mirror of
https://github.com/openclaw/clawdinators.git
synced 2026-07-01 20:24:02 -04:00
🤖 fix: remove inline remote deploy logic from fleet switch
What: - move host-side nixos switch + revision verification into scripts/remote-fleet-switch-host.sh - update scripts/fleet-switch-nixos.sh to fetch and execute the committed remote script at the target git rev - keep canary host loop behavior unchanged while eliminating inline remote bash payload logic Why: - prevent local shell interpolation bugs in deploy assertions - align deploy flow with repo rule: put logic in script files and call them - make host-side deploy verification easier to audit and reason about Tests: - nix shell nixpkgs#shellcheck nixpkgs#shfmt -c sh -c "find scripts -type f -name *.sh -print0 | xargs -0 shellcheck -S warning && find scripts -type f -name *.sh -print0 | xargs -0 shfmt -i 2 -ci -sr -d"
This commit is contained in:
@@ -22,8 +22,11 @@ for host in "${hosts[@]}"; do
|
||||
instance_id="$(bash scripts/aws-resolve-instance-id.sh "${host}")"
|
||||
|
||||
# Run everything under bash -lc so PATH + profiles behave similarly to an interactive session.
|
||||
# We also force flakes enabled for safety.
|
||||
# Execute remote switch logic from a committed script (no inline deployment logic).
|
||||
remote_script_url="https://raw.githubusercontent.com/openclaw/clawdinators/${rev}/scripts/remote-fleet-switch-host.sh"
|
||||
remote_switch_cmd="$(printf 'set -euo pipefail; curl -fsSL %q -o /tmp/remote-fleet-switch-host.sh; chmod 700 /tmp/remote-fleet-switch-host.sh; /tmp/remote-fleet-switch-host.sh %q %q' "${remote_script_url}" "${rev}" "${host}")"
|
||||
|
||||
bash scripts/aws-ssm-run.sh "${instance_id}" \
|
||||
"bash -lc 'set -euo pipefail; export NIX_CONFIG=\"experimental-features = nix-command flakes\"; nixos-rebuild switch --accept-flake-config --flake github:openclaw/clawdinators/${rev}#${host}; systemctl is-active clawdinator; install -d -m 0755 /var/lib/clawd/deploy; date -Is > /var/lib/clawd/deploy/last-switch.time; echo ${rev} > /var/lib/clawd/deploy/last-switch.rev; test \"$(cat /run/current-system/configurationRevision 2> /dev/null || true)\" = \"${rev}\"'"
|
||||
"bash -lc $(printf '%q' "${remote_switch_cmd}")"
|
||||
|
||||
done
|
||||
|
||||
Executable
+29
@@ -0,0 +1,29 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if [ "$#" -ne 2 ]; then
|
||||
echo "usage: $0 <git-rev> <host>" >&2
|
||||
exit 2
|
||||
fi
|
||||
|
||||
rev="$1"
|
||||
host="$2"
|
||||
|
||||
export NIX_CONFIG="experimental-features = nix-command flakes"
|
||||
|
||||
nixos-rebuild switch --accept-flake-config --flake "github:openclaw/clawdinators/${rev}#${host}"
|
||||
systemctl is-active clawdinator
|
||||
|
||||
install -d -m 0755 /var/lib/clawd/deploy
|
||||
date -Is > /var/lib/clawd/deploy/last-switch.time
|
||||
echo "${rev}" > /var/lib/clawd/deploy/last-switch.rev
|
||||
|
||||
current_rev="$(cat /run/current-system/configurationRevision 2> /dev/null || true)"
|
||||
if [ -z "${current_rev}" ]; then
|
||||
current_rev="$(nixos-version --json 2> /dev/null | sed -n 's/.*"configurationRevision":"\([^"]*\)".*/\1/p' | head -n 1 || true)"
|
||||
fi
|
||||
|
||||
if [ "${current_rev}" != "${rev}" ]; then
|
||||
echo "configurationRevision mismatch: expected ${rev}, got ${current_rev:-<empty>}" >&2
|
||||
exit 1
|
||||
fi
|
||||
Reference in New Issue
Block a user