feat(WP-0004): railiance deployment & service ops

- Dockerfile (multi-stage, uv-based, slim runtime) - .dockerignore - docker-compose.railiance.yml (Temporal + NATS + PG, no Elasticsearch) - GET /health endpoint (db + temporal probes, 200/503) - .env.example (complete env var reference) - Makefile: migrate, sync-all, dev-up/down, railiance-up/down, start-worker, start-api, start-event-router, help targets; extracted sync-event-types Python to scripts/sync_event_types.py - SIGTERM graceful shutdown in worker.py and event_router.py - docs/runbook.md: Railiance deployment section Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 00:04:39 +02:00
parent 987cf5a75c
commit 2a8e6cfe7f
11 changed files with 830 additions and 25 deletions
--- a/.env.example
+++ b/.env.example
@@ -0,0 +1,43 @@
+# ── Required ──────────────────────────────────────────────────────────────────
+# PostgreSQL connection string for activity-core application data.
+ACTCORE_DB_URL=postgresql+asyncpg://actcore:actcore@app-db:5432/actcore
+
+# ── Temporal ──────────────────────────────────────────────────────────────────
+# Temporal frontend gRPC address.
+TEMPORAL_HOST=temporal:7233
+# Temporal namespace (must exist before workers start).
+TEMPORAL_NAMESPACE=default
+
+# ── NATS ──────────────────────────────────────────────────────────────────────
+# NATS server URL. JetStream must be enabled (-js flag).
+NATS_URL=nats://nats:4222
+
+# ── Service integrations (gracefully degraded if unavailable) ─────────────────
+# State Hub — used by the state-hub context adapter. Binds {} on failure.
+STATE_HUB_URL=http://127.0.0.1:8000
+# Repo scoping — used by the repo-scoping context adapter. Binds {} on failure.
+REPO_SCOPING_URL=http://127.0.0.1:8020
+# Issue Core — task emission backend.
+ISSUE_CORE_URL=http://127.0.0.1:8010
+# Sink type: 'rest' (POST to issue-core) or 'null' (discard, for dry-run).
+ISSUE_SINK_TYPE=rest
+
+# ── Activity definitions ───────────────────────────────────────────────────────
+# Colon-separated paths to additional activity-definitions/ directories.
+# The local activity-definitions/ directory is always scanned.
+ACTIVITY_DEFINITION_DIRS=
+
+# ── Observability ─────────────────────────────────────────────────────────────
+# Prometheus metrics bind address (Temporal SDK metrics).
+PROMETHEUS_BIND_ADDR=0.0.0.0:9090
+
+# ── Security (webhook receiver) ───────────────────────────────────────────────
+# HMAC-SHA256 secret for Gitea webhook signature validation.
+WEBHOOK_SECRET_GITEA=
+# HMAC-SHA256 secret for GitHub webhook signature validation.
+WEBHOOK_SECRET_GITHUB=
+
+# ── Curator gate ──────────────────────────────────────────────────────────────
+# 'disabled': accepts active + pending event types (pending logged as warning).
+# 'required': only active event types accepted; pending events are discarded.
+ACTIVITY_CURATOR_GATE=disabled