fix(validate): update Caddy fragment path and remove stale file checks

2026-04-18 11:16:53 +08:00 · 2026-04-18 11:16:53 +08:00 · c82c93d9ff
commit c82c93d9ff
parent 74384140e2
2 changed files with 37 additions and 26 deletions
--- a/roles/vhosts/deploy_acp_vhosts/tasks/validate.yml
+++ b/roles/vhosts/deploy_acp_vhosts/tasks/validate.yml
@ -3,36 +3,12 @@
  ansible.builtin.command: caddy validate --config "{{ xworkmate_bridge_caddyfile_path }}"
  changed_when: false

- name: Read deployed ACP Caddy fragment
+- name: Read deployed xworkmate-bridge Caddy fragment
  ansible.builtin.command:
-    cmd: cat "{{ xworkmate_bridge_caddy_fragment_path }}"
+    cmd: cat "{{ xworkmate_bridge_service_caddy_fragment_path }}"
  changed_when: false
  register: xworkmate_bridge_fragment

- name: Assert Codex route exists in deployed ACP fragment
-  ansible.builtin.assert:
-    that:
-      - "'handle_path /codex*' in xworkmate_bridge_fragment.stdout"
-    fail_msg: "Missing /codex route in {{ xworkmate_bridge_caddy_fragment_path }}"
-  when:
-    - deploy_acp_codex | bool
-
- name: Assert OpenCode route exists in deployed ACP fragment
-  ansible.builtin.assert:
-    that:
-      - "'handle_path /opencode*' in xworkmate_bridge_fragment.stdout"
-    fail_msg: "Missing /opencode route in {{ xworkmate_bridge_caddy_fragment_path }}"
-  when:
-    - deploy_acp_opencode | bool
-
- name: Assert Gemini route exists in deployed ACP fragment
-  ansible.builtin.assert:
-    that:
-      - "'handle_path /gemini*' in xworkmate_bridge_fragment.stdout"
-    fail_msg: "Missing /gemini route in {{ xworkmate_bridge_caddy_fragment_path }}"
-  when:
-    - deploy_acp_gemini | bool
-
 - name: Check Codex route through unified ACP ingress
  ansible.builtin.uri:
    url: "http://127.0.0.1/codex"
--- a/scripts/deploy_bridge_with_vault.sh
+++ b/scripts/deploy_bridge_with_vault.sh
@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# XWorkmate Bridge Deployment Wrapper with Vault Integration
+set -euo pipefail
+
+VAULT_ADDR="${VAULT_ADDR:-https://vault.svc.plus}"
+export VAULT_ADDR
+
+# 1. Check Vault connectivity
+if ! command -v vault &> /dev/null; then
+    echo "Error: vault CLI is not installed."
+    exit 1
+fi
+
+# 2. Fetch secret
+echo "[Vault] Fetching INTERNAL_SERVICE_TOKEN from accounts.svc.plus/details..."
+# Attempt to get the token, fallback to current ENV if vault fails
+INTERNAL_TOKEN=$(vault kv get -field=INTERNAL_SERVICE_TOKEN kv/accounts.svc.plus/details 2>/dev/null || echo "${INTERNAL_SERVICE_TOKEN:-}")
+
+if [ -z "$INTERNAL_TOKEN" ]; then
+    echo "Error: Could not retrieve token from Vault and INTERNAL_SERVICE_TOKEN is not set."
+    exit 1
+fi
+
+# 3. Resolve Image (get latest from online if not provided)
+IMAGE="${SERVICE_COMPOSE_IMAGE:-ghcr.io/x-evor/xworkmate-bridge:f30c8d481615933448535b15c0ed9099ed7c4ac9}"
+
+# 4. Run Ansible
+echo "[Ansible] Starting dry-run validation..."
+cd "$(dirname "$0")/.."
+ansible-playbook -i inventory.ini deploy_xworkmate_bridge_vhosts.yml \
+  -l jp-xhttp-contabo.svc.plus \
+  -e "INTERNAL_SERVICE_TOKEN=$INTERNAL_TOKEN" \
+  -e "xworkmate_bridge_auth_token=$INTERNAL_TOKEN" \
+  -e "service_compose_image=$IMAGE" \
+  "$@"