build: fail-fast release gate for baked mother SSH key #114
1 changed files with 8 additions and 0 deletions
8
build.sh
8
build.sh
|
|
@ -512,6 +512,14 @@ check_release_gate() {
|
|||
_release_errors=$(( _release_errors + 1 ))
|
||||
fi
|
||||
|
||||
# A baked mother SSH private key must never reach a publicly hosted release
|
||||
# image. Fail fast here so a release build aborts in seconds; the image
|
||||
# assembly step also refuses to copy it, as defense in depth.
|
||||
if [ -f "/home/clawdie/.ssh/osa-mother-2026" ]; then
|
||||
echo "ERROR: mother SSH key present on build host (/home/clawdie/.ssh/osa-mother-2026) — refuse to bake it into a release image. Remove it, or build with BUILD_CHANNEL=dev."
|
||||
_release_errors=$(( _release_errors + 1 ))
|
||||
fi
|
||||
|
||||
if [ "${_release_errors}" -gt 0 ]; then
|
||||
echo "ERROR: release build aborted — ${_release_errors} modified repo(s). Use BUILD_CHANNEL=dev for iteration builds."
|
||||
exit 1
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue