ci(deploy-iac): pass XWORKMATE_BRIDGE_DOMAIN (override or CMDB service_domains) to on-host bootstrap

New optional 'bridge_domain' input overrides; otherwise derive from each host's cmdb.json host_vars.service_domains (first entry) and inject as XWORKMATE_BRIDGE_DOMAIN so the host sets /etc/hostname + xworkmate-bridge.caddy from it (on-host model has no inventory hostvars). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-24 15:56:45 +08:00 · 2026-06-24 15:56:45 +08:00 · fe479bc4b4
commit fe479bc4b4
parent 607c995a9a
1 changed files with 15 additions and 2 deletions
--- a/.github/workflows/deploy-ai-workspace-iac.yaml
+++ b/.github/workflows/deploy-ai-workspace-iac.yaml
@ -35,6 +35,11 @@ on:
        required: false
        default: "main"
        type: string
+      bridge_domain:
+        description: "XWORKMATE_BRIDGE_DOMAIN 覆盖(留空则取各主机 CMDB service_domains)"
+        required: false
+        default: ""
+        type: string
      terraform_action:
        description: "apply 创建/更新，destroy 销毁"
        required: false
@ -272,13 +277,21 @@ jobs:
          set -euo pipefail
          ip="$(jq -r '.["${{ matrix.host }}"].ip' cmdb/cmdb.json)"
          user="$(jq -r '.["${{ matrix.host }}"].ansible_user // "root"' cmdb/cmdb.json)"
-          echo "Bootstrapping ${{ matrix.host }} (${user}@${ip}) on-host ..."
+          # bridge 域名 = operator 覆盖(input) 否则各主机 CMDB service_domains 的首个，
+          # 用作 /etc/hostname 与 xworkmate-bridge.caddy；on-host 模型拿不到 inventory，
+          # 故由流水线作为 XWORKMATE_BRIDGE_DOMAIN env 注入。
+          domain='${{ github.event.inputs.bridge_domain }}'
+          if [ -z "$domain" ]; then
+            domain="$(jq -r '.["${{ matrix.host }}"].host_vars.service_domains // ""' cmdb/cmdb.json | cut -d, -f1 | tr -d ' ')"
+          fi
+          echo "Bootstrapping ${{ matrix.host }} (${user}@${ip}) on-host, domain=${domain:-<none>} ..."
          ssh -i ~/.ssh/id_deploy \
            -o StrictHostKeyChecking=accept-new \
            -o ServerAliveInterval=20 -o ServerAliveCountMax=15 \
            -o ConnectTimeout=20 \
            "${user}@${ip}" \
-            "DEEPSEEK_API_KEY='${DEEPSEEK_API_KEY}' \
+            "XWORKMATE_BRIDGE_DOMAIN='${domain}' \
+             DEEPSEEK_API_KEY='${DEEPSEEK_API_KEY}' \
             NVIDIA_API_KEY='${NVIDIA_API_KEY}' \
             OLLAMA_API_KEY='${OLLAMA_API_KEY}' \
             bash -lc 'curl -sfL https://install.svc.plus/ai-workspace | bash -'"