mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 08:17:11 +00:00
a3fe2c63d8fefe533e5e2a85dc1cbfddf45cd7f7
4
Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
adf5a836fc |
fix: address reviewer findings round 2 (#1261 loop 2) (#1272)
* fix(docker): parameterize image with CCS_IMAGE env so smoke-test exercises new digest
docker/compose.yaml hardcoded image: ghcr.io/kaitranntt/ccs:latest, causing
network-contract.sh to always use the old published image regardless of what
IMAGE_OVERRIDE was passed. Switching to \${CCS_IMAGE:-ghcr.io/kaitranntt/ccs:latest}
lets CI pass CCS_IMAGE=<digest> so the smoke-test actually exercises the
just-built image. Default end-user behaviour is unchanged.
Resolves REV4 (reviewer loop 2, PR #1261).
* fix(test): image-size.sh fails loudly on manifest inspection failure
The --platform branch previously exited 0 when imagetools inspect returned
empty or zero bytes, silently passing the budget check. A broken image
could reach production undetected if buildx had any inspection issue.
Changed to exit 1 with a clear diagnostic message explaining possible causes
(old buildx, manifest format mismatch, image not yet pushed). No --allow-inspect-failure
escape hatch is provided; CI must fix the root cause.
Resolves REV5 (reviewer loop 2, PR #1261).
* test(docker): cover --platform branch in image-size-logic tests
Prior tests only exercised the local docker image inspect path. The
--platform branch (imagetools inspect) had zero coverage, meaning the
REV5 silent-pass regression would not have been caught by CI.
Added 5 mock-based test cases for the --platform branch:
- pass when platform-scoped compressed size < budget
- fail when platform-scoped compressed size > budget
- fail (exit 1) when imagetools inspect errors (REV5 guard)
- fail (exit 1) when reported size is "0" (REV5 guard)
- fail (exit 1) when size output is empty (REV5 guard)
Mocks follow the existing pattern (override docker in PATH with a temp
wrapper), extended to handle buildx imagetools inspect subcommand.
Resolves REV6 (reviewer loop 2, PR #1261).
* fix(test): compose-parity image_name() handles \${VAR:-default} syntax
After parameterizing compose.yaml's image field with \${CCS_IMAGE:-...},
the image_name() sed pipeline cut at the first colon in the shell variable
syntax (:-) instead of the tag separator, returning '\${CCS_IMAGE' and
failing the kaitranntt/ccs grep.
Added a sed step to unwrap \${VAR:-default} by extracting just the default
value before stripping the tag. Existing plain image: name:tag references
are unaffected.
|
||
|
|
78004746be |
fix: address upstream reviewer findings + failing CI checks (#1261 loop 1) (#1271)
* fix(ci): breaking-change-guard skips missing base files (CI-1) Guard each git-show call with git cat-file -e existence check before attempting to read docker/compose.yaml from the base branch. When the file doesn't exist on the base (new file in this PR), the script would crash with "fatal: path exists on disk but not in origin/dev". New files can't cause a contract regression, so we exit early with breaking=0. * style: prettier reformat unrelated drift (CI-2) Two files had minor formatting drift from earlier umbrella PRs: - src/cliproxy/quota/quota-manager.ts - src/management/checks/image-analysis-check.ts No logic changes — formatter-only pass to unblock CI format:check. * fix(test): update trusted-author gate count to 4 in ci-workflow test (CI-3) PR #1260 added a compose-parity job to ci.yml. That job runs on self-hosted runners using PR-provided checkout, so it legitimately requires the trusted-author guard (same as validate, build, test). The test expected 3 occurrences; the correct count is now 4: validate (matrix), build, test, compose-parity. * fix(ci): smoke-test passes compose path + image ref to network-contract (REV-1) network-contract.sh signature is: <compose-file> [image-ref] The smoke-test job was calling it as: bash tests/docker/network-contract.sh "${{ steps.image.outputs.ref }}" which placed the image ref in the compose-file position ($1), causing the script to try docker compose -f <image-ref> which fails. Corrected to: bash tests/docker/network-contract.sh docker/compose.yaml "${{ steps.image.outputs.ref }}" Also removes publish-dashboard from smoke-test.needs (REV-2): when publish-dashboard is SKIPPED on prerelease events, GitHub Actions propagates the skip to downstream jobs, so smoke-test and promote-mutable-tags were silently skipped on every rc.N publish. smoke-test only verifies the integrated image; it has no dependency on the legacy dashboard image job. * docs(docker): annotate /root/.ccs path in compose volume (REV-3 clarification) The reviewer raised a concern that the compose volume mounts /root/.ccs but the entrypoint might default to /home/node/.ccs. This is a false positive: the integrated image uses entrypoint-integrated.sh (not entrypoint.sh), which runs under supervisord with user=root and explicitly mkdir -p /root/.ccs. HOME is /root inside the container. The volume mount at /root/.ccs is correct. Added an inline comment documenting the reasoning so future reviewers do not confuse entrypoint.sh (legacy dashboard image) with entrypoint-integrated.sh (integrated image). * fix(ci): gate docs-parity pull_request job to trusted authors docs-parity.yml runs on a self-hosted runner and checks out PR code. The self-hosted-runner-policy test requires any such workflow to include the trusted-author guard. The workflow was missing the guard, causing bun test:fast to fail with 1 failure. Allow push events (no author check needed — push is to own branch) and trusted-contributor PRs only. |
||
|
|
107b5b5db4 |
fix(docker): apply red-team findings — drop :full, rc.1 soak, healthcheck, signing (#1251) (#1262)
* docs(quickstart): fix raw URL for corporate-proxy fallback (H1) * feat(docker)!: drop :full image variant — use sibling containers on ccs-net (Q3) No AI CLIs (claude-code/gemini-cli/grok-cli/opencode) are bundled in the image. Use sibling containers attached to ccs-net instead. See docker/README.md#connect-your-app-to-cliproxy. Also removes bash from apk deps (entrypoint uses #!/bin/sh — L2). ci(docker): publish only immutable :<ver> tag pre-smoke; promote-mutable-tags job adds :latest/:MAJOR/:MINOR aliases only after smoke tests pass (H3) ci(docker): smoke-test-compose-url runs network-contract.sh against the downloaded /tmp/ccs-compose.yaml instead of re-cloning the repo (H4) ci(docker): sign published images with cosign keyless OIDC + attach provenance/SBOM via build-push-action (M8) test(docker): network-contract.sh now accepts compose-file and image-ref positional args; replaces python3 healthcheck parser with jq (L4) * chore(release): cut every main release as rc.N prerelease, manual promote flow (H2) - .releaserc.cjs: main branch now uses prerelease 'rc' channel — every semantic-release cut becomes vX.Y.Z-rc.N - add promote-release.yml: workflow_dispatch flips rc → stable via 'gh release edit --prerelease=false'; triggers docker promote-mutable-tags - add docs/release-process.md: full soak + promote procedure, rollback steps, cosign verification command - releaseNotesGenerator: add revert section, document chore hidden behaviour (L8) * fix(docker): healthcheck probes both dashboard and cliproxy ports (M1) compose.yaml healthcheck now checks :3000 and :8317 concurrently with a 4.5s internal timeout, within Docker's 5s timeout budget. Also: - docs(docker): document npm lockfile ephemeral tradeoff above install layer; note size-budget regression test as the practical safeguard (M3) - docs(docker): drop :full row from Choosing an image table; add sibling container note pointing to connect-your-app-to-cliproxy (Q3/docs) - docs(docker): remove :full docker run block; fix release-tag sentence (Q3) - docs(docker): fix raw URL in migration section (H1 parity) - docs(docker): add Volume warning — 'down -v' deletes named volumes (L13) - docs(docker): update What changes table — remove :full reference (Q3) - docs(docker): add Image Signatures and SBOM section with cosign verify and sbom download commands (M8/docs) - changelog: add Unreleased entries for rc soak, cosign signing, :full removal with migration guidance * ci(docker): assert image-size budget per platform; add compose parity + breaking-change guard (M6/L9/L12) - image-size.sh: add --platform flag; uses 'docker buildx imagetools inspect' to sum compressed layer sizes from registry manifest for linux/amd64 and linux/arm64 separately (M6) - docker-release.yml smoke-test: runs size check for both platforms - compose-parity.sh: diffs docker/compose.yaml vs docker/docker-compose.integrated.yml for image name, ports 3000/8317, volume mounts /root/.ccs and /var/log/ccs, ccs-net definition (L12) - ci.yml: add compose-parity job wired to cliproxy runner (L12) - breaking-change-guard.yml: fails PR if compose.yaml changes image name, network name, or container_name without a feat!/fix! commit (L9) * chore(ci): fix cosign shell substitution — use tr instead of bash @L expansion (L6/nit) * test(docker): fix compose-parity port regex for variable-interpolated host ports |
||
|
|
fbaac6a9ba |
feat(docker): canonical compose.yaml + smoke-test (P2 of #1251) (#1258)
* feat(docker): add canonical compose.yaml for zero-install flow (#1251) * ci(docker): smoke-test ccs.kaitran.ca/docker-compose.yaml on release + nightly (#1251) |