feat(deploy): runner artifact build + SSM rollout (dual-track sh/mjs, supersedes #901)#911
Draft
law-chain-hot wants to merge 10 commits into
Draft
feat(deploy): runner artifact build + SSM rollout (dual-track sh/mjs, supersedes #901)#911law-chain-hot wants to merge 10 commits into
law-chain-hot wants to merge 10 commits into
Conversation
Fleet re-runs and canary-then-fleet overlaps hit runners that already run the exact incoming bits. Compare sha256 of the incoming binary against the current symlink target before creating a release dir: identical -> log + exit 0. Hash comparison (not version label) keeps the no-op safe when a dev artifact reuses a version name.
The 'deferred' branch of verify_embedded_runtime_hash passed silently when no runtime cache dir existed yet — a runner whose embedded guest key could never materialize installed cleanly and then failed every box start with a hash mismatch. Now: wait up to 20s for the runner's self-extraction, verify the guest hash, and return FATAL on a miss so restart_with_target routes to the existing auto-rollback branch. Better no install than a runner that cannot start boxes.
…oad) Root fix for 'Guest binary hash mismatch' on dev artifacts: the build script now locates the embedded runtime dir BY the fresh guest's sha256 and packs it into the tarball as boxlite-runtime.tar.gz, so the shipped runtime always matches the compile-time key. Supersedes the interim same-binary skip and guest-extraction fuse on these files (to be re-evaluated on top of the new install flow if still needed).
PATH-shim fixture records the semantic command sequence (cargo/go/make/git/ tar/aws/curl) each implementation issues and byte-compares artifacts, sidecars, and the base64 SSM payload. Red until the .mjs twins land.
…rity) Line-for-line port of build-runner-binary.sh: same CLI, same artifact names, same sidecars, same command sequence (parity-tested). Selected at the orchestration layer via OPS_RUNNER_IMPL; bash stays the default.
…ority) Ports the local orchestrator half (region/instance resolution, artifact staging, S3 presign, SSM dispatch + poll). The remote upgrade payload is not duplicated: the .mjs parses the heredoc out of the sibling .sh at runtime and expands it with bash here-document semantics, so the two halves cannot drift. Parity test proves the SSM payload byte-identical.
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
8 tasks
Add BuildKit cache mounts (yarn Berry global cache, Go build + module caches) to the api/otel-collector/proxy/ssh-gateway/runner image builds so deps and compiled objects persist across builds instead of recompiling from cold every time. Also add the dockerfile:1 syntax header to the Go images. Layer ordering, build commands, and outputs are unchanged.
aa8824e to
85f3c36
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Product-side (boxlite) half of the Ops Console runner build + rollout capability. Supersedes #901 (older draft on the smoke branch, which self-flagged a stale base and a
START_BOXguest-hash bug).Contents:
scripts/deploy/{build-runner-binary,runner-update-binary}.{sh,mjs}— bash is the authority (adopted from ci(deploy): isolate non-release runner runtime caches #724's runtime-payload rewrite),.mjstwins added for the single-language orchestration direction. SSM remote payload is parsed from the.shat runtime (single payload authority, cannot drift).scripts/deploy/tests/parity/*— PATH-shim fixture that byte-compares the two implementations' command sequence, artifacts, and SSM payload.apps/infra/scripts/sst-with-cloudflare.mjs(+ self-host env sync from SSM),apps/infra/sst.config.ts, and the four service Dockerfile bumps that the deploy path needs.Coordinated release
This PR pairs with the Ops Console repo's
feat/ops-hardeningbranch (orchestration.mjs, per-job worktree isolation, evidence-to-S3, post-deploy smoke, promote-by-digest). Merge order: this PR tomainfirst, then repoint Ops ConsoleOPS_PRODUCT_REF/OPS_RUNNER_TOOL_REFfromcodex/ops-service-deploy-integrationtomain, then the Ops Console change.Verification
.sh/.mjs)i-0ee6bc569d5a1e9ef: build → artifact → S3 → SSM rollout → hot-adopt → health verified, both bash and js implementations, multiple runsmain(no conflicts)Draft because