generated from coulomb/repo-seed
seeded repo
This commit is contained in:
102
docs/current-forge-asset-inventory.md
Normal file
102
docs/current-forge-asset-inventory.md
Normal file
@@ -0,0 +1,102 @@
|
||||
# Current Forge Asset Inventory
|
||||
|
||||
Date: 2026-06-05
|
||||
|
||||
This inventory covers forge-related assets currently visible in
|
||||
`/home/worsch/railiance-apps`. It supports `FORGE-WP-0001-T03` and the
|
||||
coordinating `RAILIANCE-WP-0006` extraction plan.
|
||||
|
||||
No files have been moved yet. This document assigns each candidate asset a
|
||||
target disposition for the first migration plan.
|
||||
|
||||
## Summary
|
||||
|
||||
| Disposition | Meaning |
|
||||
|-------------|---------|
|
||||
| Move | Canonical file should move to `railiance-forge`. |
|
||||
| Copy pointer | Copy canonical content to `railiance-forge`, leave a short pointer in `railiance-apps` temporarily. |
|
||||
| Leave | Keep in `railiance-apps`; it is S5 app-release surface. |
|
||||
| Adapt | Keep local behavior, but update references after forge extraction. |
|
||||
| Supersede | Historical or transitional content should be replaced by new forge-owned docs/workplans. |
|
||||
|
||||
## Move To `railiance-forge`
|
||||
|
||||
| Asset | Current role | Target disposition | Notes |
|
||||
|-------|--------------|--------------------|-------|
|
||||
| `helm/gitea-values.sops.yaml` | SOPS-encrypted Gitea Helm values. | Move | Must preserve secret boundary; move without decrypting. |
|
||||
| `helm/gitea-registry-values.yaml` | Non-secret overlay enabling Gitea package/container registry behavior. | Move | This is forge runtime config, not S5 app config. |
|
||||
| `manifests/gitea-ingress.yaml` | Registry-facing Gitea ingress for `/v2`. | Move | Forge owns Gitea/registry exposure; cluster ingress primitives remain S2. |
|
||||
| `releases/gitea/values.yaml` | Legacy/plain Gitea release values reference. | Move or supersede | Likely keep only as historical migration reference if still useful. |
|
||||
| `Makefile` variables `GITEA_*` | Gitea release/chart/value/ingress defaults. | Move | Recreate in `railiance-forge/Makefile`; remove from S5 after compatibility window. |
|
||||
| `make gitea-deploy` | Deploy/upgrade current Gitea release. | Move | Should become `railiance-forge` operator target. |
|
||||
| `make gitea-ingress-deploy` | Apply Gitea registry ingress. | Move | Should become `railiance-forge` operator target. |
|
||||
| `make gitea-status` | Check Gitea pod/service/ingress and `gitea-db` status. | Move | Keep database status as consumer evidence; S3 still owns DB implementation. |
|
||||
|
||||
## Copy With Compatibility Pointer
|
||||
|
||||
| Asset | Current role | Target disposition | Notes |
|
||||
|-------|--------------|--------------------|-------|
|
||||
| `docs/gitea-container-registry.md` | Canonical operator recipe for container registry host, auth, pull secrets, storage note. | Copy pointer | Copy to `railiance-forge/docs/`; leave S5 pointer for app consumers. |
|
||||
| `docs/gitea-package-registry.md` | Python package registry publishing/install recipe and `issue-core` handoff. | Copy pointer | Forge owns endpoint/registry posture; app/source repos own package release details. |
|
||||
| `workplans/RAIL-AP-WP-0001-gitea-container-registry.md` | Historical implementation evidence for enabling Gitea registry in S5. | Copy pointer or archive | Keep historical record in S5, but create forge follow-up for storage/retention/restore posture. |
|
||||
| `workplans/RAILIANCE-WP-0006-railiance-forge-extraction.md` | Cross-repo coordination plan. | Leave plus pointer | Remains in `railiance-apps` as extraction coordinator; forge work proceeds in `FORGE-WP-*`. |
|
||||
|
||||
## Leave In `railiance-apps`
|
||||
|
||||
| Asset | Current role | Target disposition | Notes |
|
||||
|-------|--------------|--------------------|-------|
|
||||
| `.gitea/workflows/manifest-server-dry-run.yaml` | S5 manifest dry-run workflow for app charts/manifests. | Leave | Runner substrate belongs in forge; this app-release check remains S5. |
|
||||
| `make k8s-server-dry-run` | Server-side dry-run for S5 charts/manifests. | Leave | Document runner/cluster prerequisites in forge, but keep app release check here. |
|
||||
| `tools/k8s-server-dry-run.sh` | Implements S5 dry-run. | Leave | Consumes runner/cluster access; does not operate forge runtime. |
|
||||
| `charts/vergabe-teilnahme/**` | S5 app chart. | Leave | Application release ownership. |
|
||||
| `helm/vergabe-teilnahme-values.yaml` | S5 app values, including registry image reference. | Leave | Consumes forge registry; does not own registry. |
|
||||
| `manifests/vergabe-teilnahme-ingress.yaml` | S5 app ingress. | Leave | Application endpoint ownership. |
|
||||
| `docs/vergabe-teilnahme.md` | S5 app runbook. | Leave | Update links to point at forge-owned registry docs after migration. |
|
||||
| `docs/django-on-railiance.md` | Framework-specific S5 app recipe. | Leave | Should reference forge registry capabilities as upstream infrastructure. |
|
||||
| `docs/operator-recipes.md` | S5 operator recipes. | Leave | Keep only app-release recipes here. |
|
||||
| `docs/operator-setup.md` | S5 operator setup. | Leave | May need forge cross-link for registry credentials and runner expectations. |
|
||||
| `tools/build-database-url-secret.sh` | App DB secret helper. | Leave | S5 app data/secret consumer behavior. |
|
||||
| `tools/smoke-service.sh` | App smoke helper. | Leave | S5 verification. |
|
||||
| `make apps-pg-status` | Checks shared app database cluster. | Leave or move to platform later | Not forge; keep while S5 needs consumer readiness evidence. |
|
||||
| `make vergabe-*` targets | App release operations. | Leave | S5 app surface. |
|
||||
|
||||
## Adapt In Place
|
||||
|
||||
| Asset | Current role | Target disposition | Notes |
|
||||
|-------|--------------|--------------------|-------|
|
||||
| `SCOPE.md` | Currently lists Gitea as S5-owned workload. | Adapt | After migration, describe forge as upstream release infrastructure. |
|
||||
| `INTENT.md` | Mentions Gitea/current forge as S5 workload/learning surface. | Adapt | Keep S5 intent but remove long-term forge ownership language. |
|
||||
| `AGENTS.md` | Repo identity still says application Helm releases, Gitea, coulomb services. | Adapt | Update after Gitea files move. Also update task status examples to State Hub canon. |
|
||||
| `Makefile` `SOPS_SENTINEL ?= $(GITEA_VALUES)` | `check-sops` currently validates Gitea SOPS values. | Adapt | Once Gitea values move, choose an S5 sentinel or make the check no-op when no SOPS file exists. |
|
||||
| `tools/check-sops.sh` | Generic SOPS sentinel check. | Leave/adapt | Useful beyond forge, but current default must change after move. |
|
||||
| `.custodian-brief.md` | Generated State Hub brief. | Generated | Do not edit manually; consistency sync updates it. |
|
||||
|
||||
## Supersede Or Re-home Planning Content
|
||||
|
||||
| Asset | Current role | Target disposition | Notes |
|
||||
|-------|--------------|--------------------|-------|
|
||||
| `RAILIANCE-WP-0005-T04` | App data backup/restore handoffs includes Gitea package blobs. | Split | App DB handoff stays S5; Gitea package blob durability moves to forge. |
|
||||
| `RAILIANCE-WP-0005-T06` | Gitea package registry storage and retention posture. | Re-home | Should become forge-owned follow-up, likely under `FORGE-WP-*`. |
|
||||
| `railiance-apps-WP-0004` I03 | PyPI issue-core blocker references Gitea package registry. | Adapt | Source/package publication remains source repo; forge owns registry endpoint and credentials posture. |
|
||||
| `railiance-apps-WP-0002` registry references | Historical app deployment evidence. | Leave/adapt | Keep as app deployment history; cross-link to forge docs for current registry operation. |
|
||||
|
||||
## First Safe Move Candidate
|
||||
|
||||
The first migration should avoid live service changes and move documentation
|
||||
before deployment configuration:
|
||||
|
||||
1. Copy `docs/gitea-container-registry.md` and
|
||||
`docs/gitea-package-registry.md` into `railiance-forge/docs/`.
|
||||
2. Replace the originals in `railiance-apps` with short compatibility pointers.
|
||||
3. Add a `railiance-forge/Makefile` with read-only/status targets first.
|
||||
4. Move deploy-capable Gitea targets only after the operator path is reviewed.
|
||||
|
||||
This gives operators a new canonical forge home while keeping current S5 app
|
||||
runbooks discoverable.
|
||||
|
||||
## Remote Creation Note
|
||||
|
||||
Creating `coulomb/railiance-forge` on the current Gitea instance is blocked:
|
||||
the configured `tea` login `coulomb` exists, but the stored token is invalid as
|
||||
of 2026-06-05. The local repo is initialized and State Hub-registered, but
|
||||
`origin` should not be added until the remote repository exists.
|
||||
130
docs/first-migration-plan.md
Normal file
130
docs/first-migration-plan.md
Normal file
@@ -0,0 +1,130 @@
|
||||
# First Migration Plan
|
||||
|
||||
Date: 2026-06-05
|
||||
|
||||
This plan starts the extraction of forge ownership from `railiance-apps` into
|
||||
`railiance-forge` without changing the live Gitea deployment.
|
||||
|
||||
The rule for the first migration is simple: move knowledge and read-only
|
||||
operator entry points before moving deploy-capable configuration.
|
||||
|
||||
## Goals
|
||||
|
||||
- Make `railiance-forge` the canonical place to look for forge and registry
|
||||
operation.
|
||||
- Keep `railiance-apps` usable for current S5 app operators during transition.
|
||||
- Preserve all secret boundaries; do not decrypt or copy live secret values.
|
||||
- Avoid any Helm release or Kubernetes apply during the first migration.
|
||||
- Keep future Forgejo cutover separate from current Gitea ownership transfer.
|
||||
|
||||
## Non-Goals
|
||||
|
||||
- No live Gitea upgrade.
|
||||
- No Forgejo deployment or cutover.
|
||||
- No registry retention cleanup.
|
||||
- No Actions runner deployment.
|
||||
- No app release changes.
|
||||
- No SOPS decryption.
|
||||
|
||||
## Phase 1 - Documentation Canonicalization
|
||||
|
||||
Move registry operation knowledge first.
|
||||
|
||||
Steps:
|
||||
|
||||
1. Copy `railiance-apps/docs/gitea-container-registry.md` to
|
||||
`railiance-forge/docs/gitea-container-registry.md`.
|
||||
2. Copy `railiance-apps/docs/gitea-package-registry.md` to
|
||||
`railiance-forge/docs/gitea-package-registry.md`.
|
||||
3. Replace the originals in `railiance-apps` with short compatibility pointers
|
||||
to the new canonical files.
|
||||
4. Update `railiance-apps/docs/vergabe-teilnahme.md` and other app docs to
|
||||
refer to forge-owned registry docs.
|
||||
|
||||
Validation:
|
||||
|
||||
- `git diff --check` in both repos.
|
||||
- No commands require Gitea credentials.
|
||||
- No live cluster changes.
|
||||
|
||||
## Phase 2 - Read-Only Operator Targets
|
||||
|
||||
Add forge-side operator entry points that inspect current state before owning
|
||||
deployment.
|
||||
|
||||
Initial `railiance-forge/Makefile` targets:
|
||||
|
||||
- `gitea-status`: current Gitea pod, service, ingress, and `gitea-db` consumer
|
||||
status, copied/adapted from `railiance-apps`.
|
||||
- `registry-docs`: print canonical docs to inspect.
|
||||
- `check-tools`: minimal local tool check for `kubectl`, `helm`, `sops`, and
|
||||
optional `tea`.
|
||||
|
||||
Do not add `gitea-deploy` in this phase.
|
||||
|
||||
Validation:
|
||||
|
||||
- Targets are read-only.
|
||||
- Targets either succeed or fail with clear missing-tool messages.
|
||||
- `railiance-apps` still owns deploy-capable Gitea targets during the
|
||||
transition.
|
||||
|
||||
## Phase 3 - Deploy-Capable Target Review
|
||||
|
||||
Move deploy-capable Gitea ownership only after Phase 1 and Phase 2 are reviewed.
|
||||
|
||||
Candidate moves:
|
||||
|
||||
- `helm/gitea-values.sops.yaml`;
|
||||
- `helm/gitea-registry-values.yaml`;
|
||||
- `manifests/gitea-ingress.yaml`;
|
||||
- `make gitea-deploy`;
|
||||
- `make gitea-ingress-deploy`.
|
||||
|
||||
Review gates:
|
||||
|
||||
- `railiance-forge` remote exists and is pushed.
|
||||
- State Hub workplans are synced in both repos.
|
||||
- Operator confirms the Gitea token/remote creation issue is fixed.
|
||||
- `railiance-apps` has compatibility pointers for old paths.
|
||||
- The plan distinguishes current Gitea operation from future Forgejo cutover.
|
||||
|
||||
Validation:
|
||||
|
||||
- `helm template` or dry-run equivalent can render from the new path without
|
||||
decrypting secrets into Git.
|
||||
- No decrypted SOPS material appears in diffs.
|
||||
- Existing live service stays untouched until an explicit deploy command is run.
|
||||
|
||||
## Phase 4 - S5 Scope Cleanup
|
||||
|
||||
After deploy-capable assets move, update `railiance-apps`:
|
||||
|
||||
- remove long-term Gitea ownership language from `SCOPE.md`;
|
||||
- keep app release and app runbook ownership;
|
||||
- keep app registry consumption references;
|
||||
- update `RAILIANCE-WP-0005` to split Gitea package storage posture into
|
||||
forge-owned work;
|
||||
- keep app database and app backup handoffs in S5/platform coordination.
|
||||
|
||||
Validation:
|
||||
|
||||
- `railiance-apps` no longer claims forge runtime ownership.
|
||||
- App operators can still find registry instructions through pointers.
|
||||
|
||||
## Open Blocker
|
||||
|
||||
The local `tea` login named `coulomb` is configured but currently fails with
|
||||
`invalid username, password or token`. This blocks creation of the remote
|
||||
`coulomb/railiance-forge` repository through the Gitea API.
|
||||
|
||||
Until refreshed credentials are available:
|
||||
|
||||
- keep `railiance-forge` local and State Hub-registered;
|
||||
- do not add an `origin` remote that points to a missing repository;
|
||||
- avoid claiming remote publication is complete.
|
||||
|
||||
## Next Recommended Action
|
||||
|
||||
Proceed with Phase 1 documentation canonicalization after the operator confirms
|
||||
that compatibility pointers in `railiance-apps` are acceptable.
|
||||
Reference in New Issue
Block a user