didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Unify identity/provisioned_key into key block #235

Merged
didericis merged 5 commits from refactor-key-block into main 2026-06-19 18:31:10 -04:00
Conversation 7 Commits 5 Files Changed 11
+218 -173
didericis-claude commented 2026-06-19 18:02:11 -04:00
Collaborator
Copy Link
Copy Source

Summary

  • Replaces the two mutually-exclusive identity and provisioned_key repo keys with a single required key block
  • key.provider is "static" (host SSH key at key.path) or "gitea" (deploy-key lifecycle; key.provisioner_token replaces token_env)
  • Unknown providers are rejected at parse time with an explicit error listing allowed values
  • All existing deploy-key provisioner logic is preserved; git_gate.py routes on entry.Key.provider == "gitea" instead of entry.ProvisionedKey is not None
  • ManifestProvisionedKeyConfig renamed to ManifestKeyConfig; re-exported from bot_bottle.manifest
  • 1001 tests pass
## Summary - Replaces the two mutually-exclusive `identity` and `provisioned_key` repo keys with a single required `key` block - `key.provider` is `"static"` (host SSH key at `key.path`) or `"gitea"` (deploy-key lifecycle; `key.provisioner_token` replaces `token_env`) - Unknown providers are rejected at parse time with an explicit error listing allowed values - All existing deploy-key provisioner logic is preserved; `git_gate.py` routes on `entry.Key.provider == "gitea"` instead of `entry.ProvisionedKey is not None` - `ManifestProvisionedKeyConfig` renamed to `ManifestKeyConfig`; re-exported from `bot_bottle.manifest` - 1001 tests pass
didericis-claude added 1 commit 2026-06-19 18:02:12 -04:00
refactor: unify identity/provisioned_key into key block
lint / lint (push) Failing after 1m45s
Details
test / unit (pull_request) Successful in 35s
Details
test / integration (pull_request) Successful in 17s
Details
1a8718ca9d 
Replace the two mutually-exclusive repo keys (identity and
provisioned_key) with a single required key block. key.provider
is "static" (path to host SSH key) or "gitea" (deploy-key lifecycle
via provisioner_token env var, replacing token_env).

Internal fields: ManifestProvisionedKeyConfig → ManifestKeyConfig;
ProvisionedKey field removed from ManifestGitEntry; Key field added.
git_gate.py checks entry.Key.provider == "gitea" instead of
entry.ProvisionedKey is not None.
didericis added 1 commit 2026-06-19 18:10:06 -04:00
fix: remove unused Optional import flagged by pyright
lint / lint (push) Successful in 1m33s
Details
test / unit (pull_request) Successful in 30s
Details
test / integration (pull_request) Successful in 17s
Details
5da4d05bf2
didericis reviewed 2026-06-19 18:10:45 -04:00
bot_bottle/git_gate.py Outdated
@@ -473,3 +472,3 @@
upstreams_list = list(git_gate_upstreams_for_bottle(bottle))
for i, entry in enumerate(bottle.git):
if entry.ProvisionedKey is not None:
if entry.Key.provider == "gitea":
didericis commented 2026-06-19 18:10:45 -04:00
Owner
Copy Link
Copy Source

this should be in a resolve_identity_file method

this should be in a `resolve_identity_file` method
didericis marked this conversation as resolved
didericis added 1 commit 2026-06-19 18:14:23 -04:00
refactor: extract _resolve_identity_file from prepare loop
lint / lint (push) Successful in 1m33s
Details
test / unit (pull_request) Successful in 31s
Details
test / integration (pull_request) Successful in 16s
Details
6f0e5b4589
didericis-claude reviewed 2026-06-19 18:14:31 -04:00
didericis-claude left a comment
Author
Collaborator
Copy Link
Copy Source

Done — extracted _resolve_identity_file(entry, slug, stage_dir) which returns entry.IdentityFile for static and calls _provision_dynamic_key for gitea. The prepare loop now unconditionally replaces identity_file via the helper. 6f0e5b4589

Done — extracted `_resolve_identity_file(entry, slug, stage_dir)` which returns `entry.IdentityFile` for static and calls `_provision_dynamic_key` for gitea. The prepare loop now unconditionally replaces `identity_file` via the helper. 6f0e5b458949a204bc0e915e51b63f5ed0092aaf
didericis-claude commented 2026-06-19 18:14:44 -04:00
Author
Collaborator
Copy Link
Copy Source

6f0e5b4 — extracted _resolve_identity_file(entry, slug, stage_dir) which returns entry.IdentityFile for static and calls _provision_dynamic_key for gitea. The prepare loop now unconditionally replaces identity_file through the helper, removing the inline conditional entirely.

6f0e5b4 — extracted `_resolve_identity_file(entry, slug, stage_dir)` which returns `entry.IdentityFile` for static and calls `_provision_dynamic_key` for gitea. The prepare loop now unconditionally replaces `identity_file` through the helper, removing the inline conditional entirely.
didericis reviewed 2026-06-19 18:20:09 -04:00
bot_bottle/manifest_git.py Outdated
@@ -218,0 +195,4 @@
f"allowed: {', '.join(sorted(_KEY_PROVIDERS))}"
)
if provider == "static":
didericis commented 2026-06-19 18:20:09 -04:00
Owner
Copy Link
Copy Source

static should be the default provider, not gitea

static should be the default provider, not gitea
didericis marked this conversation as resolved
didericis added 1 commit 2026-06-19 18:21:47 -04:00
rename: provisioner_token -> forge_token_env
lint / lint (push) Successful in 2m6s
Details
test / unit (pull_request) Successful in 30s
Details
test / integration (pull_request) Successful in 17s
Details
f00c567469
didericis added 1 commit 2026-06-19 18:25:26 -04:00
refactor: make static the default branch in _parse_key_config
test / unit (pull_request) Successful in 29s
Details
test / integration (pull_request) Successful in 16s
Details
lint / lint (push) Successful in 1m31s
Details
test / unit (push) Successful in 28s
Details
test / integration (push) Successful in 15s
Details
Update Quality Badges / update-badges (push) Successful in 1m10s
Details
7a124d7d25
didericis-claude commented 2026-06-19 18:25:31 -04:00
Author
Collaborator
Copy Link
Copy Source

7a124d7 — flipped the branches: gitea is now the explicit if, static falls through as the default.

7a124d7 — flipped the branches: `gitea` is now the explicit `if`, `static` falls through as the default.
didericis approved these changes 2026-06-19 18:29:17 -04:00
didericis commented 2026-06-19 18:29:43 -04:00
Owner
Copy Link
Copy Source

Identity provider abstraction is a bit sloppy/could be tightened up a bit, but good enough for now.

Identity provider abstraction is a bit sloppy/could be tightened up a bit, but good enough for now.
didericis merged commit 7a124d7d25 into main 2026-06-19 18:31:10 -04:00
didericis deleted branch refactor-key-block 2026-06-19 18:31:11 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
didericis
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#235
Delete Branch "refactor-key-block"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?