gilles/system_update
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
37 Commits 1 Branch 0 Tags
b1c81ba518f27c3c4df0df4245cedde4a199d1df
Commit Graph

19 Commits

Author SHA1 Message Date
gilles b1c81ba518 feat(docker): pull-check + comparaison déterministe par stack (tâche 2 SJ-5) 
- template docker/pull-check.sh.tpl (pull sans up, inspect before/after)
- dockerPull: parseDockerPullCheck + buildDockerPullResult (TDD) — compare
  image id/digest/label OCI → services up_to_date|updates_available|error,
  changes operation=pulled ; erreurs registry nettoyées (URL/token/password)
- dockerDedupKey (digests prioritaires, fallback image ids) + DockerImageChange.dedupKey
- pullCheckStack: SSH + upsert docker_stack_services, refuse stack non enabled,
  refresh Docker séparé (hors refreshMachine, pas de pull auto)
- execute: runAction(opts.stackId), branche docker_pull_check, injection stackDir
  (corrige docker_inspect_current) ; route: allowlist Docker passifs + pull_check,
  destructives toujours hors API jusqu'à action_requests (SJ-6)

Pas de migration (schéma SJ-4 suffisant). tsc 0 erreur · 85 tests · build OK.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 21:02:38 +02:00
gilles 2af8e74079 feat(docker): scan/inspect passifs des stacks Compose (tâche 2 SJ-4) 
- 4 tables Docker (settings/compose_roots/compose_stacks/stack_services)
  + migration 0004 (timestamps journal monotones)
- templates docker/scan-compose + inspect-compose ; renderTemplate bascule
  sur délimiteurs <% %> pour les templates docker/ afin de préserver les
  Go-templates {{.ID}} intacts
- dockerScan: parseDockerScan (TDD) + scanDockerStacks (persiste stacks
  candidats, complète la détection par labels)
- action docker_scan branchée dans execute (route dédiée, archivage report/log)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 20:54:52 +02:00
gilles 434a149f1f fix(execute): refresh snapshot après apt upgrade/full-upgrade (amelioration #3) 
Après une action APT appliquée avec succès, relance refreshMachine pour
que la webui reflète l'état réel des paquets. Échec de refresh = event
warning non bloquant (post_action_refresh_failed).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 20:54:38 +02:00
gilles 08919752e3 feat: socle BDD (tâche 1.9 Phase 1-2) + moteur APT (tâche 2 SJ-0→3) + WIP capabilities/auth/Rust 
Checkpoint multi-chantiers (arbre vert : tsc 0 erreur, 70 tests, build OK).
- tâche 1.9 Phase 1 : schéma socle (machine_state/events/reports/raw_artifacts/
  hardware/metrics + colonnes étendues) + wiring refresh/execute. Migration 0002.
- tâche 1.9 Phase 2 : machine_credentials + machine_host_keys (non destructif,
  dual-read + backfill). Migration 0003. Fix séquence journal de migration.
- tâche 2 : SJ-0 (types étendus rétro-compatibles, réducteur Docker, resolveTemplate),
  SJ-1 (update-analyze enrichi), SJ-2 (apply + diff dpkg + timeout inactivité SSH),
  SJ-3 (reboot vérifié boot_id).
- WIP parallèle inclus : /api/capabilities, auth/apiTokens/apiClients, system metrics,
  scaffold app_rust, ajustements frontend.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 19:50:25 +02:00
gilles f6fcf4dbb6 feat: entrée serveur (Hono + WebSocket /api/ws + worker) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:15:42 +02:00
gilles c3584f4ec8 feat: routes HTTP Hono (machines, refresh, actions, executions) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:13:15 +02:00
gilles b4d47901b6 feat: worker in-process de refresh périodique (croner) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:12:21 +02:00
gilles f5f361a349 fix: ORDER BY sur getLatestSnapshot + lisibilité condition EXIT 
Suite revue batch D.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:10:56 +02:00
gilles 1fb93873ac feat: service execute (full-upgrade/reboot -> execution + rapport archivé) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:05:58 +02:00
gilles ed3cb91cd4 feat: génération de rapport Markdown d'exécution 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:05:23 +02:00
gilles 0576820059 feat: service refresh (check APT -> snapshot canonique) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:04:28 +02:00
gilles 3724326d81 feat: service machines (CRUD, test-connection, détection OS) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-05 04:03:51 +02:00
gilles 0e8d5a9bcf feat: hub de sortie WebSocket avec buffer rejouable 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 21:07:20 +02:00
gilles c520ca5a17 feat: couche SSH (password, sudo -S, exec streaming) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 21:06:37 +02:00
gilles 1153a4f7a1 feat: templates shell APT + rendu Mustache 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 21:04:51 +02:00
gilles 8cce701715 feat: parser sortie apt-get -s full-upgrade -> AptPackage[] 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 21:03:52 +02:00
gilles dc0ef1b7e9 feat: réducteur déterministe de lignes APT 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 21:03:01 +02:00
gilles 5aa4acdf87 feat: schéma Drizzle/SQLite (machines, snapshots, executions) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 20:58:50 +02:00
gilles feb136ffc1 feat: chiffrement AES-256-GCM des secrets + lecture env 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-04 20:58:04 +02:00