日常更新

scripts/offline-check.sh

@@ -0,0 +1,70 @@
+#!/usr/bin/env bash
+# 离线「全量」自检：与 CI 同源（verify 清单校验）+
+# 对关键 playbook 执行 ansible-playbook --syntax-check。
+# 不连接集群、不执行 kubectl；真机验收仍用 ./ansible/bin/verify.sh full。
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+# shellcheck disable=SC1091
+source "${ROOT}/ansible/lib/lib-ansible-lab.sh"
+ansible_lab_export_config
+
+INV="${ANSIBLE_INVENTORY:-${ROOT}/ansible/inventory.ini}"
+
+need_cmd() {
+  if ! command -v "$1" >/dev/null 2>&1; then
+    echo "[ERR] 未找到命令：$1" >&2
+    exit 1
+  fi
+}
+
+echo "########################################## 1/3 docs 链接门禁（R3：禁止 ../，白名单需到期）"
+need_cmd python3
+python3 "${ROOT}/ansible/tools/check_docs_no_parent_links.py"
+
+echo ""
+echo "########################################## 2/3 verify playbook ↔ docs 文件存在性"
+python3 "${ROOT}/ansible/tools/validate_matrix_playbooks.py"
+
+echo ""
+echo "########################################## 3/3 Ansible syntax-check（verify playbook）"
+need_cmd ansible-playbook
+[[ -f "$INV" ]] || {
+  echo "[ERR] inventory 不存在：$INV（syntax-check 仍需 -i）" >&2
+  exit 1
+}
+
+mapfile -t PBS < <(
+  ROOT="${ROOT}" python3 -c "
+import os
+from pathlib import Path
+
+root = Path(os.environ['ROOT'])
+pbs = []
+
+for p in sorted((root / 'ansible' / 'playbooks' / 'verify').glob('*.yml')):
+    if p.name.startswith('_'):
+        continue
+    pbs.append(p.relative_to(root).as_posix())
+
+seen = set()
+for rel in pbs:
+    if rel in seen:
+        continue
+    seen.add(rel)
+    print(rel)
+"
+)
+
+n=${#PBS[@]}
+i=0
+for rel in "${PBS[@]}"; do
+  i=$((i + 1))
+  pb="${ROOT}/${rel}"
+  echo "[$i/$n] -- $rel"
+  ansible-playbook -i "$INV" "$pb" --syntax-check
+done
+
+echo ""
+echo "[OK] 全量离线检查通过（${n} 条 playbook syntax-check）"
+