clawdie/clawdie-iso
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
clawdie-iso/scripts/stage-zot-iso.sh
Sam & Claude 2af8a65cae chore(zot): pin operator image to zot v0.2.42 (Sam & Pi) 
Update the ISO default Zot pin and build docs from v0.2.29 to v0.2.42 so the next image stages the current rebuilt FreeBSD zot binary instead of recording a mismatched checkout/binary pair. Also refresh the release runbook's 0.11.0 examples.\n\nValidation: ./scripts/check-format.sh; sh -n build.sh scripts/stage-zot-iso.sh; BUILD_CHANNEL=dev build.cfg default check; git diff --check.
2026-06-22 06:08:42 +02:00

90 lines
2.9 KiB
Bash
Executable file
Raw Blame History

#!/bin/sh
# Stage the prebuilt `zot` agent binary + credentials into an image root.
#
# zot is the agent-harness consolidation target (one static Go binary). It has no
# FreeBSD release, so build it on the host first and point ZOT_ARTIFACT_DIR here:
# (cd ../zot && git checkout "$ZOT_VERSION" \
# && ZOT_BUILD_VERSION="${ZOT_VERSION:-v0.2.42}" \
# && VERSION="${ZOT_BUILD_VERSION#v}" make build)
#
# Credentials: zot resolves provider keys as --api-key -> provider env var ->
# $ZOT_HOME/auth.json. This stages auth.json (DeepSeek) under the operator's
# default ZOT_HOME (~/.local/state/zot). The Telegram token is configured
# separately at runtime via `zot telegram-bot setup` (it lives in zot state).
#
# Usage:
# ZOT_ARTIFACT_DIR=/path/to/bin scripts/stage-zot-iso.sh /path/to/image-root
set -eu
if [ "${1:-}" = "" ]; then
echo "usage: $0 DESTDIR" >&2
exit 64
fi
DESTDIR=$1
ZOT_ARTIFACT_DIR=${ZOT_ARTIFACT_DIR:?set ZOT_ARTIFACT_DIR to the dir holding the built zot binary}
ZOT_OPERATOR=${ZOT_OPERATOR:-clawdie}
ZOT_DEEPSEEK_KEY=${ZOT_DEEPSEEK_KEY:-}
BIN_SRC="${ZOT_ARTIFACT_DIR}/zot"
BIN_DIR="${DESTDIR}/usr/local/bin"
# zot's default ZOT_HOME on FreeBSD is ~/.local/state/zot
ZOT_HOME_REL=".local/state/zot"
OP_HOME="${DESTDIR}/home/${ZOT_OPERATOR}"
ZOT_HOME="${OP_HOME}/${ZOT_HOME_REL}"
if [ ! -x "${BIN_SRC}" ]; then
echo "missing executable zot artifact: ${BIN_SRC}" >&2
echo "hint: (cd \$ZOT_REPO && ZOT_BUILD_VERSION=\"\${ZOT_VERSION:-v0.2.42}\" && VERSION=\"\${ZOT_BUILD_VERSION#v}\" make build)" >&2
exit 66
fi
mkdir -p "${BIN_DIR}" "${ZOT_HOME}"
install -m 0555 "${BIN_SRC}" "${BIN_DIR}/zot"
# auth.json: bake the DeepSeek key if provided (0600), else leave a template.
if [ -n "${ZOT_DEEPSEEK_KEY}" ]; then
umask 077
cat > "${ZOT_HOME}/auth.json" <<EOF
{
"deepseek": { "api_key": "${ZOT_DEEPSEEK_KEY}" }
}
EOF
chmod 0600 "${ZOT_HOME}/auth.json"
_cred_note="auth.json baked with DeepSeek key (0600)"
else
cat > "${ZOT_HOME}/auth.json.sample" <<'EOF'
{
"deepseek": { "api_key": "sk-REPLACE-ME" }
}
EOF
_cred_note="auth.json.sample staged (operator copies to auth.json, chmod 0600)"
fi
cat > "${ZOT_HOME}/README.iso" <<EOF
zot agent — ISO staging notes
=============================
Binary: /usr/local/bin/zot (pinned build; FreeBSD-native, no release tarball)
State (ZOT_HOME): ~/.local/state/zot (config.json, auth.json, sessions/, logs/)
Credentials (zot order: --api-key -> provider env -> auth.json):
- ${_cred_note}
- or export DEEPSEEK_API_KEY at runtime.
Telegram bridge (token stored in zot state, not auth.json):
zot telegram-bot setup # paste BotFather token
zot telegram-bot start
Supervision contract for Colibri glasspane:
zot --json "..." # newline-delimited json events
zot rpc # json-rpc loop
EOF
cat <<EOF
Staged zot into ${DESTDIR}
binary : ${BIN_DIR}/zot (from ${BIN_SRC})
state : home/${ZOT_OPERATOR}/${ZOT_HOME_REL}
creds : ${_cred_note}
EOF
Reference in a new issue View git blame Copy permalink