--- id: RAILIANCE-WP-0011 type: workplan title: "Inter-Hub production trigger hardening" domain: railiance repo: railiance-apps status: finished owner: codex topic_slug: railiance created: "2026-06-15" updated: "2026-06-15" state_hub_workstream_id: "98cf42ae-9b64-4736-97e1-bae325ded1f9" --- # Inter-Hub production trigger hardening ## Goal Turn the local Inter-Hub deploy surface into a safe production trigger for Railiance01. The trigger must refuse missing images before Helm, use the current Inter-Hub v2 API smoke contract, and expose a manual workflow path that has the same gates as an attended local operator deploy. ## Add OCI Image Preflight ```task id: RAILIANCE-WP-0011-T01 status: done priority: high state_hub_task_id: "10e27372-fb8b-40ac-b1f8-1c2c78fea0da" ``` Add a reusable image manifest preflight for `gitea.coulomb.social/coulomb/inter-hub:` and wire production deploys to fail before Helm when the requested tag is absent or inaccessible. ## Split Baseline Render From Production Dry-Run ```task id: RAILIANCE-WP-0011-T02 status: done priority: high state_hub_task_id: "c48320db-9ed7-4792-89a6-f55691919891" ``` Keep a baseline render target for chart validation with checked-in values, but make production-facing Inter-Hub dry-runs require an explicit `INTER_HUB_IMAGE_TAG`. ## Update Inter-Hub Smoke Contract ```task id: RAILIANCE-WP-0011-T03 status: done priority: high state_hub_task_id: "b3260f7a-6dcb-4bb4-ae53-bf81c0081e86" ``` Update `inter-hub-smoke` to match the current public-read/authenticated-write contract: `/api/v2/hubs` returns public discovery, protected resources reject anonymous access, and OpenAPI is served from `/api/v2/openapi.json`. ## Add Manual Production Deploy Workflow ```task id: RAILIANCE-WP-0011-T04 status: done priority: high state_hub_task_id: "32ca0b17-fb7c-4cd5-a846-ff92933daf89" ``` Add a `workflow_dispatch` Gitea Actions workflow that requires an immutable image tag and confirmation text, verifies the image manifest, runs Helm server-side dry-run, deploys, shows status, and runs smoke checks. ## Update Runbook And Closure Evidence ```task id: RAILIANCE-WP-0011-T05 status: done priority: medium state_hub_task_id: "0369b47a-09f0-4780-9c91-556049a0d505" ``` Document the local and workflow production paths, failure classification for a missing image tag, current smoke expectations, and validation evidence for the implemented deploy surface.