From 5a76c5ed062b921b8a46091d4df9e87e75174cf6 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Thu, 25 Jun 2026 22:47:14 +0800 Subject: [PATCH] fix(deploy): on-host bootstrap defaults to online mode (pull fixed main playbooks) The deploy job ran curl|bash with no AI_WORKSPACE_OFFLINE_MODE -> auto -> stale offline package, which still ships the pinned-Chrome / root-PGDATA playbooks that were already fixed in playbooks main. Pipeline kept failing at the Chrome task. - run-on-host-bootstrap.sh: thread AI_WORKSPACE_OFFLINE_MODE (default off) into the remote env so the bootstrap git-clones latest main instead of the stale package. - workflow: add offline_mode input (off|auto|force, default off); flip back to auto once the offline package is republished with the fixes. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/deploy-ai-workspace-iac.yaml | 9 +++++++++ scripts/run-on-host-bootstrap.sh | 7 ++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy-ai-workspace-iac.yaml b/.github/workflows/deploy-ai-workspace-iac.yaml index b946c3d..bce1fc9 100644 --- a/.github/workflows/deploy-ai-workspace-iac.yaml +++ b/.github/workflows/deploy-ai-workspace-iac.yaml @@ -76,6 +76,12 @@ on: required: false default: "" type: string + offline_mode: + description: "on-host 离线包模式: off=在线拉最新 main(默认,离线包落后时用); auto=离线加速; force=强制离线" + required: false + default: "off" + type: choice + options: ["off", "auto", "force"] terraform_action: description: "apply 创建/更新,destroy 销毁" required: false @@ -359,6 +365,9 @@ jobs: MATRIX_HOST: ${{ matrix.host }} CMDB_PATH: cmdb/cmdb.json SSH_KEY_PATH: ~/.ssh/id_deploy + # 离线包落后于 main 时用在线模式拉最新 playbook(见 run-on-host-bootstrap.sh)。 + # 离线包重新发布后可设为 auto 恢复离线加速。 + AI_WORKSPACE_OFFLINE_MODE: ${{ github.event.inputs.offline_mode || 'off' }} XWORKMATE_BRIDGE_DOMAIN: ${{ github.event.inputs.bridge_domain }} DEEPSEEK_API_KEY: ${{ steps.vault.outputs.DEEPSEEK_API_KEY }} NVIDIA_API_KEY: ${{ steps.vault.outputs.NVIDIA_API_KEY }} diff --git a/scripts/run-on-host-bootstrap.sh b/scripts/run-on-host-bootstrap.sh index acfdd60..888c5f2 100644 --- a/scripts/run-on-host-bootstrap.sh +++ b/scripts/run-on-host-bootstrap.sh @@ -39,7 +39,12 @@ echo "Bootstrapping ${host} (${user}@${ip}) on-host, domain=${domain:-} .. remote_payload="$(mktemp)" trap 'rm -f "$remote_payload"' EXIT +# 离线包是按 release 快照打包的;当其落后于 playbooks main(如 Chrome 版本钉点、 +# postgres PGDATA 属主等已在 main 修复但未重新发包)时,默认 offline=auto 会用到 +# 过期 playbook 导致部署失败。默认 off,让 on-host 引导在线 git clone 最新 main; +# 待离线包重新发布后可改回 auto 以恢复离线加速。 { + printf 'AI_WORKSPACE_OFFLINE_MODE=%q\n' "${AI_WORKSPACE_OFFLINE_MODE:-off}" printf 'XWORKMATE_BRIDGE_DOMAIN=%q\n' "$domain" printf 'DEEPSEEK_API_KEY=%q\n' "${DEEPSEEK_API_KEY:-}" printf 'NVIDIA_API_KEY=%q\n' "${NVIDIA_API_KEY:-}" @@ -62,7 +67,7 @@ fi ( set +e source "$remote_env" - export XWORKMATE_BRIDGE_DOMAIN DEEPSEEK_API_KEY NVIDIA_API_KEY OLLAMA_API_KEY + export AI_WORKSPACE_OFFLINE_MODE XWORKMATE_BRIDGE_DOMAIN DEEPSEEK_API_KEY NVIDIA_API_KEY OLLAMA_API_KEY bash -lc 'curl -sfL https://install.svc.plus/ai-workspace | bash -' rc=$? printf '%s\n' "$rc" > "$remote_rc"