feat: add CI-gated claude-dev image package
Define claude-dev capabilities as a tested contract and deploy immutable tags only after smoke checks so daily tooling upgrades remain CI-first and rollback-safe. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,60 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
require_mounts="${REQUIRE_MOUNTS:-0}"
|
||||
|
||||
auth_ok=true
|
||||
|
||||
check_required_file() {
|
||||
local path="$1"
|
||||
if [[ ! -e "$path" ]]; then
|
||||
echo "Missing required mounted path: $path" >&2
|
||||
auth_ok=false
|
||||
return
|
||||
fi
|
||||
if [[ ! -r "$path" ]]; then
|
||||
echo "Path is not readable: $path" >&2
|
||||
auth_ok=false
|
||||
return
|
||||
fi
|
||||
if [[ -f "$path" ]] && [[ ! -s "$path" ]]; then
|
||||
echo "Path is empty: $path" >&2
|
||||
auth_ok=false
|
||||
return
|
||||
fi
|
||||
echo "Verified mounted path: $path"
|
||||
}
|
||||
|
||||
if [[ "$require_mounts" == "1" ]]; then
|
||||
check_required_file "/root/.claude"
|
||||
check_required_file "/root/.claude.json"
|
||||
check_required_file "/root/.gitea_token"
|
||||
|
||||
if [[ -f "/root/.claude/.git-credentials" ]]; then
|
||||
echo "Verified mounted path: /root/.claude/.git-credentials"
|
||||
else
|
||||
echo "Missing expected git credentials file: /root/.claude/.git-credentials" >&2
|
||||
auth_ok=false
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ -n "${GH_TOKEN:-}" ]]; then
|
||||
if GH_TOKEN="$GH_TOKEN" gh auth status >/dev/null 2>&1; then
|
||||
echo "gh auth status succeeded with GH_TOKEN"
|
||||
else
|
||||
echo "gh auth status failed with GH_TOKEN provided" >&2
|
||||
auth_ok=false
|
||||
fi
|
||||
else
|
||||
if gh auth status >/dev/null 2>&1; then
|
||||
echo "gh auth status succeeded using persisted auth"
|
||||
else
|
||||
echo "gh auth status not configured (allowed without GH_TOKEN)"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ "$auth_ok" != "true" ]]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "Auth/config smoke checks passed"
|
||||
@@ -0,0 +1,27 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
check_http_status() {
|
||||
local url="$1"
|
||||
local allowed_regex="$2"
|
||||
|
||||
local code
|
||||
code=$(curl -sS -o /dev/null -m 10 -w "%{http_code}" "$url")
|
||||
if [[ ! "$code" =~ $allowed_regex ]]; then
|
||||
echo "Unexpected HTTP status from $url: $code" >&2
|
||||
return 1
|
||||
fi
|
||||
echo "$url => HTTP $code"
|
||||
}
|
||||
|
||||
if ! getent hosts api.bytecatcode.org >/dev/null 2>&1; then
|
||||
echo "DNS lookup failed for api.bytecatcode.org" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "DNS lookup passed for api.bytecatcode.org"
|
||||
|
||||
check_http_status "https://api.bytecatcode.org" '^(200|301|302|400|401|403|404)$'
|
||||
check_http_status "http://127.0.0.1:3300" '^(200|301|302|401|403|404)$'
|
||||
|
||||
echo "Network smoke checks passed"
|
||||
@@ -0,0 +1,26 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
TOOLS_FILE="${1:-/opt/claude-dev/required-tools.txt}"
|
||||
|
||||
if [[ ! -f "$TOOLS_FILE" ]]; then
|
||||
echo "required tools file not found: $TOOLS_FILE" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
missing=()
|
||||
while IFS= read -r tool; do
|
||||
[[ -z "$tool" ]] && continue
|
||||
[[ "$tool" =~ ^# ]] && continue
|
||||
if ! command -v "$tool" >/dev/null 2>&1; then
|
||||
missing+=("$tool")
|
||||
fi
|
||||
done < "$TOOLS_FILE"
|
||||
|
||||
if (( ${#missing[@]} > 0 )); then
|
||||
echo "Missing required tools:" >&2
|
||||
printf ' - %s\n' "${missing[@]}" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "All required tools are present"
|
||||
Reference in New Issue
Block a user