clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(zot): pin operator image to zot v0.2.42 (Sam & Pi) #107

Merged
clawdie merged 1 commit from chore/zot-0.2.42-pin into main 2026-06-22 07:27:12 +02:00
Conversation 0 Commits 1 Files changed 5 +22 -22
5 changed files with 22 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
build.cfg
View file

@ -113,7 +113,7 @@ COLIBRI_COST_MODE="${COLIBRI_COST_MODE:-smart}"
# COLIBRI_STAGE_AGENT=NO stages the daemon without the agent (debug builds).
# Pin a tag for reproducible images; the agent has no FreeBSD release, so the
# build host compiles it: (cd $ZOT_REPO && git checkout $ZOT_VERSION &&
# ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.29}" && VERSION="${ZOT_BUILD_VERSION#v}" make build)
# ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.42}" && VERSION="${ZOT_BUILD_VERSION#v}" make build)
COLIBRI_STAGE_AGENT="${COLIBRI_STAGE_AGENT:-YES}"
# Development-only local fake-agent binary. Auto mode includes it for dev
# builds and omits it from release/prod images; override with YES/NO for
@ -125,7 +125,7 @@ if [ "${COLIBRI_STAGE_TEST_AGENT}" = "auto" ]; then
*) COLIBRI_STAGE_TEST_AGENT="YES" ;;
esac
fi
ZOT_VERSION="${ZOT_VERSION:-v0.2.29}"
ZOT_VERSION="${ZOT_VERSION:-v0.2.42}"
ZOT_REPO="${ZOT_REPO:-/home/clawdie/ai/zot}"
ZOT_ARTIFACT_DIR="${ZOT_ARTIFACT_DIR:-}"
# Optional: bake the operator's DeepSeek key into the agent's auth.json (0600).

4
docs/LIVE-COLIBRI-REBUILD.md
View file

@ -195,8 +195,8 @@ if [ ! -d zot-build/.git ]; then
fi
cd zot-build
git fetch --prune origin
git checkout v0.2.29 # the zot tag this image ships (see build-manifest.json)
ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.29}"
git checkout v0.2.42 # the zot tag this image ships (see build-manifest.json)
ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.42}"
VERSION="${ZOT_BUILD_VERSION#v}" make build
./bin/zot --version
```

2
docs/RELEASE-0.11.0-HANDOFF.md
View file

@ -12,7 +12,7 @@ this build happens on FreeBSD.
| clawdie-iso | `7f55770` | v0.11.0 | `ISO_VERSION=0.11.0` |
| colibri | `b626082` | v0.11.0 | MIT; 230 tests green; fmt + clippy clean |
| clawdie-ai | `393b0c7` | — | clean on forge main |
| zot | `1a24a20` | — | agent (front door); pinned by `ZOT_VERSION` |
| zot | `821f51a` | v0.2.42 | agent (front door); pinned by `ZOT_VERSION` |
Locally-runnable gates pass on colibri + clawdie-iso (fmt, `CARGO_CRATES` and
agent-jail drift checks, markdown). CI Actions are **dormant** (no runner) — gates

30
docs/RELEASE-BUILD-RUNBOOK.md
View file

@ -1,6 +1,6 @@
# Release Build Runbook
**Current target:** `0.10.0` ("Operator Image") · **Channel:** `release`
**Current target:** `0.11.0` ("Operator Image") · **Channel:** `release`
How to cut a reproducible, publishable operator image from merged sources. This
is the `BUILD_CHANNEL=release` path — distinct from the everyday
@ -20,11 +20,11 @@ use `BUILD_CHANNEL=dev` and skip the pinning discipline below.
commits are then written to `build-manifest.json`, so the image can be rebuilt
from that record.
- **Own product version.** `ISO_VERSION` is an explicit product number
(`0.10.0`), not a component's. Component versions are provenance, not identity.
(`0.11.0`), not a component's. Component versions are provenance, not identity.
- **Fits the stick.** The build aborts before shipping if the live filesystem
has less than `IMAGE_MIN_FREE_MB` (default 1024) free.
Output: `tmp/output/clawdie-quindecim-0.10.0.img` (`quindecim` = FreeBSD 15).
Output: `tmp/output/clawdie-quindecim-0.11.0.img` (`quindecim` = FreeBSD 15).
---
@ -68,7 +68,7 @@ Any output from `status --porcelain` (modified _or_ untracked) will fail the
release gate. Clean it before continuing — do not `.gitignore` your way past it.
> `zot` ships at a pinned tag. Check out the tag you intend to release
> (`ZOT_VERSION`, default `v0.2.29`) so the recorded commit is the tag's commit.
> (`ZOT_VERSION`, default `v0.2.42`) so the recorded commit is the tag's commit.
---
@ -83,10 +83,10 @@ cargo clippy --workspace --all-targets -- -D warnings
# zot agent binary (native FreeBSD build)
cd ../zot
git checkout v0.2.29 # the release tag
ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.29}"
git checkout v0.2.42 # the release tag
ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.42}"
VERSION="${ZOT_BUILD_VERSION#v}" make build
./bin/zot --version # expect: zot 0.2.29
./bin/zot --version # expect: zot 0.2.42
cd ../clawdie-iso
```
@ -115,11 +115,11 @@ ls -l ../colibri/target/release/colibri-daemon \
```sh
cd ../clawdie-iso
sudo env BUILD_CHANNEL=release ISO_VERSION=0.10.0 \
sudo env BUILD_CHANNEL=release ISO_VERSION=0.11.0 \
./build.sh --clawdie-ref main
```
- `ISO_VERSION=0.10.0` — also the `build.cfg` default; an empty/`auto` value
- `ISO_VERSION=0.11.0` — also the `build.cfg` default; an empty/`auto` value
fails fast.
- `--clawdie-ref main` bundles current `clawdie-ai` main (its commit is recorded
as provenance). Use `--clawdie-version X.Y.Z` instead to pin a clawdie-ai tag.
@ -129,13 +129,13 @@ sudo env BUILD_CHANNEL=release ISO_VERSION=0.10.0 \
What you should see, in order:
1. **Banner**`ISO : 0.10.0-release (zot v0.2.29)`.
1. **Banner**`ISO : 0.11.0-release (zot v0.2.42)`.
2. **Release gate** — silent on success; on failure it lists each modified repo
and exits. (Fix the tree; don't switch to `dev` for a real release.)
3. **Preflight** — confirms the colibri binaries and `zot/bin/zot` exist.
4. **Image space report**`df`/`du` of the live filesystem, then
`Free space OK (… MB, floor 1024 MB)` — or an abort if it won't fit.
5. **Output**`Done : tmp/output/clawdie-quindecim-0.10.0.img`.
5. **Output**`Done : tmp/output/clawdie-quindecim-0.11.0.img`.
---
@ -147,7 +147,7 @@ cat tmp/output/build-manifest.json # or USB_SHARE copy
Confirm:
- `"iso_version": "0.10.0"`, `"version_scheme": "product"`,
- `"iso_version": "0.11.0"`, `"version_scheme": "product"`,
`"build_channel": "release"`.
- `zot_commit`, `colibri_commit`, `clawdie_ai_commit`, `iso_repo_commit` are all
real SHAs (not `unknown`).
@ -184,7 +184,7 @@ If anything fails out of the box, this is not the cut — fix, rebuild, and the
Follow `skills/iso-publish/SKILL.md`: compress to `.xz`, write the `.sha256`, and
the publish manifest, then `scripts/publish.sh` to the CMS downloads jail.
`FLASHING.md` is the operator-facing flashing guide (already references the
`0.10.0` artifact name).
`0.11.0` artifact name).
---
@ -192,7 +192,7 @@ the publish manifest, then `scripts/publish.sh` to the CMS downloads jail.
- [ ] All four repos clean (`git status --porcelain` empty) and on the release ref.
- [ ] `cargo test --workspace` + `cargo clippy -D warnings` green on colibri.
- [ ] `BUILD_CHANNEL=release ISO_VERSION=0.10.0 ./build.sh` completes; gate passed,
- [ ] `BUILD_CHANNEL=release ISO_VERSION=0.11.0 ./build.sh` completes; gate passed,
preflight passed, free-space check passed.
- [ ] `build-manifest.json`: channel `release`, all commits real, all
`*_modified` `false`.
@ -203,7 +203,7 @@ the publish manifest, then `scripts/publish.sh` to the CMS downloads jail.
## Notes / gotchas
- **Future cuts:** bump `ISO_VERSION` in `build.cfg` (e.g. `0.10.1`, `1.0.0`).
- **Future cuts:** bump `ISO_VERSION` in `build.cfg` (e.g. `0.11.1`, `1.0.0`).
Everything else here is unchanged.
- **`dev` vs `release`:** `dev` skips the clean-tree gate — fine for proving a
change, never for a published artifact.

4
scripts/stage-zot-iso.sh
View file

@ -4,7 +4,7 @@
# zot is the agent-harness consolidation target (one static Go binary). It has no
# FreeBSD release, so build it on the host first and point ZOT_ARTIFACT_DIR here:
# (cd ../zot && git checkout "$ZOT_VERSION" \
# && ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.29}" \
# && ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.42}" \
# && VERSION="${ZOT_BUILD_VERSION#v}" make build)
#
# Credentials: zot resolves provider keys as --api-key -> provider env var ->
@ -36,7 +36,7 @@ ZOT_HOME="${OP_HOME}/${ZOT_HOME_REL}"
if [ ! -x "${BIN_SRC}" ]; then
echo "missing executable zot artifact: ${BIN_SRC}" >&2
echo "hint: (cd \$ZOT_REPO && ZOT_BUILD_VERSION=\"\${ZOT_VERSION:-v0.2.29}\" && VERSION=\"\${ZOT_BUILD_VERSION#v}\" make build)" >&2
echo "hint: (cd \$ZOT_REPO && ZOT_BUILD_VERSION=\"\${ZOT_VERSION:-v0.2.42}\" && VERSION=\"\${ZOT_BUILD_VERSION#v}\" make build)" >&2
exit 66
fi