coulomb/the-custodian
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Record artifact-store MinIO lane progress

Browse Source
This commit is contained in:
Bernd Worsch
2026-06-27 23:38:36 +02:00
parent 225f3a7834
commit 46fff69fc0
3 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/infrastructure-stabilization-pickup-checkpoint.md
View File

@@ -103,7 +103,7 @@ Resume from `docs/daily-triage-stabilization-status.md` and
| ops-hub evidence | `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T14`, `T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. | | ops-hub evidence | `CUST-WP-0025-T13` through `T19` now use Core Hub API/CLI/UI gates; `CUST-WP-0047` and `CUST-WP-0049` remain legacy/fallback records. | Execute `CUST-WP-0025-T14`, `T16`, `T17`, and `T18`; close legacy Inter-Hub waits only through deployed Core Hub evidence or explicit supersede decision. |
| issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. | | issue-core | ArgoCD service is healthy on port `8765`; image `0.2.1`; ExternalSecret Ready; authenticated smoke created Gitea issue `175`. | activity-core still needs `ISSUE_CORE_API_KEY`, URL port `8765`, `ISSUE_SINK_TYPE=rest`, and a safe emission smoke. |
| Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. | | Forgejo | Migration inventory/design lane is active but pre-cutover. | Production design decisions, SMTP/email recovery, package registry, Actions, backup/restore, migration drill, cutover approval. |
| artifact-store | Workplan is active with all tasks open and no current live secret handoff recorded. | Start D7.1 fork/object-store landscape and D7.2 compatibility harness. | | artifact-store | D7.1 is done; D7.2 has an opt-in live MinIO compatibility harness and manual smoke docs. No live secret handoff is recorded. | Run D7.2 against an approved MinIO-compatible endpoint, then route D7.3 STS vending through identity/platform custody before changing credential behavior. |
| FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity and IAM Profile v0.2 are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Keep `CUST-WP-0025-T03` as the identity integration test, then execute the rewritten Core Hub ops evidence, deployed smoke/cutover, and UI first-screen gates. | | FOS hub | Old NK-WP-0001 Keycloak prerequisite is cancelled; NK-WP-0002 local identity and IAM Profile v0.2 are done; hub-core extraction/dev-hub work is done; CUST-WP-0025 Phase 3 has been rewritten for Core Hub. | Keep `CUST-WP-0025-T03` as the identity integration test, then execute the rewritten Core Hub ops evidence, deployed smoke/cutover, and UI first-screen gates. |
## Next-Pick List ## Next-Pick List
@@ -121,8 +121,8 @@ Resume from `docs/daily-triage-stabilization-status.md` and
`ISSUE_SINK_TYPE=rest` and one known-safe emission smoke. `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or 5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
record that WSL2 remains primary for the next operating period. record that WSL2 remains primary for the next operating period.
6. Start artifact-store D7.1/D7.2; Forgejo and storage work can now inherit 6. Run artifact-store D7.2 live MinIO-compatible evidence; Forgejo and storage
the finished staged-promotion gates. work can now inherit the finished staged-promotion gates.
7. Keep Forgejo cutover and State Hub HA work parked until their human decision 7. Keep Forgejo cutover and State Hub HA work parked until their human decision
and drill gates are satisfied. and drill gates are satisfied.

7
docs/near-term-production-service-lanes-status.md
View File

@@ -13,7 +13,7 @@ before starting larger migrations.
| --- | --- | --- | | --- | --- | --- |
| `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. | | `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
| `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. | | `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
| `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. | | `artifact-store-wp-0007` | D7.1 is done. The dated MinIO/fork/object-store landscape assessment chose a compatibility-profile lane rather than a direct MaxIO fork. D7.2 is in progress with an opt-in live MinIO pytest harness and manual smoke docs; no secret value was read or recorded. | Run the D7.2 harness against an approved MinIO-compatible endpoint and capture health/round-trip/multipart evidence. Route D7.3 STS credential vending through identity/platform custody before changing artifact-store credential behavior. |
| `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. | | `staged-promotion-lifecycle` | Finished. Lifecycle spec, app contract, overlay scaffold, Stage 1 runner, canary template, deploy/observe tooling, promote/rollback tooling, and onboarding guide are done. | Use the finished promotion gates as prerequisites for Forgejo/source-forge and storage production work. |
## Credential And Operator Routing ## Credential And Operator Routing
@@ -42,7 +42,8 @@ No secret value was read or written. The required non-secret evidence is:
only activity-core live emission remains. only activity-core live emission remains.
2. Treat staged-promotion as complete; use it as the gate model before 2. Treat staged-promotion as complete; use it as the gate model before
Forgejo cutover work accelerates. Forgejo cutover work accelerates.
3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3 3. Run artifact-store D7.2 live evidence against an approved MinIO-compatible
routed to NetKingdom if STS vending is not artifact-store-owned. endpoint, with D7.3 routed to identity/platform custody if STS vending is
not artifact-store-owned.
4. Keep Forgejo production cutover parked behind explicit T02 decisions and the 4. Keep Forgejo production cutover parked behind explicit T02 decisions and the
staged-promotion/backup/email/package/action gates. staged-promotion/backup/email/package/action gates.

16
workplans/CUST-WP-0051-infrastructure-stabilization-metaplan.md
View File

@@ -300,6 +300,22 @@ Progress 2026-06-27:
artifact-store D7.1/D7.2 remains open; staged-promotion T02 is now complete artifact-store D7.1/D7.2 remains open; staged-promotion T02 is now complete
before broad production source-forge migration work. before broad production source-forge migration work.
Progress 2026-06-27 artifact-store D7.1/D7.2:
- Advanced `/home/worsch/artifact-store` `ARTIFACT-STORE-WP-0007`: D7.1 is
done with `docs/minio-compatibility-landscape-2026-06-27.md`, deciding to
pursue a compatibility profile instead of a direct MaxIO server fork.
- D7.2 is now `progress` with an opt-in live MinIO compatibility pytest harness
(`tests/integration/test_storage_s3_minio.py`), `make test-minio`, and manual
smoke docs in `docs/OPERATOR.md`.
- Verified artifact-store with `make test` (`110 passed, 2 skipped`), targeted
Ruff checks for the new harness, direct harness execution (`2 skipped` without
endpoint variables), and `git diff --check`. Repo-wide `make lint` still
reports pre-existing Ruff format drift in seven untouched files.
- Remaining artifact-store gate is live evidence: run D7.2 against an approved
MinIO-compatible endpoint with non-secret health, round-trip, and multipart
output. D7.3 STS vending remains identity/platform-routed work.
Progress 2026-06-27 staged promotion: Progress 2026-06-27 staged promotion:
- Completed `RAIL-BS-WP-0006-T02` in `/home/worsch/railiance-cluster`. - Completed `RAIL-BS-WP-0006-T02` in `/home/worsch/railiance-cluster`.