refactor(ci): 将 render_backend_tf.py 移至 ai-workspace-infra vultr-vps/scripts/
脚本从 xworkspace-console/scripts/ 移入 ai-workspace-infra 的 vultr-vps/scripts/,通过已有的 Checkout iac_modules 步骤引用, 无需额外 self-checkout xw-console;workflow 和 CLAUDE.md 同步更新路径。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
9b3687e189
commit
12d9bb327f
@ -153,11 +153,6 @@ jobs:
|
|||||||
fi
|
fi
|
||||||
[ "$missing" -eq 0 ] || { echo "::error::必需机密缺失,终止 provision"; exit 1; }
|
[ "$missing" -eq 0 ] || { echo "::error::必需机密缺失,终止 provision"; exit 1; }
|
||||||
|
|
||||||
- name: Checkout xworkspace-console (scripts)
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
path: xw-console
|
|
||||||
|
|
||||||
- name: Checkout iac_modules
|
- name: Checkout iac_modules
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
with:
|
with:
|
||||||
@ -188,7 +183,7 @@ jobs:
|
|||||||
working-directory: ${{ env.ENV_DIR }}
|
working-directory: ${{ env.ENV_DIR }}
|
||||||
env:
|
env:
|
||||||
TF_STATE_ENDPOINT: ${{ steps.vault.outputs.TF_STATE_ENDPOINT }}
|
TF_STATE_ENDPOINT: ${{ steps.vault.outputs.TF_STATE_ENDPOINT }}
|
||||||
run: python3 $GITHUB_WORKSPACE/xw-console/scripts/render_backend_tf.py backend.tf
|
run: python3 $GITHUB_WORKSPACE/${{ env.VPS_ROOT }}/scripts/render_backend_tf.py backend.tf
|
||||||
|
|
||||||
- name: generate.py render (YAML -> 显式 HCL + tfvars)
|
- name: generate.py render (YAML -> 显式 HCL + tfvars)
|
||||||
working-directory: ${{ env.VPS_ROOT }}
|
working-directory: ${{ env.VPS_ROOT }}
|
||||||
|
|||||||
13
CLAUDE.md
13
CLAUDE.md
@ -28,19 +28,16 @@ run: |
|
|||||||
**正确做法:外置脚本,workflow 只做调用。**
|
**正确做法:外置脚本,workflow 只做调用。**
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
# ✅ 正确 — 外置 Python 脚本
|
# ✅ 正确 — 外置 Python 脚本(放在 infra repo,通过已有 checkout 引用)
|
||||||
- name: Checkout xworkspace-console (scripts)
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
path: xw-console
|
|
||||||
|
|
||||||
- name: Configure remote backend
|
- name: Configure remote backend
|
||||||
env:
|
env:
|
||||||
TF_STATE_ENDPOINT: ${{ steps.vault.outputs.TF_STATE_ENDPOINT }}
|
TF_STATE_ENDPOINT: ${{ steps.vault.outputs.TF_STATE_ENDPOINT }}
|
||||||
run: python3 $GITHUB_WORKSPACE/xw-console/scripts/render_backend_tf.py backend.tf
|
run: python3 $GITHUB_WORKSPACE/${{ env.VPS_ROOT }}/scripts/render_backend_tf.py backend.tf
|
||||||
```
|
```
|
||||||
|
|
||||||
脚本存放在 `scripts/` 目录,命名规范 `动词_名词.py` 或 `动词-名词.sh`。
|
渲染脚本存放在 `ai-workspace-infra/iac_modules/terraform-hcl-standard/vultr-vps/scripts/`,
|
||||||
|
通过 workflow 内已有的 `Checkout iac_modules` 步骤引用,无需额外 self-checkout。
|
||||||
|
workflow 内的 `run:` 块调用外置脚本,命名规范 `动词_名词.py` 或 `动词-名词.sh`。
|
||||||
|
|
||||||
### 其他规范
|
### 其他规范
|
||||||
|
|
||||||
|
|||||||
@ -1,38 +0,0 @@
|
|||||||
#!/usr/bin/env python3
|
|
||||||
"""
|
|
||||||
渲染 Terraform S3 backend 配置文件(backend.tf)。
|
|
||||||
|
|
||||||
用法:
|
|
||||||
TF_STATE_ENDPOINT=https://... python3 render_backend_tf.py [output_path]
|
|
||||||
|
|
||||||
默认输出到当前目录的 backend.tf(terraform init 的 working-directory 里执行)。
|
|
||||||
"""
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
|
|
||||||
endpoint = os.environ.get("TF_STATE_ENDPOINT", "")
|
|
||||||
if not endpoint:
|
|
||||||
print("ERROR: TF_STATE_ENDPOINT is not set", file=sys.stderr)
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
output = sys.argv[1] if len(sys.argv) > 1 else "backend.tf"
|
|
||||||
|
|
||||||
content = f"""\
|
|
||||||
terraform {{
|
|
||||||
backend "s3" {{
|
|
||||||
endpoints = {{ s3 = "{endpoint}" }}
|
|
||||||
skip_credentials_validation = true
|
|
||||||
skip_region_validation = true
|
|
||||||
skip_requesting_account_id = true
|
|
||||||
skip_metadata_api_check = true
|
|
||||||
skip_s3_checksum = true
|
|
||||||
use_path_style = true
|
|
||||||
}}
|
|
||||||
}}
|
|
||||||
"""
|
|
||||||
|
|
||||||
with open(output, "w") as f:
|
|
||||||
f.write(content)
|
|
||||||
|
|
||||||
print(f"backend.tf written to {output}")
|
|
||||||
print(f" endpoint = {endpoint[:40]}...")
|
|
||||||
Loading…
Reference in New Issue
Block a user