Add railiance01 deployment artifacts and fix container image build

Introduce Dockerfile, entrypoint, and k8s/railiance manifests for the ArgoCD GitOps pilot (ISSUE-WP-0003). Rename the Gitea PyPI build arg to GITEA_PYPI_INDEX_URL so pip still resolves dependencies from PyPI.
2026-06-19 21:05:18 +02:00
parent 352a4d7969
commit 3e29bc964d
8 changed files with 461 additions and 0 deletions
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Render issue-core backends.json from environment, then start the API.
+#
+# The backend structure (host/owner/repo/default) is non-secret and supplied
+# via the BACKENDS_TEMPLATE env (a ConfigMap), with the Gitea token injected
+# from GITEA_BACKEND_TOKEN (an ExternalSecret-materialized Secret). The token
+# is never baked into the image or committed to Git.
+set -eu
+
+CONFIG_DIR="${HOME}/.config/issue-tracker"
+mkdir -p "${CONFIG_DIR}"
+
+: "${BACKENDS_TEMPLATE:?BACKENDS_TEMPLATE env is required}"
+
+# Substitute the token placeholder using python (always present in the image)
+# to avoid shell-escaping issues with the secret value.
+GITEA_BACKEND_TOKEN="${GITEA_BACKEND_TOKEN:-}" \
+BACKENDS_TEMPLATE="${BACKENDS_TEMPLATE}" \
+python - "${CONFIG_DIR}/backends.json" <<'PY'
+import json, os, sys
+tmpl = json.loads(os.environ["BACKENDS_TEMPLATE"])
+token = os.environ.get("GITEA_BACKEND_TOKEN", "")
+for cfg in tmpl.values():
+    if isinstance(cfg, dict) and cfg.get("token") == "__FROM_ENV__":
+        cfg["token"] = token
+with open(sys.argv[1], "w") as fh:
+    json.dump(tmpl, fh, indent=2)
+PY
+
+exec issue serve --host 0.0.0.0 --port 8765 --log-level "${LOG_LEVEL:-info}"