Standardize public Gitea HTTPS endpoint
Some checks failed
Forge Runner Smoke / compatibility-smoke (push) Has been cancelled

This commit is contained in:
2026-06-13 18:52:58 +02:00
parent 5861c61c8e
commit a1b55776fa
9 changed files with 152 additions and 23 deletions

View File

@@ -27,11 +27,11 @@ while app-release ownership remains there.
|-------|--------------|--------------------|-------|
| `helm/gitea-values.sops.yaml` | SOPS-encrypted Gitea Helm values. | Moved | Now `railiance-forge/helm/gitea-values.sops.yaml`; moved without decrypting. |
| `helm/gitea-registry-values.yaml` | Non-secret overlay enabling Gitea package/container registry behavior. | Moved | Now `railiance-forge/helm/gitea-registry-values.yaml`. |
| `manifests/gitea-ingress.yaml` | Registry-facing Gitea ingress for `/v2`. | Moved | Now `railiance-forge/manifests/gitea-ingress.yaml`; labels left unchanged until next reviewed deploy. |
| `manifests/gitea-ingress.yaml` | Public Gitea HTTPS ingress for `/`, `/api/packages`, and `/v2`. | Moved | Now `railiance-forge/manifests/gitea-ingress.yaml`; labels reconciled to forge ownership during the reviewed public-root deploy. |
| `releases/gitea/values.yaml` | Legacy/plain Gitea release values reference. | Moved | Now `railiance-forge/releases/gitea/values.yaml`; review before using as active deploy input. |
| `Makefile` variables `GITEA_*` | Gitea release/chart/value/ingress defaults. | Moved | Forge owns canonical variables; apps keeps only release/name compatibility variables. |
| `make gitea-deploy` | Deploy/upgrade current Gitea release. | Moved | Forge owns target; apps delegates during compatibility window. |
| `make gitea-ingress-deploy` | Apply Gitea registry ingress. | Moved | Forge owns target; apps delegates during compatibility window. |
| `make gitea-ingress-deploy` | Apply public Gitea HTTPS ingress. | Moved | Forge owns target; apps delegates during compatibility window. |
| `make gitea-status` | Check Gitea pod/service/ingress and `gitea-db` status. | Moved | Forge owns target; apps delegates during compatibility window. |
## Copy With Compatibility Pointer

View File

@@ -29,6 +29,10 @@ Collected from `/home/worsch/railiance-forge` on 2026-06-07.
Public endpoint checks from this environment:
Historical note: the root/API `404` results below were collected before
`FORGE-WP-0004` made `https://gitea.coulomb.social/` the standard public Gitea
web endpoint on 2026-06-13.
| Endpoint | Result | Interpretation |
| --- | --- | --- |
| `https://gitea.coulomb.social/` | HTTP `404` | Public root route is not a useful Gitea web health signal here. |

View File

@@ -6,15 +6,16 @@ Gitea Helm and manifest files now live in this repo.
## Registry Target
Use `gitea.coulomb.social` as the approved registry host. The `/v2` ingress is
live as of 2026-05-15 and returns the OCI registry authentication challenge over
HTTPS.
Use `gitea.coulomb.social` as the approved forge and registry host. The public
ingress serves the Gitea web route at `https://gitea.coulomb.social/`, the OCI
registry route at `/v2`, and the Python package route at `/api/packages`. The
`/v2` route returns the OCI registry authentication challenge over HTTPS.
Registry-specific Gitea settings are carried in
`helm/gitea-registry-values.yaml`, a non-secret overlay applied after the SOPS
values file by `make gitea-deploy`. It explicitly enables packages, permits
container and PyPI uploads without an app-level size cap, clears globally
disabled repo units, and moves `ROOT_URL` to the HTTPS host.
disabled repo units, and keeps `ROOT_URL` on the HTTPS host.
Image names should use the Gitea owner and package path:

View File

@@ -8,14 +8,15 @@ Gitea package support is enabled by `helm/gitea-registry-values.yaml`. That
overlay is applied after the encrypted base values by `make gitea-deploy` and
enables both container packages and Python packages.
The public ingress intentionally exposes `/api/packages` and `/v2` only. The
package route is required for Python package upload and install traffic; the
general Gitea web UI and API remain outside this ingress manifest.
The public ingress exposes the Gitea web route at
`https://gitea.coulomb.social/`, the Python package route at `/api/packages`,
and the OCI registry route at `/v2`. The standard endpoint is HTTPS; if package
simple-index pages render `http://gitea.coulomb.social/...` artifact links,
reconcile the Gitea Helm release with `helm/gitea-registry-values.yaml` so
`ROOT_URL` is restored to the HTTPS host.
The live simple-index pages currently render package artifact links with
`http://gitea.coulomb.social/...`. `uv lock` and clean `pip install` checks work
against the public package route, but the next Gitea config reconciliation
should align `ROOT_URL` with the HTTPS package endpoint.
Status on 2026-06-13: the root web route returns `200`, live `ROOT_URL` is
`https://gitea.coulomb.social/`, and package artifact links render HTTPS URLs.
## Python Packages

View File

@@ -1,6 +1,6 @@
# Forge Observability And Operating Evidence
Last reviewed: 2026-06-07
Last reviewed: 2026-06-13
Status: contract v1. This document defines checks, evidence, and future
monitoring expectations. It does not authorize a live monitoring deployment,
@@ -44,7 +44,7 @@ Railiance cluster.
Additional checks should stay read-only:
```bash
# Web/API health: expect HTTP 200/3xx for the web route, not 5xx.
# Web/API health: expect HTTP 200/3xx for the web route, not 404/5xx.
curl -fsSI https://gitea.coulomb.social/
curl -fsS https://gitea.coulomb.social/api/v1/version