generated from coulomb/repo-seed
Standardize public Gitea HTTPS endpoint
Some checks failed
Forge Runner Smoke / compatibility-smoke (push) Has been cancelled
Some checks failed
Forge Runner Smoke / compatibility-smoke (push) Has been cancelled
This commit is contained in:
116
workplans/FORGE-WP-0004-public-gitea-root-endpoint.md
Normal file
116
workplans/FORGE-WP-0004-public-gitea-root-endpoint.md
Normal file
@@ -0,0 +1,116 @@
|
||||
---
|
||||
id: FORGE-WP-0004
|
||||
type: workplan
|
||||
title: "Standard public Gitea HTTPS root endpoint"
|
||||
domain: railiance
|
||||
repo: railiance-forge
|
||||
status: finished
|
||||
owner: codex
|
||||
topic_slug: railiance
|
||||
planning_priority: high
|
||||
created: "2026-06-13"
|
||||
updated: "2026-06-13"
|
||||
state_hub_workstream_id: "10a11cbb-9c2b-496b-af6a-dc934aeee68b"
|
||||
---
|
||||
|
||||
# Standard public Gitea HTTPS root endpoint
|
||||
|
||||
## Context
|
||||
|
||||
Before this workplan, `https://gitea.coulomb.social/` returned `404` because
|
||||
the forge-owned ingress only routed package and OCI registry paths. The Helm
|
||||
overlay already declared `ROOT_URL: "https://gitea.coulomb.social/"`, so the
|
||||
deployment standard now makes the public Gitea web route, Python package route,
|
||||
and OCI registry route part of the same forge-owned endpoint contract.
|
||||
|
||||
## T01 - Set the public endpoint contract
|
||||
|
||||
```task
|
||||
id: FORGE-WP-0004-T01
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "f0125038-cf5b-4c8b-a90f-c3f3bedfc386"
|
||||
```
|
||||
|
||||
Define the standard public Gitea endpoint as:
|
||||
|
||||
- `https://gitea.coulomb.social/` for the web UI and normal Gitea web/API
|
||||
routes;
|
||||
- `https://gitea.coulomb.social/api/packages/...` for package publication and
|
||||
installation;
|
||||
- `https://gitea.coulomb.social/v2/` for OCI registry clients.
|
||||
|
||||
This explicitly supersedes the temporary registry-only ingress posture.
|
||||
|
||||
## T02 - Update forge-owned deployment files
|
||||
|
||||
```task
|
||||
id: FORGE-WP-0004-T02
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "225707ce-10b5-41e3-809d-55f4b3a52c80"
|
||||
```
|
||||
|
||||
Add a `/` catch-all path to `manifests/gitea-ingress.yaml`, keep the explicit
|
||||
`/api/packages` and `/v2` paths visible for operator clarity, and reconcile the
|
||||
ingress labels from the earlier `railiance-apps` extraction to
|
||||
`railiance-forge` ownership.
|
||||
|
||||
Done when the manifest and operator docs describe the root web endpoint as the
|
||||
standard deployment shape.
|
||||
|
||||
Completed on 2026-06-13. The ingress manifest now routes `/`, `/api/packages`,
|
||||
and `/v2` to the Gitea service, and the ingress labels identify
|
||||
`railiance-forge` ownership. Forge docs and operator target wording now describe
|
||||
the public endpoint as web, package, and OCI registry surface rather than a
|
||||
registry-only ingress.
|
||||
|
||||
## T03 - Apply and verify the live endpoint
|
||||
|
||||
```task
|
||||
id: FORGE-WP-0004-T03
|
||||
status: done
|
||||
priority: high
|
||||
state_hub_task_id: "9d1cd8e6-80da-4ded-9ae7-ddfeb64af0ae"
|
||||
```
|
||||
|
||||
Apply the reviewed ingress and, if needed, reconcile the Gitea Helm release so
|
||||
`ROOT_URL` remains the HTTPS host. Verify:
|
||||
|
||||
- root URL returns `200` or an expected redirect;
|
||||
- `/api/v1/version` is reachable;
|
||||
- `/v2/` still returns an OCI authentication challenge;
|
||||
- the package-specific PyPI simple index for `issue-core` still returns `200`.
|
||||
|
||||
Completed on 2026-06-13. `kubectl apply -f manifests/gitea-ingress.yaml`
|
||||
configured the public root path. A pinned Helm `--reuse-values` upgrade kept
|
||||
chart `gitea-12.5.0` and app `1.25.4` while overriding only
|
||||
`gitea.config.server.ROOT_URL=https://gitea.coulomb.social/`; Gitea rolled to
|
||||
Helm revision 7.
|
||||
|
||||
Verification evidence:
|
||||
|
||||
- `https://gitea.coulomb.social/` returned `200`;
|
||||
- `https://gitea.coulomb.social/api/v1/version` returned `200` with
|
||||
`{"version":"1.25.4"}`;
|
||||
- `https://gitea.coulomb.social/v2/` returned `401`, preserving the OCI auth
|
||||
challenge;
|
||||
- `https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/issue-core/`
|
||||
returned `200`;
|
||||
- live `ROOT_URL` is `https://gitea.coulomb.social/`;
|
||||
- the Gitea web UI bootstrap and `issue-core==0.2.0` package artifact links now
|
||||
render HTTPS URLs.
|
||||
|
||||
## T04 - Sync State Hub and record evidence
|
||||
|
||||
```task
|
||||
id: FORGE-WP-0004-T04
|
||||
status: done
|
||||
priority: medium
|
||||
state_hub_task_id: "ad4b9574-89fd-4ced-8dde-3b0d5a9a555a"
|
||||
```
|
||||
|
||||
Run State Hub consistency sync for `railiance-forge` and record a progress note
|
||||
with non-secret verification evidence.
|
||||
|
||||
Completed on 2026-06-13 after the live endpoint verification.
|
||||
Reference in New Issue
Block a user