feat(sprint5): quality pass, smoke test workflow, Get-CIJobSummary
Task 5.1: Delete runner/Install-Runner.ps1 (superseded by Setup-Host.ps1).
Task 5.2: Replace Unicode/Discord emoji in Watch-DiskSpace.ps1, Watch-RunnerHealth.ps1,
Test-E2E-Section3.3.ps1 with plain-text prefixes ([WARNING], [ALERT], [WARN]).
Task 5.3: docs/TEST-PLAN-v1.3-to-HEAD.md: ForEach-Object -Parallel replaced with Start-Job;
-RepositoryUrl replaced with -RepoUrl (3 occurrences); PS7 syntax removed.
Task 5.4: scripts/Get-CIJobSummary.ps1 (new): scans JSONL logs in F:\CI\Logs, prints summary
table per job, -JobId detail view, -Failed filter, -Last N.
Task 3.5: gitea/workflows/self-test.yml (new): workflow_dispatch, smoke-windows + smoke-linux.
scripts/Test-Smoke.ps1 (new): invokes Invoke-CIJob.ps1 with marker-file build,
asserts artifact dir and JSONL success event.
Task 5.6: docs/BEST-PRACTICES.md Section 10 added: SHA256 pinning policy, priority table,
PS 5.1 implementation pattern, update guidance.
This commit is contained in:
@@ -357,3 +357,38 @@ When a new .NET SDK or VS Build Tools version is released:
|
||||
6. Take new snapshot: `BaseClean_$(Get-Date -Format yyyyMMdd)`
|
||||
7. Update `SnapshotName` in `runner/config.yaml`
|
||||
8. Delete the old snapshot after confirming new one works for 1 week
|
||||
|
||||
---
|
||||
|
||||
## 10. SHA256 Pinning for Tier-1 Toolchain Installers
|
||||
|
||||
**Homelab policy**: partial-coverage pinning is acceptable. Pin only the installers
|
||||
that are re-downloaded as part of template provisioning (not installers already
|
||||
cached in the ISO or in `F:\CI\ISO\`).
|
||||
|
||||
Priority targets (descending risk):
|
||||
|
||||
| Installer | Script | Where to pin |
|
||||
|-----------|--------|--------------|
|
||||
| Git for Windows `.exe` | `template/Install-CIToolchain-WinBuild2025.ps1` | `-sha256` param or `Get-FileHash` check after download |
|
||||
| 7-Zip `.msi` / `.exe` | `template/Install-CIToolchain-WinBuild2025.ps1` | same |
|
||||
| Python `.exe` | `template/Install-CIToolchain-WinBuild2025.ps1` | same |
|
||||
| .NET SDK install script | `template/Install-CIToolchain-WinBuild2025.ps1` | HTTPS only; hash less critical |
|
||||
| Ubuntu cloud VMDK | `template/Deploy-LinuxBuild2404.ps1` | already implemented via `-VmdkSha256` parameter |
|
||||
|
||||
**Implementation pattern** (PS 5.1):
|
||||
|
||||
```powershell
|
||||
# After downloading $installerPath:
|
||||
if ($ExpectedSha256 -ne '') {
|
||||
$actual = (Get-FileHash -Path $installerPath -Algorithm SHA256).Hash
|
||||
if ($actual -ne $ExpectedSha256.ToUpper()) {
|
||||
throw "SHA256 mismatch for $installerPath.`n Expected: $ExpectedSha256`n Actual: $actual"
|
||||
}
|
||||
Write-Host "[Install] SHA256 OK: $installerPath"
|
||||
}
|
||||
```
|
||||
|
||||
Pin values must be updated each time a new installer version is adopted.
|
||||
Store the expected hash in the script's parameter default or in a companion
|
||||
`.sha256` sidecar file next to the cached installer in `F:\CI\ISO\`.
|
||||
|
||||
@@ -52,13 +52,17 @@ Test-Path F:\CI\State\ip-leases\
|
||||
# Expected: True
|
||||
|
||||
# 2. Start 4 parallel jobs on nsis-plugin-nsinnounp (or similar)
|
||||
# Simulate via:
|
||||
1..4 | ForEach-Object -Parallel {
|
||||
& 'N:\Code\Workspace\Local-CI-CD-System\scripts\Invoke-CIJob.ps1' `
|
||||
-RepositoryUrl 'http://10.10.20.11:3100/Simone/nsis-plugin-nsinnounp' `
|
||||
-JobId "test-parallel-$_" `
|
||||
-Branch main
|
||||
# Simulate via (PS 5.1 — Start-Job, not ForEach-Object -Parallel):
|
||||
$jobs = 1..4 | ForEach-Object {
|
||||
$i = $_
|
||||
Start-Job -ScriptBlock {
|
||||
& 'N:\Code\Workspace\Local-CI-CD-System\scripts\Invoke-CIJob.ps1' `
|
||||
-RepoUrl 'http://10.10.20.11:3100/Simone/nsis-plugin-nsinnounp' `
|
||||
-JobId "test-parallel-$using:i" `
|
||||
-Branch main
|
||||
}
|
||||
}
|
||||
$jobs | Wait-Job | Receive-Job
|
||||
|
||||
# 3. Monitor IP leases during build
|
||||
Get-ChildItem F:\CI\State\ip-leases\ | ForEach-Object {
|
||||
@@ -228,7 +232,7 @@ to text transcript, enabling machine parsing and future Loki/Grafana integration
|
||||
# 1. Run a complete build and capture job ID
|
||||
$jobId = 'test-jsonl-logging'
|
||||
& 'N:\Code\Workspace\Local-CI-CD-System\scripts\Invoke-CIJob.ps1' `
|
||||
-RepositoryUrl 'http://10.10.20.11:3100/Simone/nsis-plugin-nsinnounp' `
|
||||
-RepoUrl 'http://10.10.20.11:3100/Simone/nsis-plugin-nsinnounp' `
|
||||
-JobId $jobId `
|
||||
-Branch main
|
||||
|
||||
@@ -832,7 +836,7 @@ After validating new features, run one full end-to-end build to ensure nothing b
|
||||
```powershell
|
||||
# Full e2e validation
|
||||
& 'N:\Code\Workspace\Local-CI-CD-System\scripts\Invoke-CIJob.ps1' `
|
||||
-RepositoryUrl 'http://10.10.20.11:3100/Simone/nsis-plugin-nsinnounp' `
|
||||
-RepoUrl 'http://10.10.20.11:3100/Simone/nsis-plugin-nsinnounp' `
|
||||
-JobId 'e2e-test-post-v1.3' `
|
||||
-Branch main `
|
||||
-Verbose
|
||||
@@ -840,4 +844,4 @@ After validating new features, run one full end-to-end build to ensure nothing b
|
||||
# Expected: Build completes successfully, artifact created, JSONL log present, no errors
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user