From 46fff69fc0bce69b030d986abaf65dd80ac237dc Mon Sep 17 00:00:00 2001 From: tegwick Date: Sat, 27 Jun 2026 23:38:36 +0200 Subject: [PATCH] Record artifact-store MinIO lane progress --- ...astructure-stabilization-pickup-checkpoint.md | 6 +++--- .../near-term-production-service-lanes-status.md | 7 ++++--- ...0051-infrastructure-stabilization-metaplan.md | 16 ++++++++++++++++ 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/docs/infrastructure-stabilization-pickup-checkpoint.md b/docs/infrastructure-stabilization-pickup-checkpoint.md index d3b13bc..13ac8d8 100644 --- a/docs/infrastructure-stabilization-pickup-checkpoint.md +++ b/docs/infrastructure-stabilization-pickup-checkpoint.md @@ -103,7 +103,7 @@ Resume from `docs/daily-triage-stabilization-status.md` and | ops-hub evidence | `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T14`, `T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. | | issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. | | Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. | -| artifact-store | Workplan is active with all tasks open and no current live secret handoff recorded. | Start D7.1 fork/object-store landscape and D7.2 compatibility harness. | +| artifact-store | D7.1 is done; D7.2 has an opt-in live MinIO compatibility harness and manual smoke docs. No live secret handoff is recorded. | Run D7.2 against an approved MinIO-compatible endpoint, then route D7.3 STS vending through identity/platform custody before changing credential behavior. | | FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity and IAM Profile v0.2 are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Keep `CUST-WP-0025-T03` as the identity integration test, then execute the rewritten Core Hub ops evidence, deployed smoke/cutover, and UI first-screen gates. | ## Next-Pick List @@ -121,8 +121,8 @@ Resume from `docs/daily-triage-stabilization-status.md` and `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke. 5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or record that WSL2 remains primary for the next operating period. -6. Start artifact-store D7.1/D7.2; Forgejo and storage work can now inherit - the finished staged-promotion gates. +6. Run artifact-store D7.2 live MinIO-compatible evidence; Forgejo and storage + work can now inherit the finished staged-promotion gates. 7. Keep Forgejo cutover and State Hub HA work parked until their human decision and drill gates are satisfied. diff --git a/docs/near-term-production-service-lanes-status.md b/docs/near-term-production-service-lanes-status.md index 22a6d25..aac046a 100644 --- a/docs/near-term-production-service-lanes-status.md +++ b/docs/near-term-production-service-lanes-status.md @@ -13,7 +13,7 @@ before starting larger migrations. | --- | --- | --- | | `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. | | `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. | -| `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. | +| `artifact-store-wp-0007` | D7.1 is done. The dated MinIO/fork/object-store landscape assessment chose a compatibility-profile lane rather than a direct MaxIO fork. D7.2 is in progress with an opt-in live MinIO pytest harness and manual smoke docs; no secret value was read or recorded. | Run the D7.2 harness against an approved MinIO-compatible endpoint and capture health/round-trip/multipart evidence. Route D7.3 STS credential vending through identity/platform custody before changing artifact-store credential behavior. | | `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. | ## Credential And Operator Routing @@ -42,7 +42,8 @@ No secret value was read or written. The required non-secret evidence is: only activity-core live emission remains. 2. Treat staged-promotion as complete; use it as the gate model before Forgejo cutover work accelerates. -3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3 - routed to NetKingdom if STS vending is not artifact-store-owned. +3. Run artifact-store D7.2 live evidence against an approved MinIO-compatible + endpoint, with D7.3 routed to identity/platform custody if STS vending is + not artifact-store-owned. 4. Keep Forgejo production cutover parked behind explicit T02 decisions and the staged-promotion/backup/email/package/action gates. diff --git a/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md b/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md index 3f92682..92049a4 100644 --- a/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md +++ b/workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md @@ -300,6 +300,22 @@ Progress 2026-06-27: artifact-store D7.1/D7.2 remains open; staged-promotion T02 is now complete before broad production source-forge migration work. +Progress 2026-06-27 artifact-store D7.1/D7.2: + +- Advanced `/home/worsch/artifact-store` `ARTIFACT-STORE-WP-0007`: D7.1 is + done with `docs/minio-compatibility-landscape-2026-06-27.md`, deciding to + pursue a compatibility profile instead of a direct MaxIO server fork. +- D7.2 is now `progress` with an opt-in live MinIO compatibility pytest harness + (`tests/integration/test_storage_s3_minio.py`), `make test-minio`, and manual + smoke docs in `docs/OPERATOR.md`. +- Verified artifact-store with `make test` (`110 passed, 2 skipped`), targeted + Ruff checks for the new harness, direct harness execution (`2 skipped` without + endpoint variables), and `git diff --check`. Repo-wide `make lint` still + reports pre-existing Ruff format drift in seven untouched files. +- Remaining artifact-store gate is live evidence: run D7.2 against an approved + MinIO-compatible endpoint with non-secret health, round-trip, and multipart + output. D7.3 STS vending remains identity/platform-routed work. + Progress 2026-06-27 staged promotion: - Completed `RAIL-BS-WP-0006-T02` in `/home/worsch/railiance-cluster`.