Files
railiance-forge/workplans/FORGE-WP-0004-public-gitea-root-endpoint.md
tegwick a1b55776fa
Some checks failed
Forge Runner Smoke / compatibility-smoke (push) Has been cancelled
Standardize public Gitea HTTPS endpoint
2026-06-13 18:52:58 +02:00

117 lines
3.7 KiB
Markdown

---
id: FORGE-WP-0004
type: workplan
title: "Standard public Gitea HTTPS root endpoint"
domain: railiance
repo: railiance-forge
status: finished
owner: codex
topic_slug: railiance
planning_priority: high
created: "2026-06-13"
updated: "2026-06-13"
state_hub_workstream_id: "10a11cbb-9c2b-496b-af6a-dc934aeee68b"
---
# Standard public Gitea HTTPS root endpoint
## Context
Before this workplan, `https://gitea.coulomb.social/` returned `404` because
the forge-owned ingress only routed package and OCI registry paths. The Helm
overlay already declared `ROOT_URL: "https://gitea.coulomb.social/"`, so the
deployment standard now makes the public Gitea web route, Python package route,
and OCI registry route part of the same forge-owned endpoint contract.
## T01 - Set the public endpoint contract
```task
id: FORGE-WP-0004-T01
status: done
priority: high
state_hub_task_id: "f0125038-cf5b-4c8b-a90f-c3f3bedfc386"
```
Define the standard public Gitea endpoint as:
- `https://gitea.coulomb.social/` for the web UI and normal Gitea web/API
routes;
- `https://gitea.coulomb.social/api/packages/...` for package publication and
installation;
- `https://gitea.coulomb.social/v2/` for OCI registry clients.
This explicitly supersedes the temporary registry-only ingress posture.
## T02 - Update forge-owned deployment files
```task
id: FORGE-WP-0004-T02
status: done
priority: high
state_hub_task_id: "225707ce-10b5-41e3-809d-55f4b3a52c80"
```
Add a `/` catch-all path to `manifests/gitea-ingress.yaml`, keep the explicit
`/api/packages` and `/v2` paths visible for operator clarity, and reconcile the
ingress labels from the earlier `railiance-apps` extraction to
`railiance-forge` ownership.
Done when the manifest and operator docs describe the root web endpoint as the
standard deployment shape.
Completed on 2026-06-13. The ingress manifest now routes `/`, `/api/packages`,
and `/v2` to the Gitea service, and the ingress labels identify
`railiance-forge` ownership. Forge docs and operator target wording now describe
the public endpoint as web, package, and OCI registry surface rather than a
registry-only ingress.
## T03 - Apply and verify the live endpoint
```task
id: FORGE-WP-0004-T03
status: done
priority: high
state_hub_task_id: "9d1cd8e6-80da-4ded-9ae7-ddfeb64af0ae"
```
Apply the reviewed ingress and, if needed, reconcile the Gitea Helm release so
`ROOT_URL` remains the HTTPS host. Verify:
- root URL returns `200` or an expected redirect;
- `/api/v1/version` is reachable;
- `/v2/` still returns an OCI authentication challenge;
- the package-specific PyPI simple index for `issue-core` still returns `200`.
Completed on 2026-06-13. `kubectl apply -f manifests/gitea-ingress.yaml`
configured the public root path. A pinned Helm `--reuse-values` upgrade kept
chart `gitea-12.5.0` and app `1.25.4` while overriding only
`gitea.config.server.ROOT_URL=https://gitea.coulomb.social/`; Gitea rolled to
Helm revision 7.
Verification evidence:
- `https://gitea.coulomb.social/` returned `200`;
- `https://gitea.coulomb.social/api/v1/version` returned `200` with
`{"version":"1.25.4"}`;
- `https://gitea.coulomb.social/v2/` returned `401`, preserving the OCI auth
challenge;
- `https://gitea.coulomb.social/api/packages/coulomb/pypi/simple/issue-core/`
returned `200`;
- live `ROOT_URL` is `https://gitea.coulomb.social/`;
- the Gitea web UI bootstrap and `issue-core==0.2.0` package artifact links now
render HTTPS URLs.
## T04 - Sync State Hub and record evidence
```task
id: FORGE-WP-0004-T04
status: done
priority: medium
state_hub_task_id: "ad4b9574-89fd-4ced-8dde-3b0d5a9a555a"
```
Run State Hub consistency sync for `railiance-forge` and record a progress note
with non-secret verification evidence.
Completed on 2026-06-13 after the live endpoint verification.