06fdbac1ac
approval-driven deploys now walk the meta flake via
prepare_deploy / finalize_deploy / abort_deploy so a failed
build leaves no commit in meta's deploy log:
1. capture applied/main sha for rollback
2. tag approved/<id> + building/<id>
3. ff applied/main to proposal/<id>, read-tree sync working tree
4. meta::prepare_deploy(name) — nix flake lock --update-input
agent-<n> without committing
5. lifecycle::rebuild_no_meta — container-level only (new
extracted helper; public lifecycle::rebuild still wraps it
with single-phase meta sync + commit for dashboard / auto
_update callers that don't care about rollback)
6a. on success: tag deployed/<id>, meta::finalize_deploy commits
the staged lock with 'deploy <n> deployed/<id> <sha12>'
6b. on failure: tag failed/<id> annotated with the build error,
git_update_ref applied/main back to prev sha, read-tree to
main, meta::abort_deploy git-restores flake.lock
meta's git log now records only successful deploys; failures
+ denials still live in applied as annotated tags.
|
||
|---|---|---|
| .. | ||
| actions.rs | ||
| agent_server.rs | ||
| approvals.rs | ||
| auto_update.rs | ||
| broker.rs | ||
| client.rs | ||
| coordinator.rs | ||
| crash_watch.rs | ||
| dashboard.rs | ||
| events_vacuum.rs | ||
| lifecycle.rs | ||
| main.rs | ||
| manager_server.rs | ||
| meta.rs | ||
| operator_questions.rs | ||
| server.rs | ||