Consolidated into GITHUB_TOKEN — single PAT handles both migration
and push mirroring. GITHUB_MIRROR_INTERVAL remains as its own var.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace pipe-delimited runners.conf with INI-style sections supporting
host resolution, container images, repo-scoped tokens, resource limits,
capacity, and SSH key passthrough. All defaults pulled from .env.
- Add INI parsing helpers (ini_list_sections, ini_get, ini_set) to common.sh
- Add SSH key support (UNRAID_SSH_KEY, FEDORA_SSH_KEY) to ssh_exec/scp_to
- Add .env vars: RUNNER_DEFAULT_IMAGE, RUNNER_DEFAULT_CAPACITY,
RUNNER_DEFAULT_DATA_PATH, LOCAL_RUNNER_DATA_PATH, LOCAL_REGISTRY
- Rewrite manage_runner.sh with host/image/token resolution and resource limits
- Rewrite configure_runners.sh wizard for INI format with all 9 fields
- Update phase3 scripts to use ini_list_sections instead of pipe parsing
- Add runners.conf INI validation to preflight.sh (check 5b)
- Update templates to use resolved labels, capacity, and deploy resources
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replaces manual pipe-delimited file editing with a guided setup
script matching the configure_env.sh UX pattern.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Move 10 validation functions from configure_env.sh to lib/common.sh as
shared utilities. Define variable-to-validator mapping using parallel
arrays (bash 3.2 compatible). validate_env() checks all ~50 .env
variables against their expected format and reports all failures at once.
Wired into preflight.sh (Check 6b) and bitwarden_to_env.sh (post-restore).
configure_env.sh now sources validators from common.sh instead of
defining its own copies.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add setup/cross_host_ssh.sh to establish ed25519 SSH trust between
Unraid and Fedora (required by backup/restore scripts for direct SCP)
- Add ssh_key and authorized_key cleanup handlers to setup/cleanup.sh
- Rewrite phase8 cutover to mark GitHub repos as mirrors instead of
archiving them (archived repos reject push mirror writes), with a
JSON state snapshot of pre-cutover settings (description, homepage,
wiki, projects, Pages) for exact restoration on teardown
- Rewrite phase8 teardown to restore from state snapshot with fallback
to legacy "— was:" description parsing
- Make migration polling configurable via MIGRATION_POLL_INTERVAL_SEC
and MIGRATION_POLL_TIMEOUT_SEC in .env (was hardcoded 120s/3s)
- Fix preflight SSL validation: check SSL_MODE instead of always
requiring SSL_EMAIL, add conditional checks per SSL_MODE
- Add preflight checks 23-24: cross-host SSH connectivity
- Add --start-from range validation and cross_host_ssh.sh to run_all.sh
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- teardown_all.sh: replace `yes |` pipeline with `< <(yes)` process
substitution to avoid SIGPIPE (exit 141) false failures under pipefail
- phase6_teardown.sh: extract push mirror `.id` instead of `.remote_name`
to match the DELETE /push_mirrors/{id} API contract
- phase5_migrate_pipelines.sh: expand sed regex from `[a-z_]*` to
`[a-z_.]*` to handle nested GitHub contexts like
`github.event.pull_request.number`
- lib/common.sh: render_template now requires explicit variable list to
prevent envsubst from eating Nginx variables ($host, $proxy_add_...)
- backup scripts: remove MacBook relay, use direct Unraid↔Fedora SCP;
fix dump path to write to /data/ (mounted volume) instead of /tmp/
(container-only); add unzip -t integrity verification
- preflight.sh: add --skip-port-checks flag for resuming with
--start-from (ports already bound by earlier phases)
- run_all.sh: update run_step to pass extra args; use --skip-port-checks
when --start-from > 1
- post-checks (phase4/7/9): wrap API calls in helper functions with
>/dev/null redirection instead of passing -o /dev/null as API data
- phase8: replace GitHub archiving with [MIRROR] description marking
and disable wiki/projects/Pages (archived repos reject push mirrors)
- restore_to_primary.sh: add require_vars for Fedora SSH variables
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add minimum version validation for all dependencies across local and
remote machines (jq>=1.6, curl>=7.70, git>=2.30, docker>=20.0,
compose>=2.0, shellcheck>=0.8, gh>=2.0). Setup scripts now record
every install action to .manifests/<host>.manifest files, enabling
full rollback via setup/cleanup.sh. teardown_all.sh gains --cleanup
flag to chain prerequisite removal after phase teardowns.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- lib/common.sh: add require_local_os, require_remote_os, require_remote_pkg_manager
- setup/macbook.sh: require macOS (Darwin)
- setup/unraid.sh: require remote is Linux
- setup/fedora.sh: require remote is Linux + has dnf (RPM-based)
- manage_runner.sh: native runner add/remove requires macOS
- run_all.sh: control plane must be macOS
- preflight.sh: 3 new checks (1: local=macOS, 2: Unraid=Linux, 3: Fedora=Linux+dnf)
- phase5_migrate_pipelines.sh: fix sed -i to be portable (no macOS-only syntax)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
