76 lines
3.1 KiB
Text
76 lines
3.1 KiB
Text
|
{
|
||
|
|
id = "validate-build-infrastructure",
|
||
|
|
strategy = 'Override,
|
||
|
|
description = "Verify ephemeral BuildKit runner golden image is fresh, zot registry is reachable with S3 backend, and buildkit_runner extension component is registered (ADR-039).",
|
||
|
|
version = "1.0",
|
||
|
|
params = {
|
||
|
|
orchestrator_url | String | doc "Orchestrator HTTP API base URL" | default = "http://127.0.0.1:9011",
|
||
|
|
zot_url | String | doc "Zot OCI registry URL" | default = "http://zot.wuji.local:5000",
|
||
|
|
golden_image_max_age_days | Number | doc "Alert if golden image was built more than N days ago" | default = 14,
|
||
|
|
extensions_root | String | doc "Path to extensions components directory" | default = "{provisioning_root}/catalog/components",
|
||
|
|
},
|
||
|
|
steps = [
|
||
|
|
{
|
||
|
|
id = "check_buildkit_runner_registered",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "buildkit_runner extension component metadata.ncl exists and is valid",
|
||
|
|
cmd = "nickel typecheck {extensions_root}/buildkit_runner/metadata.ncl",
|
||
|
|
depends_on = [],
|
||
|
|
on_error = "abort",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
id = "check_zot_reachable",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "Zot OCI registry is reachable",
|
||
|
|
cmd = "curl -sf {zot_url}/v2/ | jq -e '.errors | not'",
|
||
|
|
depends_on = [],
|
||
|
|
on_error = "abort",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
id = "check_zot_s3_backend",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "Zot is configured with S3 storage backend (not local filesystem)",
|
||
|
|
cmd = "curl -sf {zot_url}/v2/_catalog | jq 'has(\"repositories\")'",
|
||
|
|
depends_on = ["check_zot_reachable"],
|
||
|
|
on_error = "warn",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
id = "check_golden_image_exists",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "BuildKit runner golden image exists in orchestrator VM pool",
|
||
|
|
cmd = "curl -sf {orchestrator_url}/api/v1/vm-pool/images | jq -e '.[] | select(.name | startswith(\"buildkit-runner\")) | .id'",
|
||
|
|
depends_on = [],
|
||
|
|
on_error = "abort",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
id = "check_golden_image_freshness",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "Golden image was built within the last {golden_image_max_age_days} days",
|
||
|
|
cmd = "curl -sf {orchestrator_url}/api/v1/vm-pool/images | jq -e '.[] | select(.name | startswith(\"buildkit-runner\")) | (.built_at | fromdateiso8601) > (now - {golden_image_max_age_days} * 86400)'",
|
||
|
|
depends_on = ["check_golden_image_exists"],
|
||
|
|
on_error = "warn",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
id = "check_sccache_reachable",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "sccache S3 bucket endpoint is reachable from orchestrator network",
|
||
|
|
cmd = "curl -sf {orchestrator_url}/api/v1/vm-pool/probe-sccache | jq -e '.reachable == true'",
|
||
|
|
depends_on = ["check_golden_image_exists"],
|
||
|
|
on_error = "warn",
|
||
|
|
},
|
||
|
|
{
|
||
|
|
id = "summary_report",
|
||
|
|
actor = 'Agent,
|
||
|
|
name = "Emit build-infrastructure validation summary",
|
||
|
|
cmd = "echo 'build-infrastructure validated: golden image fresh, zot reachable, sccache probe done'",
|
||
|
|
depends_on = [
|
||
|
|
"check_golden_image_freshness",
|
||
|
|
"check_zot_s3_backend",
|
||
|
|
"check_sccache_reachable",
|
||
|
|
"check_buildkit_runner_registered",
|
||
|
|
],
|
||
|
|
on_error = "warn",
|
||
|
|
},
|
||
|
|
],
|
||
|
|
}
|