Dev Agent
|
f0c2986477
|
ORCH-058: implement fail-closed provenance guard in deploy-hook + GIT_SHA OCI label in Dockerfile
CI / test (push) Successful in 16s
- deploy-hook: REVISION_LABEL/EXPECTED_REVISION (default unset -> backward-compat)
- deploy-hook: fail-closed guard inspects SOURCE_IMAGE revision label before docker tag, normalises <no value>, exit 1 on empty/mismatch
- deploy-hook: new --build-staging mode rebuilds staging image stamping GIT_SHA
- Dockerfile: ARG GIT_SHA + LABEL org.opencontainers.image.revision=$GIT_SHA
Closes TC07/TC08 (tests/test_deploy_hook_provenance.py).
|
2026-06-07 11:20:38 +03:00 |
|
stream
|
64e031a37f
|
fix(docker): passwd entry for uid 1000 (slin) — fixes ssh/whoami, unblocks ORCH-36 self-deploy Phase B
|
2026-06-07 09:27:04 +03:00 |
|
Dev Agent
|
5de8462a13
|
fix(docker): trust /repos for git (safe.directory) so launcher commit/push works
|
2026-06-02 20:18:44 +03:00 |
|
claude-bot
|
8715dd7148
|
feat(deploy): SSH key mount, deploy env vars, openssh-client in image
|
2026-06-01 20:03:27 +03:00 |
|
Dev Agent
|
0ad56e1f0a
|
fix: tini entrypoint, event routing wildcard, orphan recovery
|
2026-05-22 13:52:46 +03:00 |
|
Dev Agent
|
b545665e2d
|
feat: full pipeline fixes - CI status branch lookup, review webhook routing, auto-advance, plane sync
- handle_ci_status: fallback git branch -r --contains when branches[] empty
- webhook router: handle pull_request_approved event type
- handle_pr: map review.type to review.state for new Gitea format
- launcher: auto-advance stage after agent completion (_try_advance_stage)
- plane_sync: notify Plane on stage changes
- stages.py: stage machine with QG definitions
- notifications.py: stage change notifications
- safe.directory fix for container git operations
|
2026-05-22 01:57:02 +03:00 |
|
Dev Agent
|
daf8cdad9e
|
feat: orchestrator MVP — webhooks, agent launcher, QG checks
|
2026-05-19 15:57:00 +03:00 |
|