anti
8fb9bc5545
Plant / revoke / seed_baseline using the same docker-exec-with-sh-c pattern proven by decnet/orchestrator/drivers/ssh.py:_run_file. Each plant call composes a single sh script: mkdir -p <dirname> && printf %s <base64> | base64 -d > <path> && chmod <mode> <path> && touch -d @<mtime> <path> Base64-on-the-host / decode-in-the-container keeps binary artifacts (DOCX/PDF/PNG) safe across the argv boundary; the placement_path, mode, and mtime are shlex-quoted. State transitions hit the repo: planted -> failed on docker error with stderr captured into last_error. Bus events fire on success (canary.<id>.placed) and on revoke (canary.<id>.revoked) — wrapped in try/except so a downed bus never blocks a placement. seed_baseline(decky_name, repo) is the deploy-hook entry point — reads DECNET_CANARY_BASELINE (default git_config,env_file,honeydoc, aws_creds), persists one row per generator, plants each. Failed placements are logged but do NOT abort; the deployer hook treats the return list as informational.
8.5 KiB
8.5 KiB