f3d2961b97
Some checks failed
CI/CD Pipeline / Lint and Format (push) Failing after 46s
CI/CD Pipeline / Terraform Validation (push) Failing after 35s
CI/CD Pipeline / Kubernetes Validation (push) Successful in 37s
Deploy ChainID 138 / Deploy ChainID 138 (push) Failing after 1m50s
HYBX OMNL TypeScript & anchor / token-aggregation build + reconcile artifact (push) Failing after 2m19s
Validation / validate-genesis (push) Successful in 51s
Validation / validate-terraform (push) Failing after 39s
Validation / validate-kubernetes (push) Failing after 10s
CI/CD Pipeline / Solidity Contracts (push) Failing after 12m56s
Validation / validate-smart-contracts (push) Failing after 12s
CI/CD Pipeline / Security Scanning (push) Failing after 15m52s
Validation / validate-security (push) Failing after 10m59s
Validation / validate-documentation (push) Failing after 17s
Validate Token List / validate (push) Failing after 30s
OMNL reconcile anchor / Run omnl:reconcile and upload artifacts (push) Failing after 26s
Verify Deployment / Verify Deployment (push) Failing after 56s
56 lines
2.4 KiB
Markdown
56 lines
2.4 KiB
Markdown
# OMNL reconcile — cron and CI
|
|
|
|
The anchor is the SHA-256 of canonical JSON built from `config/omnl-ipsas-gl-registry.json` and `config/omnl-journal-matrix.json` (see `services/token-aggregation/scripts/omnl-reconcile-report.mjs`).
|
|
|
|
## One-off (repo root)
|
|
|
|
```bash
|
|
bash scripts/hybx-omnl/omnl-reconcile-artifact.sh
|
|
```
|
|
|
|
Outputs under `artifacts/omnl-reconcile/` (gitignored locally):
|
|
|
|
| File | Purpose |
|
|
|------|---------|
|
|
| `omnl-reconcile-<UTC-timestamp>.json` | Immutable run record |
|
|
| `omnl-reconcile-latest.json` | Copy of last run |
|
|
| `omnl-reconcile-sha256.txt` | Single line: hex digest for scripts / alerting |
|
|
| `omnl-reconcile-ci-meta.json` | Present when `GITHUB_*` env vars are set |
|
|
|
|
Override output directory: `OMNL_RECONCILE_ARTIFACT_DIR=/var/lib/omnl bash scripts/hybx-omnl/omnl-reconcile-artifact.sh`
|
|
|
|
## Cron example
|
|
|
|
Run daily at 06:00 UTC. The script calls `node` on `omnl-reconcile-report.mjs` (no `npm install` required; only Node.js and repo files).
|
|
|
|
```cron
|
|
# OMNL IPSAS / journal matrix anchor (adjust paths and log location)
|
|
0 6 * * * cd /opt/smom-dbis-138 && /usr/bin/bash scripts/hybx-omnl/omnl-reconcile-artifact.sh >> /var/log/omnl-reconcile.log 2>&1
|
|
```
|
|
|
|
After registry or matrix edits in git, re-run the script (or rely on CI) and archive the new `sha256` in your ops log.
|
|
|
|
## GitHub Actions
|
|
|
|
### Scheduled / manual anchor
|
|
|
|
Workflow: `.github/workflows/omnl-reconcile.yml`
|
|
|
|
- **schedule**: weekly (edit cron as needed)
|
|
- **workflow_dispatch**: manual run
|
|
- **push** / **pull_request**: when OMNL config or the reconcile script changes
|
|
|
|
Artifacts: download **omnl-reconcile-\<run id\>** from the Actions run; it contains the same files as above.
|
|
|
|
### PR checks (TypeScript + anchor, no Forge)
|
|
|
|
Workflow: `.github/workflows/hybx-omnl-ts.yml`
|
|
|
|
- **workflow_dispatch**: run manually from the Actions tab (no path filter).
|
|
- Runs on **pull_request** and **push** when OMNL contracts, token-aggregation, OMNL config, or `scripts/hybx-omnl/**` change.
|
|
- Steps: `npm ci` in `services/token-aggregation`, `omnl-reconcile-artifact.sh`, `npm run build`, uploads **`artifacts/omnl-reconcile/`** (14-day retention).
|
|
|
|
Full stack validation (Forge `hybx-omnl` + `tsc`): `pnpm run omnl:verify` or `bash scripts/hybx-omnl/ci-omnl-validation.sh` locally (requires Foundry + `lib/`).
|
|
|
|
Both OMNL workflows use **concurrency** (cancel in-progress on the same ref) to avoid stacked runs on rapid pushes.
|