admin/orchestrator
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity

feat: executable self-deploy — stage deploy triggers host hook (ORCH-036) #55

Merged
admin merged 10 commits from feature/ORCH-036-orch-36-deploy-b into main 2026-06-07 00:23:41 +03:00
Conversation 0 Commits 10 Files Changed 35 +2886 -6
admin commented 2026-06-06 23:06:29 +03:00
Owner
Copy Link

Summary

Исполняемый самодеплой стадии deploy (ORCH-036, Вариант B): стадия перестаёт быть «бумажной» — для self-hosting orchestrator deploy_status: SUCCESS = доказанный health-ok реального рестарта прод-контейнера (8500), не декларация LLM.

  • Три детерминированные фазы (src/stage_engine.py + новый src/self_deploy.py): A — request manual approve на ребре deploy-staging→deploy; B — человек ставит Plane→Approved → detached host-процесс (ssh+setsid → хук, переживает рестарт 8500) + finalizer-job; C — finalizer читает sentinel result (exit-code хука), маппит 0→SUCCESS / иначе→FAILED, пишет 14-deploy-log.md, дёргает существующие контракты.
  • Build-once (scripts/orchestrator-deploy-hook.sh): обратно-совместимый SOURCE_IMAGEdocker tag staging-образа на прод-тег перед up -d --no-build (без docker build).
  • Reserved-agent deploy-finalizer (детерминированный, без LLM) в launcher.py.
  • Уведомления Plane+Telegram на approve-request / initiate / success / rollback.
  • Условность как ORCH-35: реально только для orchestrator; прочие репо — прежний ssh-путь. Флаг DEPLOY_REQUIRE_MANUAL_APPROVE остаётся true.
  • Контракты НЕ менялись: STAGE_TRANSITIONS, QG_CHECKS, check_deploy_status/_parse_deploy_status, terminal-sync deploy→done, merge-gate (ORCH-43), БАГ-8.
  • Restart-safe sentinel-файлы, без миграции БД.

Документация (golden source): deployer.md, INFRA.md, DEPLOY_HOOK.md, ADR-001 + global adr-0007, CHANGELOG.

Test plan

  • pytest tests/ зелёный (566 passed)
  • TC-01/02/03 маппинг exit→status; TC-04..06 approve-gate; TC-07..09 self/non-self routing; TC-10 rollback; TC-11 staging precondition; TC-12/13 notifications; TC-14 build-once; TC-15..18 регресс контрактов; TC-19 авто-rollback хука
  • Интеграционный прогон хука — на staging-цели (8501), прод 8500 не трогать

🤖 Generated with Claude Code

## Summary Исполняемый самодеплой стадии `deploy` (ORCH-036, Вариант B): стадия перестаёт быть «бумажной» — для self-hosting `orchestrator` `deploy_status: SUCCESS` = доказанный health-ok реального рестарта прод-контейнера (8500), не декларация LLM. - **Три детерминированные фазы** (`src/stage_engine.py` + новый `src/self_deploy.py`): A — request manual approve на ребре `deploy-staging→deploy`; B — человек ставит Plane→Approved → detached host-процесс (`ssh+setsid` → хук, переживает рестарт 8500) + finalizer-job; C — finalizer читает sentinel `result` (exit-code хука), маппит `0→SUCCESS / иначе→FAILED`, пишет `14-deploy-log.md`, дёргает существующие контракты. - **Build-once** (`scripts/orchestrator-deploy-hook.sh`): обратно-совместимый `SOURCE_IMAGE` → `docker tag` staging-образа на прод-тег перед `up -d --no-build` (без `docker build`). - **Reserved-agent `deploy-finalizer`** (детерминированный, без LLM) в `launcher.py`. - Уведомления Plane+Telegram на approve-request / initiate / success / rollback. - Условность как ORCH-35: реально только для `orchestrator`; прочие репо — прежний ssh-путь. Флаг `DEPLOY_REQUIRE_MANUAL_APPROVE` остаётся `true`. - Контракты НЕ менялись: `STAGE_TRANSITIONS`, `QG_CHECKS`, `check_deploy_status`/`_parse_deploy_status`, terminal-sync `deploy→done`, merge-gate (ORCH-43), БАГ-8. - Restart-safe sentinel-файлы, без миграции БД. Документация (golden source): `deployer.md`, `INFRA.md`, `DEPLOY_HOOK.md`, ADR-001 + global adr-0007, CHANGELOG. ## Test plan - [x] `pytest tests/` зелёный (566 passed) - [x] TC-01/02/03 маппинг exit→status; TC-04..06 approve-gate; TC-07..09 self/non-self routing; TC-10 rollback; TC-11 staging precondition; TC-12/13 notifications; TC-14 build-once; TC-15..18 регресс контрактов; TC-19 авто-rollback хука - [ ] Интеграционный прогон хука — на staging-цели (8501), прод 8500 не трогать 🤖 Generated with [Claude Code](https://claude.com/claude-code)
admin added 9 commits 2026-06-07 00:07:36 +03:00
docs: init ORCH-036 business request 480b203a9d
analyst(ET): auto-commit from analyst run_id=189 0d0cd6e281
architect(ET): auto-commit from architect run_id=190 5c5525548d
developer(ET): auto-commit from developer run_id=192 63187ff102
feat(deploy): build-once SOURCE_IMAGE retag in hook + deploy-stage docs 10f2a39a58 
Add the optional, backward-compatible SOURCE_IMAGE branch to
orchestrator-deploy-hook.sh: when set, retag the staging-validated image
onto TARGET_IMAGE (docker tag) before `up -d --no-build` instead of
rebuilding — guarantees prod runs the exact artefact that passed staging
(AC-7 / TC-14). Unset -> prior behaviour; exit-code contract (0/1/2) and
health-loop untouched.

Update golden-source docs (AC-13): rewrite deployer.md `deploy` stage from
"paper SUCCESS" to the executable self-deploy (Phase A/B/C, no self-restart
from inside the container) and add the ORCH-036 CHANGELOG entry.

Refs: ORCH-036

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
reviewer(ET): auto-commit from reviewer run_id=195 9f43e6a0ae
fix(deploy): clear stale self-deploy markers on rollback; document env d79defeadd 
Re-deploy after a FAILED prod deploy wedged the task on `deploy`: the
sentinel markers (approve-requested/initiated/result) are keyed by the
stable work_item_id, so after the БАГ-8 rollback (deploy -> development)
and a developer fix, Phase B's idempotency-guard saw a STALE `initiated`
and became a no-op — the detached hook never re-launched and the
finalizer was never enqueued. Add self_deploy.clear_state (never-raise,
idempotent) and call it on the check_deploy_status FAILED rollback and at
the start of Phase A, so every fresh prod-deploy pass starts clean.

Also document the new ORCH_SELF_DEPLOY_* / ORCH_DEPLOY_* descriptors in
the canonical .env.example (CLAUDE.md rule #8, ТЗ §2.6), modelled on the
ORCH-043 merge-gate block (placeholders only, secrets not committed).

Contracts untouched: STAGE_TRANSITIONS, QG_CHECKS, _parse_deploy_status,
БАГ-8, merge-gate.

Refs: ORCH-036
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
reviewer(ET): auto-commit from reviewer run_id=199 2be39b398b
tester(ET): auto-commit from tester run_id=201
All checks were successful
CI / test (push) Successful in 17s
Details
CI / test (pull_request) Successful in 15s
Details
c0bcb544cf
admin force-pushed feature/ORCH-036-orch-36-deploy-b from 1199d5aa7a to c0bcb544cf 2026-06-07 00:07:36 +03:00 Compare
admin added 1 commit 2026-06-07 00:22:21 +03:00
Merge remote-tracking branch 'origin/main' into feature/ORCH-036-orch-36-deploy-b
All checks were successful
CI / test (push) Successful in 16s
Details
CI / test (pull_request) Successful in 14s
Details
36c1898fac 
# Conflicts:
#	.env.example
#	CHANGELOG.md
#	docs/architecture/README.md
#	docs/operations/INFRA.md
#	src/config.py
admin merged commit 1ff8d85bb9 into main 2026-06-07 00:23:41 +03:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
admin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: admin/orchestrator#55
Delete Branch "feature/ORCH-036-orch-36-deploy-b"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?