Move Gitea deploy surface into forge

This commit is contained in:
2026-06-05 13:19:10 +02:00
parent 8b9f3b341d
commit 9ce24968cd
13 changed files with 219 additions and 78 deletions

View File

@@ -2,8 +2,8 @@
Date: 2026-06-05
Status: ready for operator review. No deploy-capable files have been moved by
this review, and no live cluster command is authorized by this document.
Status: executed as a file ownership move. No live Helm deploy, SOPS
decryption, or Kubernetes apply was run.
## Goal
@@ -15,13 +15,13 @@ breaking operator muscle memory.
| Current path in `railiance-apps` | Sensitivity | Proposed target | Action |
|---|---:|---|---|
| `helm/gitea-values.sops.yaml` | SOPS-encrypted | `railiance-forge/helm/gitea-values.sops.yaml` | Move after confirming SOPS age access still works from the new repo. Do not decrypt into Git. |
| `helm/gitea-registry-values.yaml` | Non-secret | `railiance-forge/helm/gitea-registry-values.yaml` | Move with the registry docs. |
| `manifests/gitea-ingress.yaml` | Non-secret | `railiance-forge/manifests/gitea-ingress.yaml` | Move and update ownership labels from `railiance-apps` to `railiance-forge` if desired. |
| `releases/gitea/values.yaml` | Plaintext legacy/operator values | `railiance-forge/releases/gitea/values.yaml` or archive | Review before moving; it contains old CoulombCore-era chart notes and a placeholder password comment. |
| `make gitea-deploy` | Deploy-capable | `railiance-forge/Makefile` | Move only after app-side compatibility target is ready. |
| `make gitea-ingress-deploy` | Deploy-capable | `railiance-forge/Makefile` | Move only after app-side compatibility target is ready. |
| `make gitea-status` | Read-only | `railiance-forge/Makefile` | Already introduced as read-only target. |
| `helm/gitea-values.sops.yaml` | SOPS-encrypted | `railiance-forge/helm/gitea-values.sops.yaml` | Moved without decrypting. |
| `helm/gitea-registry-values.yaml` | Non-secret | `railiance-forge/helm/gitea-registry-values.yaml` | Moved. |
| `manifests/gitea-ingress.yaml` | Non-secret | `railiance-forge/manifests/gitea-ingress.yaml` | Moved without live apply. |
| `releases/gitea/values.yaml` | Plaintext legacy/operator values | `railiance-forge/releases/gitea/values.yaml` | Moved as legacy evidence; review before use as active deploy input. |
| `make gitea-deploy` | Deploy-capable | `railiance-forge/Makefile` | Moved; app-side target delegates. |
| `make gitea-ingress-deploy` | Deploy-capable | `railiance-forge/Makefile` | Moved; app-side target delegates. |
| `make gitea-status` | Read-only | `railiance-forge/Makefile` | Moved; app-side target delegates. |
## Proposed Target Layout
@@ -98,14 +98,15 @@ the transition:
- `make gitea-deploy` and `make gitea-ingress-deploy` should either delegate to
forge or fail with a clear message that deploy ownership has moved.
## Resolved During Move
- `releases/gitea/values.yaml` moved as legacy evidence, not as the preferred
active deploy input.
- `manifests/gitea-ingress.yaml` labels were left unchanged to avoid mixing the
file move with a live-facing manifest semantic change.
- The SOPS sentinel in forge points at `helm/gitea-values.sops.yaml`.
## Open Questions
- Should `releases/gitea/values.yaml` move as an active file or be archived as
legacy evidence?
- Should `manifests/gitea-ingress.yaml` labels change from
`app.kubernetes.io/part-of: railiance-apps` to `railiance-forge` during the
move, or stay stable until the next deploy?
- Should the SOPS sentinel in forge point at `helm/gitea-values.sops.yaml` once
that file moves?
- What restore-drill evidence is required before package data becomes
production-critical?