From f775685cd2a4a3920a59d4f55971a02aa5f8ddd8 Mon Sep 17 00:00:00 2001 From: Micha Date: Tue, 23 Jun 2026 21:06:02 +0200 Subject: [PATCH] Healthchecks heartbeats for compose-drift, komodo-hygiene, daily-report Add endpoint-agnostic Healthchecks pings to the three remaining scheduled host-audit jobs via an EXIT-trap merge (start + success/fail), so the body of each script (incl. the 1400-line daily-status-report) stays untouched. Exit 0/1/2 = ran (ok/warning/critical); only rc>2 pings /fail. Capability URLs come from per-job host secret files (healthchecks__url), never in the repo. bash -n verified. Co-Authored-By: Claude Opus 4.8 --- services/posture-check/compose-runtime-drift.sh | 7 ++++++- services/posture-check/daily-status-report.sh | 7 ++++++- services/posture-check/komodo-stack-hygiene.sh | 7 ++++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/services/posture-check/compose-runtime-drift.sh b/services/posture-check/compose-runtime-drift.sh index c4b31d5..c156f7d 100755 --- a/services/posture-check/compose-runtime-drift.sh +++ b/services/posture-check/compose-runtime-drift.sh @@ -11,7 +11,12 @@ TMP_DIR="${TMP_DIR:-/tmp/kallilab-compose-runtime-drift}" mkdir -p "$TMP_DIR" RESULTS_FILE="$TMP_DIR/results.$$" : > "$RESULTS_FILE" -trap 'rm -f "$RESULTS_FILE"' EXIT +# Healthchecks Heartbeat (endpoint-agnostisch; Capability-URL ist ein Secret, nie ins Repo) +HC_URL_FILE="${HC_URL_FILE:-/mnt/user/appdata/secrets/healthchecks_compose_drift_url}" +hc_url=""; [ -r "$HC_URL_FILE" ] && hc_url="$(tr -d '[:space:]' < "$HC_URL_FILE")" +hc_ping() { [ -n "$hc_url" ] || return 0; curl -fsS -m 10 --retry 3 "${hc_url}${1:-}" >/dev/null 2>&1 || true; } +trap 'hc_rc=$?; rm -f "$RESULTS_FILE"; [ "$hc_rc" -le 2 ] && hc_ping "" || hc_ping "/fail"' EXIT +hc_ping "/start" json_escape() { sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/\t/\\t/g' diff --git a/services/posture-check/daily-status-report.sh b/services/posture-check/daily-status-report.sh index 55601be..ff36017 100755 --- a/services/posture-check/daily-status-report.sh +++ b/services/posture-check/daily-status-report.sh @@ -55,7 +55,12 @@ SECTION_ERRORS_FILE="$TMP_DIR/section-errors.log" cleanup() { rm -rf "$TMP_DIR" } -trap cleanup EXIT +# Healthchecks Heartbeat (endpoint-agnostisch; Capability-URL ist ein Secret, nie ins Repo) +HC_URL_FILE="${HC_URL_FILE:-/mnt/user/appdata/secrets/healthchecks_daily_report_url}" +hc_url=""; [ -r "$HC_URL_FILE" ] && hc_url="$(tr -d '[:space:]' < "$HC_URL_FILE")" +hc_ping() { [ -n "$hc_url" ] || return 0; curl -fsS -m 10 --retry 3 "${hc_url}${1:-}" >/dev/null 2>&1 || true; } +trap 'hc_rc=$?; cleanup; [ "$hc_rc" -le 2 ] && hc_ping "" || hc_ping "/fail"' EXIT +hc_ping "/start" append() { printf '%s\n' "$*" >> "$BODY_PATH" diff --git a/services/posture-check/komodo-stack-hygiene.sh b/services/posture-check/komodo-stack-hygiene.sh index 271b37e..03c448a 100644 --- a/services/posture-check/komodo-stack-hygiene.sh +++ b/services/posture-check/komodo-stack-hygiene.sh @@ -33,7 +33,12 @@ mkdir -p "$TMP_DIR" RESULTS_FILE="$TMP_DIR/results.$$" STACKS_FILE="$TMP_DIR/stacks.$$.json" : > "$RESULTS_FILE" -trap 'rm -f "$RESULTS_FILE" "$STACKS_FILE"' EXIT +# Healthchecks Heartbeat (endpoint-agnostisch; Capability-URL ist ein Secret, nie ins Repo) +HC_URL_FILE="${HC_URL_FILE:-/mnt/user/appdata/secrets/healthchecks_komodo_hygiene_url}" +hc_url=""; [ -r "$HC_URL_FILE" ] && hc_url="$(tr -d '[:space:]' < "$HC_URL_FILE")" +hc_ping() { [ -n "$hc_url" ] || return 0; curl -fsS -m 10 --retry 3 "${hc_url}${1:-}" >/dev/null 2>&1 || true; } +trap 'hc_rc=$?; rm -f "$RESULTS_FILE" "$STACKS_FILE"; [ "$hc_rc" -le 2 ] && hc_ping "" || hc_ping "/fail"' EXIT +hc_ping "/start" json_escape() { sed -e 's/\\/\\\\/g' -e 's/"/\\"/g' -e 's/\t/\\t/g'