_path}" >/dev/null 2>&1; then echo "Invalid SSH private key in NODA1_SSH_KEY" >&2 exit 1 fi echo "SSH_KEY_PATH=${key_path}" >> "${GITHUB_ENV}" - name: Run phase6 smoke (retry once) shell: bash run: | set -euo pipefail set +x mkdir -p artifacts for attempt in 1 2; do log="artifacts/phase6-smoke-attempt${attempt}.log" if ssh \ -i "${SSH_KEY_PATH}" \ -o BatchMode=yes \ -o IdentitiesOnly=yes \ -o StrictHostKeyChecking=accept-new \ -o ConnectTimeout=10 \ "${SSH_USER}@${SSH_HOST}" \ "set -euo pipefail; cd /opt/microdao-daarion; git rev-parse HEAD; make phase6-smoke" \ | tee "${log}"; then cp "${log}" artifacts/phase6-smoke.log exit 0 fi if [ "${attempt}" -eq 2 ]; then echo "phase6 smoke failed after retry" >&2 exit 1 fi sleep 15 done - name: Upload smoke logs if: always() uses: actions/upload-artifact@v4 with: name: phase6-smoke-logs path: artifacts/ if-no-files-found: ignore