coulomb/railiance-apps
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Harden inter-hub production deploy trigger

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-15 22:44:13 +02:00
parent 088bc35342
commit 6abf75365b
6 changed files with 380 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
workplans/RAILIANCE-WP-0011-inter-hub-production-trigger-hardening.md Normal file
View File

@@ -0,0 +1,87 @@
---
id: RAILIANCE-WP-0011
type: workplan
title: "Inter-Hub production trigger hardening"
domain: railiance
repo: railiance-apps
status: finished
owner: codex
topic_slug: railiance
created: "2026-06-15"
updated: "2026-06-15"
state_hub_workstream_id: "98cf42ae-9b64-4736-97e1-bae325ded1f9"
---
# Inter-Hub production trigger hardening
## Goal
Turn the local Inter-Hub deploy surface into a safe production trigger for
Railiance01. The trigger must refuse missing images before Helm, use the
current Inter-Hub v2 API smoke contract, and expose a manual workflow path that
has the same gates as an attended local operator deploy.
## Add OCI Image Preflight
```task
id: RAILIANCE-WP-0011-T01
status: done
priority: high
state_hub_task_id: "10e27372-fb8b-40ac-b1f8-1c2c78fea0da"
```
Add a reusable image manifest preflight for
`gitea.coulomb.social/coulomb/inter-hub:<tag>` and wire production deploys to
fail before Helm when the requested tag is absent or inaccessible.
## Split Baseline Render From Production Dry-Run
```task
id: RAILIANCE-WP-0011-T02
status: done
priority: high
state_hub_task_id: "c48320db-9ed7-4792-89a6-f55691919891"
```
Keep a baseline render target for chart validation with checked-in values, but
make production-facing Inter-Hub dry-runs require an explicit
`INTER_HUB_IMAGE_TAG`.
## Update Inter-Hub Smoke Contract
```task
id: RAILIANCE-WP-0011-T03
status: done
priority: high
state_hub_task_id: "b3260f7a-6dcb-4bb4-ae53-bf81c0081e86"
```
Update `inter-hub-smoke` to match the current public-read/authenticated-write
contract: `/api/v2/hubs` returns public discovery, protected resources reject
anonymous access, and OpenAPI is served from `/api/v2/openapi.json`.
## Add Manual Production Deploy Workflow
```task
id: RAILIANCE-WP-0011-T04
status: done
priority: high
state_hub_task_id: "32ca0b17-fb7c-4cd5-a846-ff92933daf89"
```
Add a `workflow_dispatch` Gitea Actions workflow that requires an immutable
image tag and confirmation text, verifies the image manifest, runs Helm
server-side dry-run, deploys, shows status, and runs smoke checks.
## Update Runbook And Closure Evidence
```task
id: RAILIANCE-WP-0011-T05
status: done
priority: medium
state_hub_task_id: "0369b47a-09f0-4780-9c91-556049a0d505"
```
Document the local and workflow production paths, failure classification for a
missing image tag, current smoke expectations, and validation evidence for the
implemented deploy surface.