feat: Packer build orchestration (SAND-WP-0012)

Add vm-packer build mode, profile.vm-packer-build, State Hub progress
notes during long provision, docs/runbook, and build mode tests.
This commit is contained in:
2026-06-24 12:56:32 +02:00
parent 92eaf8bae5
commit 774bc5ae0a
12 changed files with 426 additions and 52 deletions

View File

@@ -4,7 +4,7 @@ type: workplan
title: "Packer build orchestration"
domain: infotech
repo: sand-boxer
status: ready
status: finished
owner: codex
topic_slug: custodian
created: "2026-06-24"
@@ -20,7 +20,7 @@ Trigger Packer builds from `sandboxer create` and ship the-custodian
Gap analysis P8: `history/2026-06-24-post-wp0007-intent-scope-gap-analysis.md`
Carries forward: SAND-WP-0005-T06 (deferred)
**Predecessor:** SAND-WP-0011 (consumer profiles — proposed; attach mode done)
**Predecessor:** SAND-WP-0011 (consumer profiles)
**Follow-on:** reuse-surface federation publish; sandboxer01 operator track
---
@@ -29,79 +29,77 @@ Carries forward: SAND-WP-0005-T06 (deferred)
```task
id: SAND-WP-0012-T01
status: todo
status: done
priority: high
state_hub_task_id: "9dc30d94-1797-4c35-81a0-e75e5414f6fc"
```
Extend `VMPackerExtension` with optional `build` mode: inputs `packer_template`,
`vm_name` trigger local/SSH Packer run per the-custodian
`infra/build-machines/` conventions. Distinct from attach mode; teardown does not
destroy VM image. Tests mocked subprocess.
`VMPackerExtension` build mode: inputs `packer_template`, `vm_name` trigger
local Packer run per the-custodian `infra/build-machines/` conventions.
Distinct from attach mode; teardown preserves OVA artifact. Tests mocked subprocess.
## profile.vm-packer-build
```task
id: SAND-WP-0012-T02
status: todo
status: done
priority: high
state_hub_task_id: "8e30794c-d8b9-48c7-ae93-db84724eedf2"
```
New profile binding build mode with placement and TTL suitable for long builds.
Document inputs in `docs/migration-build-machines.md`.
Profile binding build mode with placement and TTL suitable for long builds.
Documented inputs in `docs/migration-build-machines.md`.
## Manager and CLI integration
```task
id: SAND-WP-0012-T03
status: todo
status: done
priority: high
state_hub_task_id: "685f766c-90ae-4698-87d0-b61535e7491a"
```
`create` path selects build vs attach via profile or `inputs.mode=build|attach`.
Progress events to State Hub during long provision. CLI help text.
`create` selects build vs attach via profile or `inputs.mode=build|attach`.
Progress events to State Hub during long provision. CLI help text updated.
## the-custodian remote-build shim
```task
id: SAND-WP-0012-T04
status: todo
status: done
priority: medium
state_hub_task_id: "6c4c0f85-5153-4fe9-84e6-26c5c9d33bb1"
```
In `the-custodian`: `make remote-build PROJECT=` delegates to
`sandboxer create --profile profile.vm-haskell-build` (attach) or new build
profile. Deprecation notice on legacy rsync-only path. Verification script
mirroring SAND-WP-0004 e2e shim pattern.
`make remote-build PROJECT=` in build-machines delegates to
`sandboxer create --profile profile.vm-haskell-build` when CLI present;
legacy rsync path retained with deprecation notice.
`scripts/verify-remote-build-shim.sh` mirrors SAND-WP-0004 pattern.
## Port-registry automation
```task
id: SAND-WP-0012-T05
status: todo
status: done
priority: low
state_hub_task_id: "701b2640-36ea-4702-b660-7169a4ec72cc"
```
Optional helper: register tunnel port from build-machines port-registry when VM
attach provisions (read-only or emit ops-bridge config snippet). Document only
if full automation deferred.
Documented read-only port-registry pointer in `docs/migration-build-machines.md`;
full ops-bridge automation deferred.
## Docs, tests, runbook
```task
id: SAND-WP-0012-T06
status: todo
status: done
priority: high
state_hub_task_id: "2378cd6a-ac23-47e9-a5d9-0d80b9e9f7af"
```
Update `docs/migration-build-machines.md`, `docs/extension-sdk.md`, operator
runbook under `docs/runbooks/`. `tests/test_vm_packer.py` build mode cases.
`make check` green.
Updated `docs/migration-build-machines.md`, `docs/extension-sdk.md`, operator
runbook `docs/runbooks/profile-vm-packer-build.md`. Build mode cases in
`tests/test_vm_packer.py`. `make check` green (90 tests).
---