clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

build: fail-fast release gate for baked mother SSH key #114

Merged
clawdie merged 1 commit from release-gate-mother-key into main 2026-06-22 09:54:24 +02:00
Conversation 0 Commits 1 Files changed 1 +8
clawdie commented 2026-06-22 09:53:53 +02:00
Owner
Copy link

Why

#113 added a guard in the image-assembly step that refuses to bake the mother SSH key into a BUILD_CHANNEL=release image. But that guard sits deep in assembly — a release build would fetch FreeBSD, build everything, mount, and populate the image before hitting it.

What

Add the same check to check_release_gate() (which runs early, only for release builds). A release build with /home/clawdie/.ssh/osa-mother-2026 present on the host now aborts in seconds with a clear message, instead of after a full build. The assembly-time guard from #113 stays in place as defense in depth.

Note on the (c) item

BUILD_CHANNEL already defaults to dev (build.cfg:17BUILD_CHANNEL="${BUILD_CHANNEL:-dev}"), so the manifest is never empty and no default change was needed. This PR is the fail-fast guard only.

Test

sh -n build.sh clean. Guard mirrors the existing _release_errors pattern in the same function.

🤖 Generated with Claude Code

## Why #113 added a guard in the image-assembly step that refuses to bake the mother SSH key into a `BUILD_CHANNEL=release` image. But that guard sits deep in assembly — a release build would fetch FreeBSD, build everything, mount, and populate the image before hitting it. ## What Add the same check to `check_release_gate()` (which runs early, only for release builds). A release build with `/home/clawdie/.ssh/osa-mother-2026` present on the host now aborts in **seconds** with a clear message, instead of after a full build. The assembly-time guard from #113 stays in place as defense in depth. ## Note on the (c) item `BUILD_CHANNEL` already defaults to `dev` (`build.cfg:17` — `BUILD_CHANNEL="${BUILD_CHANNEL:-dev}"`), so the manifest is never empty and no default change was needed. This PR is the fail-fast guard only. ## Test `sh -n build.sh` clean. Guard mirrors the existing `_release_errors` pattern in the same function. 🤖 Generated with [Claude Code](https://claude.com/claude-code)
clawdie added 1 commit 2026-06-22 09:53:55 +02:00 
The image-assembly guard (build/mother-ssh-key, #113) refuses to copy the
mother key into a release image, but only after a full build run. Add the
same check to check_release_gate so a BUILD_CHANNEL=release build with the
key present on the host aborts in seconds, not after fetch/build/assemble.

The assembly-time guard stays as defense in depth.

(BUILD_CHANNEL already defaults to dev in build.cfg:17, so no change needed
there.)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
clawdie merged commit 48418af783 into main 2026-06-22 09:54:24 +02:00
clawdie deleted branch release-gate-mother-key 2026-06-22 09:54:26 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: clawdie/clawdie-iso#114
No description provided.
Delete branch "release-gate-mother-key"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?