recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

change(cleanup): reap dev deploys at start+end of /upgrade-all instead of a timer

Browse Source 
Per operator: drop the hourly cc-ci-reap-dev-deploys systemd timer; instead run the
dev-* reaper at the START (Step 0, alongside the orphan sweep) and END (new step 4b)
of each /upgrade-all run, with THRESHOLD=0 (the run is quiescent then, so clear all
dev-* unconditionally). The reaper keeps its safe default (4h) for ad-hoc use.
Step-2b mandatory teardown is unchanged (primary mechanism); this is the backstop.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-06-09 15:47:16 +00:00
parent 23bba98be4
commit c60fc6d056
4 changed files with 34 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
nix/hosts/cc-ci-orchestrator-hetzner/configuration.nix
View File

@ -220,37 +220,4 @@ SSHCFG
Persistent = true; # if the box was down at the scheduled time, run once on next boot
};
};
# Hourly reaper for LEAKED /recipe-upgrade step-2b dev deploys (`dev-*` stacks on the cc-ci server).
# The upgrader must tear down its own dev deploy; this is the automated backstop for a missed
# teardown (crashed/abandoned loop). reap-dev-deploys.sh is scoped + age-gated so it is safe to run
# even mid-CI: it only touches `dev-*`, and only when idle > THRESHOLD (an active dev loop keeps
# redeploying and is never reaped). cc-ci-plan/IDEAS.md tracks the eventual separate-infra fix; this
# just bounds the leak window in the meantime.
systemd.services.cc-ci-reap-dev-deploys = {
description = "Reap leaked step-2b dev deploys (dev-* stacks) on the cc-ci server";
after = [ "network-online.target" "tailscaled.service" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
User = "loops"; Group = "users";
WorkingDirectory = "/srv/cc-ci";
};
environment = { HOME = "/home/loops"; };
path = [ pkgs.bash pkgs.openssh pkgs.coreutils ];
script = ''
ssh cc-ci 'THRESHOLD=14400 bash -s' \
< /srv/cc-ci/.claude/skills/upgrade-all/reap-dev-deploys.sh \
>> /srv/cc-ci/.cc-ci-logs/reap-dev-deploys.log 2>&1
'';
};
systemd.timers.cc-ci-reap-dev-deploys = {
description = "Hourly reaper for leaked step-2b dev deploys on cc-ci";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
};
}