feat: architecture review fixes, self-update system, CI pipeline, supply chain hardening
Architecture review (all P0+P1 issues now fixed): - Add 10s timeout to 6 bare Nostr client.connect() calls - Pin all 12 crypto deps to exact versions from Cargo.lock - Pin all 15 floating container image tags to exact patch versions - Add CI pipeline (cargo fmt + clippy + tests, frontend type-check + build) Self-update system (git.tx1138.com): - scripts/self-update.sh: pull, build, install, restart with rollback - systemd timer checks daily at 3 AM - update.check RPC does git-based checks when repo is present - update.git-apply RPC triggers self-update from UI - Default update URL changed from GitHub to git.tx1138.com - Git added to ISO package list for fresh installs Documentation: - CHANGELOG v1.3.1 with all changes - README updated (version, update system section) - BETA-PROGRESS session #6 logged - architecture-review.html: 4 issues marked FIXED, 8/12 refactoring done Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
19
image-recipe/configs/archipelago-update.service
Normal file
19
image-recipe/configs/archipelago-update.service
Normal file
@@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=Archipelago Self-Update
|
||||
After=network-online.target archipelago.service
|
||||
Wants=network-online.target
|
||||
ConditionPathExists=/home/archipelago/archy/.git
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User=archipelago
|
||||
ExecStart=/home/archipelago/archy/scripts/self-update.sh
|
||||
TimeoutStartSec=600
|
||||
Environment="HOME=/home/archipelago"
|
||||
Environment="PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/archipelago/.cargo/bin"
|
||||
|
||||
# Allow sudo for service restart and file install
|
||||
# Requires archipelago user in sudoers for specific commands
|
||||
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
14
image-recipe/configs/archipelago-update.timer
Normal file
14
image-recipe/configs/archipelago-update.timer
Normal file
@@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=Check for Archipelago updates daily
|
||||
ConditionPathExists=/home/archipelago/archy/.git
|
||||
|
||||
[Timer]
|
||||
# Check at 3 AM daily (low-activity window)
|
||||
OnCalendar=*-*-* 03:00:00
|
||||
# Randomize within 30 min window to avoid thundering herd
|
||||
RandomizedDelaySec=1800
|
||||
# Run once on boot if last check was missed
|
||||
Persistent=true
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
Reference in New Issue
Block a user