47 lines
1.4 KiB
Markdown
47 lines
1.4 KiB
Markdown
# Deploy Gate (Gitea)
|
|
|
|
## Purpose
|
|
|
|
`deploy-node1-runtime` is a hard release gate for NODA1 runtime changes:
|
|
|
|
1. `deploy` job syncs target git ref on NODA1 (and can optionally rebuild `gateway` + `experience-learner`).
|
|
2. `phase6_gate` job runs `make phase6-smoke` on NODA1.
|
|
3. If `phase6_gate` fails, the workflow fails.
|
|
|
|
This prevents a deploy from being considered successful without a Phase-6 closed-loop smoke pass.
|
|
|
|
## Workflow
|
|
|
|
File: `.gitea/workflows/deploy-node1-runtime.yml`
|
|
|
|
Manual trigger inputs:
|
|
|
|
- `deploy_ref` (default: `main`)
|
|
- `redeploy_runtime` (default: `false`)
|
|
- `ssh_host` (optional override)
|
|
- `ssh_user` (optional override, default `root`)
|
|
|
|
Required repo secrets:
|
|
|
|
- `NODA1_SSH_HOST`
|
|
- `NODA1_SSH_USER`
|
|
- `NODA1_SSH_KEY`
|
|
|
|
## Safety notes
|
|
|
|
- `redeploy_runtime=false` only syncs git on NODA1 and runs gate checks.
|
|
- `redeploy_runtime=true` recreates `gateway` and `experience-learner` containers.
|
|
- If NODA1 git tree is dirty, workflow skips checkout/pull and still enforces `phase6_gate` (safe mode for live nodes).
|
|
- Workflow uses SSH key validation and `IdentitiesOnly=yes` to avoid host key collisions.
|
|
|
|
## Expected PASS
|
|
|
|
- `deploy` job: successful SSH sync of selected `deploy_ref`.
|
|
- `phase6_gate` job: `make phase6-smoke` returns PASS.
|
|
- Workflow conclusion: `success`.
|
|
|
|
## Failure handling
|
|
|
|
- SSH/network issues: one retry is attempted in gate step.
|
|
- Gate FAIL: treat as release blocker, inspect `artifacts/phase6-gate*.log`.
|