applications/magicciv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
magicciv/scripts/cloud-bringup.sh
Natalie ab8fd4d707
Some checks are pending
ci / regression gate (push) Waiting to run
Details
fix(cloud-dx): repoint forge from dead mc-forge droplet to live forge.mc.uvlava.com 
The dedicated mc-forge droplet (159.203.170.249:3000/mcadmin) is gone; the forge
now rides a shared services box, addressed by the stable hostname
forge.mc.uvlava.com/applications. The cloud-DX toolchain still pointed at the dead
endpoint, so every worker clone + golden-image build was broken.

- scripts/lib/forge-remote.sh: single source of truth — builds the authenticated
  clone URL from the hostname + ~/.vault/services-forge-token (relocation-proof;
  no hardcoded IP). Exports MC_FORGE_GIT_REMOTE.
- cloud-bringup.sh / dist.sh: source the helper instead of the dead
  mc_forge_creds + 159.203 URL. Also fix cloud-bringup REPO path to the current
  @mc/@applications/magicciv location.
- settings.local.json autoMode trust block: name the new forge host + 'mc' DO
  project (was 159.203 + 'mc:dev'), else cloud provisioning is denied as exfil.
- cloud-dx-do.md: document the new forge + token.

Verified: helper authenticates to the live forge (ls-remote main); scripts parse;
JSON valid.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-30 01:39:54 -04:00

62 lines
3.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# One-shot DigitalOcean bring-up + smoke. Run it yourself so the cloud build and
# repo clone happen under your authority (the agent can't auto-clone private
# source onto cloud boxes; you can). It:
# 1. builds the golden image from the forge,
# 2. spins 1 worker, runs the test suite (timed) + a render proof,
# 3. tears the worker down (trap, even on failure).
#
# Launch and walk away:
# nohup bash scripts/cloud-bringup.sh > ~/cloud-bringup.log 2>&1 &
# # ...sleep... then on waking: less ~/cloud-bringup.log ; open ~/Desktop/mc-do-proof.png
#
# Reads all secrets from ~/.vault/ — nothing sensitive is hardcoded here.
set -uo pipefail
REPO="$HOME/Code/@mc/@applications/magicciv"
cd "$REPO" || exit 1
# --- auth (from vault) ---
export DIGITALOCEAN_TOKEN; DIGITALOCEAN_TOKEN="$(cat ~/.vault/do_pat_mc)"
export TF_VAR_do_token="$DIGITALOCEAN_TOKEN"
# Forge clone URL (hostname + services token) — single source of truth.
# shellcheck disable=SC1091
. "$REPO/scripts/lib/forge-remote.sh" || { echo "!!! forge-remote.sh failed (no token?)"; exit 1; }
export TF_VAR_git_remote="$MC_FORGE_GIT_REMOTE" # workers pull latest from the forge
export PKR_VAR_git_remote="$MC_FORGE_GIT_REMOTE" # packer reads the creds from env, not argv
PKR_VAR_fleet_pubkey="$(cat ~/.ssh/id_mc_fleet.pub)"; export PKR_VAR_fleet_pubkey # baked into worker authorized_keys
# fleet reuses the pre-registered DO key 'mc-fleet' (var ssh_key_name default); just load its private half
ssh-add ~/.ssh/id_mc_fleet 2>/dev/null || true # so the dispatch ssh (mc@worker) authenticates
echo "########## $(date) — DO cloud bring-up starting ##########"
_teardown() {
echo "########## teardown: ./run dist:down ##########"
./run dist:down 2>&1 | tail -3 || true
# Reap any Packer build droplet left alive by a failed/interrupted build. Packer
# tears its builder down on a clean finish; this catches the cases it can't.
echo "########## teardown: cull orphaned packer builders ##########"
bash scripts/cull-orphan-builders.sh 2>&1 | tail -5 || true
echo "forge left UP for inspection — './run forge:down' to park it (~\$0.30/mo idle)."
}
trap _teardown EXIT
echo "=== [1/4] packer build golden image (~20-40 min) ==="
( cd infra/packer && packer init golden-image.pkr.hcl >/dev/null && \
packer build golden-image.pkr.hcl ) \
|| { echo "!!! PACKER BUILD FAILED — see above. Stopping."; exit 1; }
echo "=== [2/4] dist:up 1 worker (s-8vcpu-16gb-amd — beefy, from golden snapshot) ==="
./run dist:up 1 s-8vcpu-16gb-amd || { echo "!!! dist:up FAILED"; exit 1; }
echo " waiting 75s for worker cloud-init (key + git pull) to settle ..."
sleep 75
echo "=== [3/4] dist:test on the worker (TIMED — the DX-win proof) ==="
time ./run dist:test || echo " (dist:test returned nonzero — see output above)"
echo "=== [4/4] dist:render proof scene -> ~/Desktop/mc-do-proof.png ==="
./run dist:render res://engine/scenes/tests/city_proof.tscn "$HOME/Desktop/mc-do-proof.png" 240 \
|| echo " (render returned nonzero — try another scene from src/game/engine/scenes/tests/*_proof.tscn)"
echo "########## $(date) — bring-up done. Worker will be torn down on exit. ##########"
echo "Review: this log + ~/Desktop/mc-do-proof.png"
Reference in a new issue View git blame Copy permalink