This patch makes the CAPI Scaleway Apple Silicon provider more resilient when adopting and bootstrapping hosts.
- Fixed handling of the
<sealed>placeholder that the Scaleway API can return forsudo_passwordorvnc_urlwhile macOS is sealing the auto-login credential. The provider now treats<sealed>as a missing password instead of passing it tosudo, which prevents them1account from being locked by PAM. Existing secrets that contain the marker are also re-fetched on the next reconcile. - Added tiered recovery for hosts stuck in
BootstrapFailed. After 3 consecutive failures (configurable via--bootstrap-reboot-after), the provider issues a one-time Scaleway reboot to clear volatile state. After 8 failures (configurable via--bootstrap-max-attempts), it returns the host to the adopt pool so Scaleway reinstalls it and a different machine is adopted. Set either threshold to 0 to disable that tier.
Docker image: ghcr.io/tuist/capi-provider-scaleway-applesilicon:0.7.1