eeymoo/claw-code
1
0
Fork 0
mirror of https://github.com/instructkr/claw-code.git synced 2026-05-18 21:41:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
dbb14231644b9b6bdb37e1be17b9baed26d6cef8
claw-code/scripts/dogfood-build.sh
YeonGyu-Kim dbb1423164 fix(scripts): inject GIT_SHA in dogfood-build.sh so provenance check passes 
cargo build without GIT_SHA env var → option_env!("GIT_SHA") = None
→ version JSON returns git_sha:null → dogfood-build.sh fails its own
provenance check every time.

Fix: pass GIT_SHA=$(git rev-parse --short HEAD) to cargo build.
The script now:
  1. Sets GIT_SHA to current HEAD before cargo build
  2. Reads git_sha from the built binary
  3. Compares against HEAD — fails if still null or mismatched

Also adds latency note: cargo run = ~1s overhead/invocation vs 7ms
for pre-built binary; pre-built is recommended for dogfood loops.

Closes the broken provenance check introduced in the initial
dogfood-build.sh commit.
2026-05-05 06:34:29 +09:00

47 lines
1.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# dogfood-build.sh — Build claw from current checkout and verify provenance.
# Injects GIT_SHA at build time so version JSON is non-null.
# Usage: bash scripts/dogfood-build.sh
# On success: prints the verified binary path. Use as:
# CLAW=$(bash scripts/dogfood-build.sh) && $CLAW version --output-format json
set -euo pipefail
REPO_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
RUST_DIR="$REPO_ROOT/rust"
BINARY="$RUST_DIR/target/debug/claw"
EXPECTED_SHA="$(git -C "$REPO_ROOT" rev-parse --short HEAD)"
echo "▶ Building claw from $REPO_ROOT ($(git -C "$REPO_ROOT" log --oneline -1))..." >&2
# Inject GIT_SHA so that version --output-format json returns a non-null sha.
# Without this, option_env!("GIT_SHA") in main.rs always yields None → null.
GIT_SHA="$EXPECTED_SHA" cargo build \
--manifest-path "$RUST_DIR/Cargo.toml" \
-p rusty-claude-cli -q
if [[ ! -x "$BINARY" ]]; then
echo "✗ Build succeeded but binary not found at $BINARY" >&2
exit 1
fi
BINARY_SHA=$("$BINARY" version --output-format json 2>/dev/null \
| python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('git_sha') or 'null')" 2>/dev/null \
|| echo "null")
if [[ "$BINARY_SHA" == "null" || -z "$BINARY_SHA" ]]; then
echo "✗ Provenance check failed: binary reports git_sha: null" >&2
echo " Ensure GIT_SHA is passed to cargo build (this script does it automatically)." >&2
echo " Binary: $BINARY" >&2
exit 1
fi
if [[ "$BINARY_SHA" != "$EXPECTED_SHA" ]]; then
echo "✗ Provenance mismatch: binary=$BINARY_SHA, HEAD=$EXPECTED_SHA" >&2
echo " Rerun after 'git pull' or check for uncommitted changes." >&2
exit 1
fi
echo "✓ Binary verified: $BINARY_SHA == HEAD ($EXPECTED_SHA)" >&2
echo " cargo run alternative: ~1s overhead per invocation (vs 7ms for pre-built)" >&2
echo " To dogfood: export CLAW=$BINARY" >&2
echo "$BINARY"
Reference in New Issue View Git Blame Copy Permalink