From fe479bc4b463fbad86faa3b935d829bc66739132 Mon Sep 17 00:00:00 2001
From: Haitao Pan <haitaopanhq@gmail.com>
Date: Wed, 24 Jun 2026 15:56:45 +0800
Subject: [PATCH] ci(deploy-iac): pass XWORKMATE_BRIDGE_DOMAIN (override or
 CMDB service_domains) to on-host bootstrap

New optional 'bridge_domain' input overrides; otherwise derive from each host's
cmdb.json host_vars.service_domains (first entry) and inject as
XWORKMATE_BRIDGE_DOMAIN so the host sets /etc/hostname + xworkmate-bridge.caddy
from it (on-host model has no inventory hostvars).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---
 .github/workflows/deploy-ai-workspace-iac.yaml | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/deploy-ai-workspace-iac.yaml b/.github/workflows/deploy-ai-workspace-iac.yaml
index e01c1a0..08aee72 100644
--- a/.github/workflows/deploy-ai-workspace-iac.yaml
+++ b/.github/workflows/deploy-ai-workspace-iac.yaml
@@ -35,6 +35,11 @@ on:
         required: false
         default: "main"
         type: string
+      bridge_domain:
+        description: "XWORKMATE_BRIDGE_DOMAIN 覆盖(留空则取各主机 CMDB service_domains)"
+        required: false
+        default: ""
+        type: string
       terraform_action:
         description: "apply 创建/更新，destroy 销毁"
         required: false
@@ -272,13 +277,21 @@ jobs:
           set -euo pipefail
           ip="$(jq -r '.["${{ matrix.host }}"].ip' cmdb/cmdb.json)"
           user="$(jq -r '.["${{ matrix.host }}"].ansible_user // "root"' cmdb/cmdb.json)"
-          echo "Bootstrapping ${{ matrix.host }} (${user}@${ip}) on-host ..."
+          # bridge 域名 = operator 覆盖(input) 否则各主机 CMDB service_domains 的首个，
+          # 用作 /etc/hostname 与 xworkmate-bridge.caddy；on-host 模型拿不到 inventory，
+          # 故由流水线作为 XWORKMATE_BRIDGE_DOMAIN env 注入。
+          domain='${{ github.event.inputs.bridge_domain }}'
+          if [ -z "$domain" ]; then
+            domain="$(jq -r '.["${{ matrix.host }}"].host_vars.service_domains // ""' cmdb/cmdb.json | cut -d, -f1 | tr -d ' ')"
+          fi
+          echo "Bootstrapping ${{ matrix.host }} (${user}@${ip}) on-host, domain=${domain:-<none>} ..."
           ssh -i ~/.ssh/id_deploy \
             -o StrictHostKeyChecking=accept-new \
             -o ServerAliveInterval=20 -o ServerAliveCountMax=15 \
             -o ConnectTimeout=20 \
             "${user}@${ip}" \
-            "DEEPSEEK_API_KEY='${DEEPSEEK_API_KEY}' \
+            "XWORKMATE_BRIDGE_DOMAIN='${domain}' \
+             DEEPSEEK_API_KEY='${DEEPSEEK_API_KEY}' \
              NVIDIA_API_KEY='${NVIDIA_API_KEY}' \
              OLLAMA_API_KEY='${OLLAMA_API_KEY}' \
              bash -lc 'curl -sfL https://install.svc.plus/ai-workspace | bash -'"