diff --git a/.gitea/CONTRIBUTING.md b/.gitea/CONTRIBUTING.md index 4891fb1a..a98958c6 100644 --- a/.gitea/CONTRIBUTING.md +++ b/.gitea/CONTRIBUTING.md @@ -6,6 +6,10 @@ 2. Make changes, ensure tests pass 3. Open a pull request +Deploy workflow policy: +`main` and `master` are both deploy-triggering branches, so `.gitea/workflow-sources/deploy-to-phoenix.yml` and `.gitea/workflow-sources/validate-on-pr.yml` must stay identical across both branches. +Use `bash scripts/verify/sync-gitea-workflows.sh` after editing workflow-source files, and `bash scripts/verify/run-all-validation.sh --skip-genesis` to catch workflow drift before push. + ## Pull Requests - Use the PR template when opening a PR diff --git a/.gitea/workflow-sources/deploy-to-phoenix.yml b/.gitea/workflow-sources/deploy-to-phoenix.yml new file mode 100644 index 00000000..21ea365b --- /dev/null +++ b/.gitea/workflow-sources/deploy-to-phoenix.yml @@ -0,0 +1,77 @@ +# Canonical deploy workflow. Keep source and checked-in workflow copies byte-identical. +# Validation checks both file sync and main/master parity. +name: Deploy to Phoenix + +on: + push: + branches: [main, master] + workflow_dispatch: + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Fetch deploy branches for workflow parity check + run: | + git fetch --depth=1 origin main master + + - name: Run repo validation gate + run: | + bash scripts/verify/run-all-validation.sh --skip-genesis + + deploy: + needs: validate + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Trigger Phoenix deployment + run: | + SHA="$(git rev-parse HEAD)" + BRANCH="$(git rev-parse --abbrev-ref HEAD)" + curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ + -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}" + + deploy-atomic-swap-dapp: + needs: validate + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Trigger Atomic Swap dApp deployment (Phoenix) + run: | + SHA="$(git rev-parse HEAD)" + BRANCH="$(git rev-parse --abbrev-ref HEAD)" + curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ + -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}" + + # After app deploy, ask Phoenix to run path-gated Cloudflare DNS sync on the host that has + # PHOENIX_REPO_ROOT + .env (not on this runner). Skips unless PHOENIX_CLOUDFLARE_SYNC=1 on that host. + # continue-on-error: first-time or missing opt-in should not block the main deploy. + cloudflare: + needs: + - deploy + - deploy-atomic-swap-dapp + runs-on: ubuntu-latest + continue-on-error: true + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Request Cloudflare DNS sync (Phoenix) + run: | + SHA="$(git rev-parse HEAD)" + BRANCH="$(git rev-parse --abbrev-ref HEAD)" + curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ + -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}" diff --git a/.gitea/workflow-sources/validate-on-pr.yml b/.gitea/workflow-sources/validate-on-pr.yml new file mode 100644 index 00000000..92bb2bde --- /dev/null +++ b/.gitea/workflow-sources/validate-on-pr.yml @@ -0,0 +1,21 @@ +# Canonical PR validation workflow. Keep source and checked-in workflow copies byte-identical. +# Validation checks both file sync and main/master parity. +# PR-only: push validation already runs in deploy-to-phoenix.yml; this gives PRs the same +# no-LAN checks without the deploy job (and without deploy secrets). +name: Validate (PR) +on: + pull_request: + types: [opened, synchronize, reopened] + branches: [main, master] + workflow_dispatch: +jobs: + run-all-validation: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Fetch deploy branches for workflow parity check + run: | + git fetch --depth=1 origin main master + - name: run-all-validation (no LAN, no genesis) + run: bash scripts/verify/run-all-validation.sh --skip-genesis diff --git a/.gitea/workflows/deploy-to-phoenix.yml b/.gitea/workflows/deploy-to-phoenix.yml index 10689873..21ea365b 100644 --- a/.gitea/workflows/deploy-to-phoenix.yml +++ b/.gitea/workflows/deploy-to-phoenix.yml @@ -1,11 +1,29 @@ +# Canonical deploy workflow. Keep source and checked-in workflow copies byte-identical. +# Validation checks both file sync and main/master parity. name: Deploy to Phoenix on: push: branches: [main, master] + workflow_dispatch: jobs: + validate: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Fetch deploy branches for workflow parity check + run: | + git fetch --depth=1 origin main master + + - name: Run repo validation gate + run: | + bash scripts/verify/run-all-validation.sh --skip-genesis + deploy: + needs: validate runs-on: ubuntu-latest steps: - name: Checkout code @@ -13,8 +31,47 @@ jobs: - name: Trigger Phoenix deployment run: | + SHA="$(git rev-parse HEAD)" + BRANCH="$(git rev-parse --abbrev-ref HEAD)" curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ -H "Content-Type: application/json" \ - -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${{ gitea.sha }}\",\"branch\":\"${{ gitea.ref_name }}\"}" - continue-on-error: true + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"default\"}" + + deploy-atomic-swap-dapp: + needs: validate + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Trigger Atomic Swap dApp deployment (Phoenix) + run: | + SHA="$(git rev-parse HEAD)" + BRANCH="$(git rev-parse --abbrev-ref HEAD)" + curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ + -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"atomic-swap-dapp-live\"}" + + # After app deploy, ask Phoenix to run path-gated Cloudflare DNS sync on the host that has + # PHOENIX_REPO_ROOT + .env (not on this runner). Skips unless PHOENIX_CLOUDFLARE_SYNC=1 on that host. + # continue-on-error: first-time or missing opt-in should not block the main deploy. + cloudflare: + needs: + - deploy + - deploy-atomic-swap-dapp + runs-on: ubuntu-latest + continue-on-error: true + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Request Cloudflare DNS sync (Phoenix) + run: | + SHA="$(git rev-parse HEAD)" + BRANCH="$(git rev-parse --abbrev-ref HEAD)" + curl -sSf -X POST "${{ secrets.PHOENIX_DEPLOY_URL }}" \ + -H "Authorization: Bearer ${{ secrets.PHOENIX_DEPLOY_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d "{\"repo\":\"${{ gitea.repository }}\",\"sha\":\"${SHA}\",\"branch\":\"${BRANCH}\",\"target\":\"cloudflare-sync\"}" diff --git a/.gitea/workflows/validate-on-pr.yml b/.gitea/workflows/validate-on-pr.yml new file mode 100644 index 00000000..92bb2bde --- /dev/null +++ b/.gitea/workflows/validate-on-pr.yml @@ -0,0 +1,21 @@ +# Canonical PR validation workflow. Keep source and checked-in workflow copies byte-identical. +# Validation checks both file sync and main/master parity. +# PR-only: push validation already runs in deploy-to-phoenix.yml; this gives PRs the same +# no-LAN checks without the deploy job (and without deploy secrets). +name: Validate (PR) +on: + pull_request: + types: [opened, synchronize, reopened] + branches: [main, master] + workflow_dispatch: +jobs: + run-all-validation: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Fetch deploy branches for workflow parity check + run: | + git fetch --depth=1 origin main master + - name: run-all-validation (no LAN, no genesis) + run: bash scripts/verify/run-all-validation.sh --skip-genesis diff --git a/docs/04-configuration/DEVIN_GITEA_PROXMOX_CICD.md b/docs/04-configuration/DEVIN_GITEA_PROXMOX_CICD.md new file mode 100644 index 00000000..5cbbdaaf --- /dev/null +++ b/docs/04-configuration/DEVIN_GITEA_PROXMOX_CICD.md @@ -0,0 +1,217 @@ +# Devin → Gitea → Proxmox CI/CD + +**Status:** Working baseline for this repo +**Last Updated:** 2026-04-20 + +## Goal + +Create a repeatable path where: + +1. Devin lands code in Gitea. +2. Gitea Actions validates the repo on the site-wide `act_runner`. +3. A successful workflow calls `phoenix-deploy-api`. +4. `phoenix-deploy-api` resolves the repo/branch to a deploy target and runs the matching Proxmox publish command. +5. The deploy service checks the target health URL before it reports success. + +## Current baseline in this repo + +The path now exists for **`d-bis/proxmox`** on **`main`** and **`master`**: + +- Canonical workflow sources: [.gitea/workflow-sources/deploy-to-phoenix.yml](/home/intlc/projects/proxmox/.gitea/workflow-sources/deploy-to-phoenix.yml) and [.gitea/workflow-sources/validate-on-pr.yml](/home/intlc/projects/proxmox/.gitea/workflow-sources/validate-on-pr.yml) +- Workflow: [deploy-to-phoenix.yml](/home/intlc/projects/proxmox/.gitea/workflows/deploy-to-phoenix.yml) +- Manual app workflow: [deploy-portal-live.yml](/home/intlc/projects/proxmox/.gitea/workflows/deploy-portal-live.yml) +- Deploy service: [server.js](/home/intlc/projects/proxmox/phoenix-deploy-api/server.js) +- Target map: [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) +- Current live publish script: [deploy-phoenix-deploy-api-to-dev-vm.sh](/home/intlc/projects/proxmox/scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh) +- Manual smoke trigger: [trigger-phoenix-deploy.sh](/home/intlc/projects/proxmox/scripts/dev-vm/trigger-phoenix-deploy.sh) +- Target validator: [validate-phoenix-deploy-targets.sh](/home/intlc/projects/proxmox/scripts/validation/validate-phoenix-deploy-targets.sh) +- Bootstrap helper: [bootstrap-phoenix-cicd.sh](/home/intlc/projects/proxmox/scripts/dev-vm/bootstrap-phoenix-cicd.sh) + +That default target publishes the `phoenix-deploy-api` bundle to **VMID 5700** on the correct Proxmox node and starts the CT if needed. + +A second target is now available: + +- `portal-live` → runs [sync-sankofa-portal-7801.sh](/home/intlc/projects/proxmox/scripts/deployment/sync-sankofa-portal-7801.sh) and then checks `http://192.168.11.51:3000/` + +## Workflow lockstep + +Because both `main` and `master` can trigger deploys, deploy behavior is now defined from canonical source files and checked for branch parity. + +- Edit only the source files under [.gitea/workflow-sources](/home/intlc/projects/proxmox/.gitea/workflow-sources:1) +- Sync the checked-in workflow copies with: + +```bash +bash scripts/verify/sync-gitea-workflows.sh +``` + +- Validate source sync plus `main`/`master` parity with: + +```bash +bash scripts/verify/run-all-validation.sh --skip-genesis +``` + +The deploy and PR workflows both fetch `origin/main` and `origin/master` before validation, so branch drift now fails CI instead of silently changing deploy behavior. + +## Flow + +```text +Devin + -> push to Gitea + -> Gitea Actions on act_runner (5700) + -> bash scripts/verify/run-all-validation.sh --skip-genesis + -> validates deploy-targets.json structure + -> POST /api/deploy to phoenix-deploy-api + -> match repo + branch + target in deploy-targets.json + -> run deploy command + -> verify target health URL + -> update Gitea commit status success/failure +``` + +## Required setup + +### 1. Runner + +Bring up the site-wide Gitea runner on VMID **5700**: + +```bash +bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh +``` + +Reference: [GITEA_ACT_RUNNER_SETUP.md](GITEA_ACT_RUNNER_SETUP.md) + +### 0. One-command bootstrap + +If root `.env` already contains the needed values, use: + +```bash +bash scripts/dev-vm/bootstrap-phoenix-cicd.sh --repo d-bis/proxmox +``` + +This runs the validation gate, deploys `phoenix-deploy-api`, and smoke-checks the service. + +### 2. Deploy API service + +Deploy the API to the dev VM: + +```bash +./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --dry-run +./scripts/deployment/deploy-phoenix-deploy-api-to-dev-vm.sh --apply --start-ct +``` + +On the target VM, set at least: + +```bash +PORT=4001 +GITEA_URL=https://gitea.d-bis.org +GITEA_TOKEN= +PHOENIX_DEPLOY_SECRET= +PHOENIX_REPO_ROOT=/home/intlc/projects/proxmox +``` + +Optional: + +```bash +DEPLOY_TARGETS_PATH=/opt/phoenix-deploy-api/deploy-targets.json +``` + +For the `portal-live` target, also set: + +```bash +SANKOFA_PORTAL_SRC=/home/intlc/projects/Sankofa/portal +``` + +### 3. Gitea repo secrets + +Set these in the Gitea repository that should deploy: + +- `PHOENIX_DEPLOY_URL` +- `PHOENIX_DEPLOY_TOKEN` + +Example: + +- `PHOENIX_DEPLOY_URL=http://192.168.11.59:4001/api/deploy` +- `PHOENIX_DEPLOY_TOKEN=` + +For webhook signing, the bootstrap/helper path also expects: + +- `PHOENIX_DEPLOY_SECRET` +- `PHOENIX_WEBHOOK_DEPLOY_ENABLED=1` only if you want webhook events themselves to execute deploys + +Do not enable both repo Actions deploys and webhook deploys for the same repo unless you intentionally want duplicate deploy attempts. + +## Adding more repos or VM targets + +Extend [deploy-targets.json](/home/intlc/projects/proxmox/phoenix-deploy-api/deploy-targets.json) with another entry. + +Each target is keyed by: + +- `repo` +- `branch` +- `target` + +Each target defines: + +- `cwd` +- `command` +- `required_env` +- optional `healthcheck` +- optional `timeout_sec` + +Example shape: + +```json +{ + "repo": "d-bis/another-service", + "branch": "main", + "target": "portal-live", + "cwd": "${PHOENIX_REPO_ROOT}", + "command": ["bash", "scripts/deployment/sync-sankofa-portal-7801.sh"], + "required_env": ["PHOENIX_REPO_ROOT"] +} +``` + +Use separate `target` names when the same repo can publish to different VMIDs or environments. + +Target-map validation is already part of: + +```bash +bash scripts/verify/run-all-validation.sh --skip-genesis +``` + +and can also be run directly: + +```bash +bash scripts/validation/validate-phoenix-deploy-targets.sh +``` + +## Manual testing + +Before trusting a new Gitea workflow, trigger the deploy service directly: + +```bash +bash scripts/dev-vm/trigger-phoenix-deploy.sh +``` + +Trigger the live portal deployment target directly: + +```bash +bash scripts/dev-vm/trigger-phoenix-deploy.sh d-bis/proxmox main portal-live +``` + +Inspect configured targets: + +```bash +curl -s http://192.168.11.59:4001/api/deploy-targets | jq . +``` + +## Recommended next expansions + +- Add a Phoenix API target for the repo that owns VMID **7800** or **8600**, depending on which deployment line is canonical. +- Add repo-specific workflows once the Sankofa source repos themselves are mirrored into Gitea Actions. +- Move secret values from ad hoc `.env` files into the final operator-managed secret source once you settle the production host for `phoenix-deploy-api`. + +## Notes + +- The Gitea workflow is gated by `scripts/verify/run-all-validation.sh --skip-genesis` before deploy. +- `phoenix-deploy-api` now returns `404` when no matching target exists and `500` when the deploy command fails. +- Commit status updates are written back to Gitea from the deploy service itself. diff --git a/scripts/verify/check-gitea-branch-workflow-parity.sh b/scripts/verify/check-gitea-branch-workflow-parity.sh new file mode 100644 index 00000000..02213273 --- /dev/null +++ b/scripts/verify/check-gitea-branch-workflow-parity.sh @@ -0,0 +1,51 @@ +#!/usr/bin/env bash +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +cd "$PROJECT_ROOT" + +SOURCE_TARGET_PAIRS=( + ".gitea/workflow-sources/deploy-to-phoenix.yml:.gitea/workflows/deploy-to-phoenix.yml" + ".gitea/workflow-sources/validate-on-pr.yml:.gitea/workflows/validate-on-pr.yml" +) + +missing_ref=false +for ref in origin/main origin/master; do + if ! git rev-parse --verify "$ref" >/dev/null 2>&1; then + missing_ref=true + fi +done + +if [[ "$missing_ref" == true ]]; then + echo "[i] Skipping main/master workflow parity check (origin/main or origin/master not available)" + exit 0 +fi + +for pair in "${SOURCE_TARGET_PAIRS[@]}"; do + source="${pair%%:*}" + target="${pair##*:}" + + main_blob="$(git show "origin/main:$source" 2>/dev/null || true)" + master_blob="$(git show "origin/master:$source" 2>/dev/null || true)" + + if [[ -z "$main_blob" ]]; then + main_blob="$(git show "origin/main:$target" 2>/dev/null || true)" + fi + if [[ -z "$master_blob" ]]; then + master_blob="$(git show "origin/master:$target" 2>/dev/null || true)" + fi + + if [[ -z "$main_blob" || -z "$master_blob" ]]; then + echo "[✗] Missing $source/$target on origin/main or origin/master" >&2 + exit 1 + fi + + if [[ "$main_blob" != "$master_blob" ]]; then + echo "[✗] Branch workflow drift: $source differs between origin/main and origin/master" >&2 + echo " Keep both deploy branches in lockstep for workflow-source files." >&2 + exit 1 + fi + + echo "[✓] Branch parity OK for $source" +done diff --git a/scripts/verify/check-gitea-workflows.sh b/scripts/verify/check-gitea-workflows.sh new file mode 100644 index 00000000..d9207ef7 --- /dev/null +++ b/scripts/verify/check-gitea-workflows.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +cd "$PROJECT_ROOT" + +check_one() { + local source_rel="$1" + local target_rel="$2" + + if [[ ! -f "$source_rel" ]]; then + echo "[✗] Missing workflow source: $source_rel" >&2 + return 1 + fi + + if [[ ! -f "$target_rel" ]]; then + echo "[✗] Missing generated workflow: $target_rel" >&2 + return 1 + fi + + if ! diff -u "$source_rel" "$target_rel" >/dev/null; then + echo "[✗] Workflow drift detected: $target_rel does not match $source_rel" >&2 + echo " Run: bash scripts/verify/sync-gitea-workflows.sh" >&2 + return 1 + fi + + echo "[✓] $target_rel matches $source_rel" +} + +check_one ".gitea/workflow-sources/deploy-to-phoenix.yml" ".gitea/workflows/deploy-to-phoenix.yml" +check_one ".gitea/workflow-sources/validate-on-pr.yml" ".gitea/workflows/validate-on-pr.yml" diff --git a/scripts/verify/run-all-validation.sh b/scripts/verify/run-all-validation.sh index 1bd75b83..cc0854a8 100644 --- a/scripts/verify/run-all-validation.sh +++ b/scripts/verify/run-all-validation.sh @@ -3,6 +3,7 @@ # Use for CI or pre-deploy: dependencies, config files, optional genesis. # Usage: bash scripts/verify/run-all-validation.sh [--skip-genesis] # --skip-genesis: do not run validate-genesis.sh (default: run if smom-dbis-138 present). +# Steps: dependencies, config files, cW* mesh matrix (if pair-discovery JSON exists), genesis. set -euo pipefail @@ -24,15 +25,64 @@ bash "$SCRIPT_DIR/check-dependencies.sh" || log_err "check-dependencies failed" log_ok "Dependencies OK" echo "" +echo "1b. pnpm workspace vs lockfile..." +if [[ -f "$PROJECT_ROOT/pnpm-workspace.yaml" ]]; then + bash "$SCRIPT_DIR/check-pnpm-workspace-lockfile.sh" || log_err "pnpm lockfile / workspace drift" + log_ok "pnpm lockfile aligned with workspace" +else + echo " (no pnpm-workspace.yaml at root — skip)" +fi +echo "" + +echo "1c. Gitea workflow source sync..." +bash "$SCRIPT_DIR/check-gitea-workflows.sh" || log_err "Gitea workflow source drift" +log_ok "Gitea workflows match source-of-truth files" +echo "" + +echo "1d. main/master workflow parity..." +bash "$SCRIPT_DIR/check-gitea-branch-workflow-parity.sh" || log_err "main/master workflow parity drift" +log_ok "main/master workflow parity OK" +echo "" + echo "2. Config files..." bash "$SCRIPT_DIR/../validation/validate-config-files.sh" || log_err "validate-config-files failed" log_ok "Config validation OK" echo "" -if [[ "$SKIP_GENESIS" == true ]]; then - echo "3. Genesis — skipped (--skip-genesis)" +echo "3. cW* mesh matrix (deployment-status + Uni V2 pair-discovery)..." +DISCOVERY_JSON="$PROJECT_ROOT/reports/extraction/promod-uniswap-v2-live-pair-discovery-latest.json" +if [[ -f "$DISCOVERY_JSON" ]]; then + MATRIX_JSON="$PROJECT_ROOT/reports/status/cw-mesh-deployment-matrix-latest.json" + bash "$SCRIPT_DIR/build-cw-mesh-deployment-matrix.sh" --no-markdown --json-out "$MATRIX_JSON" || log_err "cw mesh matrix merge failed" + log_ok "cW mesh matrix OK (also wrote $MATRIX_JSON)" else - echo "3. Genesis (smom-dbis-138)..." + echo " ($DISCOVERY_JSON missing — run: bash scripts/verify/build-promod-uniswap-v2-live-pair-discovery.sh)" +fi +echo "" + +echo "3b. deployment-status graph (cross-chain-pmm-lps)..." +PMM_VALIDATE="$PROJECT_ROOT/cross-chain-pmm-lps/scripts/validate-deployment-status.cjs" +if [[ -f "$PMM_VALIDATE" ]] && command -v node &>/dev/null; then + node "$PMM_VALIDATE" || log_err "validate-deployment-status.cjs failed" + log_ok "deployment-status.json rules OK" +else + echo " (skip: node or $PMM_VALIDATE missing)" +fi +echo "" + +echo "3c. External dependency blockers..." +EXT_CHECK="$SCRIPT_DIR/check-external-dependencies.sh" +if [[ -x "$EXT_CHECK" ]]; then + bash "$EXT_CHECK" --advisory || true +else + echo " (skip: $EXT_CHECK missing)" +fi +echo "" + +if [[ "$SKIP_GENESIS" == true ]]; then + echo "4. Genesis — skipped (--skip-genesis)" +else + echo "4. Genesis (smom-dbis-138)..." GENESIS_SCRIPT="$PROJECT_ROOT/smom-dbis-138/scripts/validation/validate-genesis.sh" if [[ -x "$GENESIS_SCRIPT" ]]; then bash "$GENESIS_SCRIPT" || log_err "validate-genesis failed" diff --git a/scripts/verify/sync-gitea-workflows.sh b/scripts/verify/sync-gitea-workflows.sh new file mode 100644 index 00000000..6860d5a6 --- /dev/null +++ b/scripts/verify/sync-gitea-workflows.sh @@ -0,0 +1,18 @@ +#!/usr/bin/env bash +set -euo pipefail + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +PROJECT_ROOT="$(cd "$SCRIPT_DIR/../.." && pwd)" +cd "$PROJECT_ROOT" + +sync_one() { + local source_rel="$1" + local target_rel="$2" + + mkdir -p "$(dirname "$target_rel")" + cp "$source_rel" "$target_rel" + echo "[✓] Synced $target_rel from $source_rel" +} + +sync_one ".gitea/workflow-sources/deploy-to-phoenix.yml" ".gitea/workflows/deploy-to-phoenix.yml" +sync_one ".gitea/workflow-sources/validate-on-pr.yml" ".gitea/workflows/validate-on-pr.yml"