gilles/system_update
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(post-install): moteur de profils + bootstrap + identité/réseau (tâche 2 SJ-8)

Browse Source 
- templates custom/bootstrap-root + identity-network (sortie structurée parsable,
  sauvegardes, échec contrôlé, jamais de coupure réseau sans reconnexion)
- postInstall: registre de manifestes (champs typés + defaults/defaultFrom),
  validateProfileValues + maskSecretValues + buildPostInstallResult (TDD),
  renderProfile/previewProfile (masquage secrets), runPostInstall (SSH)
- execute: RunActionOpts.profileId/values + branche post_install (bloc postInstall)
- action_requests: post_install accepté, payload profileId/values transmis à approve
- routes: GET /profiles, POST .../preview (script masqué + validation),
  POST .../run (action_request si requiresConfirmation, sinon direct)

Champs = formulaire (pas de question SSH interactive) ; secrets jamais sérialisés ;
identity_network exige confirmation. tsc 0 · 101 tests · build OK · boot OK.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
gilles soulier
2026-06-06 08:02:32 +02:00
parent faa654c95a
commit e6f4ae470b
10 changed files with 566 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/services/actionRequests.ts
+16 -3
View File
@@ -16,6 +16,7 @@ export const DESTRUCTIVE_ACTIONS: Partial<Record<ActionType, "medium" | "high">>
apt_autoremove: "medium",
reboot: "high",
reboot_verified: "high",
post_install: "high", // risque réel porté par le manifeste du profil
};
const NEED_STACK: ActionType[] = ["docker_compose_apply", "docker_compose_down"];
@@ -26,7 +27,12 @@ export interface CreateRequestInput {
requestedByType?: "user" | "hermes" | "schedule";
requestedById?: string | null;
summary?: string | null;
payload?: { stackId?: string; aggressive?: boolean } | null;
payload?: {
stackId?: string;
aggressive?: boolean;
profileId?: string;
values?: Record<string, string | number | boolean | undefined>;
} | null;
}
export function createActionRequest(input: CreateRequestInput) {
@@ -96,8 +102,15 @@ export function approveActionRequest(id: string, approvedBy?: string) {
.where(eq(schema.actionRequests.id, id))
.run();
const payload = req.payloadJson ? (JSON.parse(req.payloadJson) as { stackId?: string; aggressive?: boolean }) : {};
const opts: RunActionOpts = { stackId: payload.stackId, aggressive: payload.aggressive };
const payload = req.payloadJson
? (JSON.parse(req.payloadJson) as { stackId?: string; aggressive?: boolean; profileId?: string; values?: Record<string, string | number | boolean | undefined> })
: {};
const opts: RunActionOpts = {
stackId: payload.stackId,
aggressive: payload.aggressive,
profileId: payload.profileId,
values: payload.values,
};
const machineId = req.machineId;
runAction(machineId, req.action as ActionType, opts)
.then((result) => {