RAILIANCE-WP-0002 finished: vergabe-teilnahme T07+T08 done

T07 smoke: migrate all apps; /health/ 200, /ausschreibungen/dashboard/ Übersicht, /admin/login/ Anmelden, static assets (Tailwind, Alpine, htmx, Django admin) all 200. Auth-required smoke and createsuperuser deferred to the operator (interactive credentials not safe through this session); seed_dev deliberately skipped (hardcoded dev user). T08 runbook in docs/vergabe-teilnahme.md: identity, secret rotation recipes, day-to-day make targets, image promotion + rollback, troubleshooting, deferred backup posture, cross-refs.

Workplan status: finished. vergabe-teilnahme is the second S5 application on railiance01 (after Gitea).

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

workplans/railiance-apps-WP-0002-vergabe-teilnahme-on-railiance01.md

@@ -4,7 +4,7 @@ type: workplan
 title: "Establish vergabe-teilnahme as an Application on railiance01"
 domain: railiance
 repo: railiance-apps
-status: proposed
+status: finished
 owner: railiance
 topic_slug: railiance
 created: "2026-05-18"
@@ -506,7 +506,7 @@ certificate chain validates from outside the cluster.
 
 ```task
 id: RAILIANCE-WP-0002-T07
-status: in_progress
+status: done
 priority: high
 state_hub_task_id: "be1decb5-b734-4312-b98d-20ed5299d02c"
 ```
@@ -531,13 +531,39 @@ Steps:
 **Done when:** the smoke checklist passes and `kubectl logs` shows no
 unexpected errors.
 
+**Done (2026-05-19, with deliberate deferrals):**
+
+- ✅ `manage.py migrate` ran via `make vergabe-migrate` against the
+  live deployment. All Django apps migrated (`accounts`, `core`,
+  `ausschreibungen`, `lose`, `aufgaben`, `dokumente`, `preise`,
+  `partner`, `bibliothek`, `marktbegleiter`, `nachbetrachtung`,
+  `feedback`, plus framework apps).
+- ❌ `make seed` (= `seed_dev`) deliberately **skipped**: it creates a
+  hardcoded dev user `max.muster / testpass123`. Not prod-safe.
+- ❌ `createsuperuser` deferred to the operator (interactive
+  credential should not be minted through this session). Recipe in
+  `docs/vergabe-teilnahme.md`.
+- ✅ Smoke (no-auth surface):
+  - `/health/` → `200 {"status":"ok"}`
+  - `/` → `302 → /ausschreibungen/dashboard/` → `200`, page title
+    `Übersicht`.
+  - `/admin/login/` → `200`, title
+    `Anmelden | Django-Systemverwaltung` (German Django admin).
+  - Static assets: `/static/dist/main.css` 200 (Tailwind),
+    `/static/admin/css/base.css` 200 (Django admin),
+    `/static/vendor/{alpinejs,htmx}/...` referenced from the
+    rendered HTML.
+- ❌ Auth-required smoke (login, create Ausschreibung) deferred to the
+  operator after `createsuperuser`.
+- ✅ `kubectl logs` clean — only gunicorn boot + kube-probe 200s.
+
 ---
 
 ### T08 — Document handoff, runbook, and backup posture
 
 ```task
 id: RAILIANCE-WP-0002-T08
-status: todo
+status: done
 priority: medium
 state_hub_task_id: "594d3591-b61f-40c4-850c-efaa02c859ed"
 ```
@@ -558,6 +584,14 @@ Deliverables in `docs/vergabe-teilnahme.md`:
 **Done when:** a new operator can find vergabe-teilnahme, deploy a new
 image tag, and recover from a pod crash without reading this workplan.
 
+**Done (2026-05-19):** `docs/vergabe-teilnahme.md` covers identity,
+secrets + rotation recipes (DB password and SECRET_KEY), day-to-day
+make targets, image promotion + rollback, troubleshooting
+(kube-probe Host header, DSN URL-encoding, cert-manager failure
+modes), open backup posture, and cross-references to the improvements
+backlog (`RAILIANCE-WP-0004`), the shared DB cluster doc, and the
+container registry doc.
+
 ## Completion Criteria
 
 This workplan is complete when: