admin/orchestrator
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

fix(infra): ORCH-040 run containers as host uid 1000:1000 (not root) #53

Merged
admin merged 8 commits from feature/ORCH-040-root-git into main 2026-06-06 19:26:35 +03:00
Conversation 0 Commits 8 Files Changed 17 +933 -3
admin commented 2026-06-06 18:03:14 +03:00
Owner
Copy Link

Summary

  • Оба сервиса docker-compose.yml (orchestrator, orchestrator-staging) бегут под user: "1000:1000" (slin), не root — артефакты конвейера (worktree, коммиты в docs/work-items) создаются как slin:slin; git pull/reset на хосте без ручного chown.
  • group_add: ["999"] сохранён (docker.sock — МИНА 1). SSH-маунт приведён к HOME=/home/slin: target /root/.ssh → /home/slin/.ssh.
  • src/agents/launcher.py и Dockerfile НЕ менялись (по ADR-001).
  • Документация: docs/operations/INFRA.md (рантайм-uid, volumes/SSH target, host-prerequisites P-1…P-4), CHANGELOG.md.

Реализация по ADR-001 (Вариант 1) + глобальный adr-0005.

⚠️ Host-prerequisites (Owner, вне кода — без них конвейер встанет)

  • P-1 (блокер): chown -R 1000:1000 /home/slin/.claude (uid 1000 читает claude creds).
  • P-2: ssh-ключи в /home/slin/.orchestrator-ssh читаемы uid 1000.
  • P-3: id slin → 1000:1000; /repos, /app/data уже 1000:1000.
  • P-4: прод-рестарт self только в окно тишины (GET /status без активных задач).

Test plan

  • pytest tests/ -q — 501 passed (вкл. tests/test_orch040_compose.py: TC-01…TC-04)
  • TC-01 user 1000:1000; TC-02 group_add 999; TC-03 SSH target под /home/slin; TC-04 HOME launcher согласован
  • TC-06…TC-09 integration/ops на staging (8501) end-to-end перед прод-рестартом

🤖 Generated with Claude Code

## Summary - Оба сервиса docker-compose.yml (orchestrator, orchestrator-staging) бегут под `user: "1000:1000"` (slin), не root — артефакты конвейера (worktree, коммиты в docs/work-items) создаются как slin:slin; git pull/reset на хосте без ручного chown. - group_add: ["999"] сохранён (docker.sock — МИНА 1). SSH-маунт приведён к HOME=/home/slin: target /root/.ssh → /home/slin/.ssh. - src/agents/launcher.py и Dockerfile НЕ менялись (по ADR-001). - Документация: docs/operations/INFRA.md (рантайм-uid, volumes/SSH target, host-prerequisites P-1…P-4), CHANGELOG.md. Реализация по ADR-001 (Вариант 1) + глобальный adr-0005. ## ⚠️ Host-prerequisites (Owner, вне кода — без них конвейер встанет) - P-1 (блокер): chown -R 1000:1000 /home/slin/.claude (uid 1000 читает claude creds). - P-2: ssh-ключи в /home/slin/.orchestrator-ssh читаемы uid 1000. - P-3: id slin → 1000:1000; /repos, /app/data уже 1000:1000. - P-4: прод-рестарт self только в окно тишины (GET /status без активных задач). ## Test plan - [x] pytest tests/ -q — 501 passed (вкл. tests/test_orch040_compose.py: TC-01…TC-04) - [x] TC-01 user 1000:1000; TC-02 group_add 999; TC-03 SSH target под /home/slin; TC-04 HOME launcher согласован - [ ] TC-06…TC-09 integration/ops на staging (8501) end-to-end перед прод-рестартом 🤖 Generated with Claude Code
admin added 5 commits 2026-06-06 18:03:15 +03:00
docs: init ORCH-040 business request
All checks were successful
CI / test (push) Successful in 14s
Details
83e26279bf
analyst(ET): auto-commit from analyst run_id=174
All checks were successful
CI / test (push) Successful in 14s
Details
8e91c8c23c
analyst(ET): auto-commit from analyst run_id=175
All checks were successful
CI / test (push) Successful in 13s
Details
5436c4110e
architect(ET): auto-commit from architect run_id=176
All checks were successful
CI / test (push) Successful in 14s
Details
fe5eb38af2
fix(infra): run orchestrator containers as host uid 1000:1000 (not root)
All checks were successful
CI / test (push) Successful in 12s
Details
CI / test (pull_request) Successful in 12s
Details
f81715bd39 
Both compose services (orchestrator, orchestrator-staging) now declare
user: "1000:1000" so pipeline artifacts (git worktree, docs/work-items
commits) are created as slin:slin on the host — git pull/reset under slin
no longer fail with permission errors. docker.sock access preserved via
group_add: ["999"]. SSH mount target aligned with the launcher-forced
HOME=/home/slin (/root/.ssh -> /home/slin/.ssh). launcher.py and Dockerfile
unchanged. INFRA.md and CHANGELOG.md updated; host-prerequisites (P-1..P-4)
documented.

Refs: ORCH-040

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
admin added 1 commit 2026-06-06 18:05:28 +03:00
reviewer(ET): auto-commit from reviewer run_id=178
All checks were successful
CI / test (push) Successful in 13s
Details
CI / test (pull_request) Successful in 13s
Details
be64761654
admin added 1 commit 2026-06-06 18:07:09 +03:00
tester(ET): auto-commit from tester run_id=179
All checks were successful
CI / test (push) Successful in 14s
Details
CI / test (pull_request) Successful in 14s
Details
59e47ba067
admin added 1 commit 2026-06-06 18:09:03 +03:00
deployer(ET): auto-commit from deployer run_id=180
All checks were successful
CI / test (push) Successful in 15s
Details
CI / test (pull_request) Successful in 14s
Details
bcf5256731
admin merged commit 39cb5dde70 into main 2026-06-06 19:26:35 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: admin/orchestrator#53
Delete Branch "feature/ORCH-040-root-git"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?