Update stabilization checkpoint after overlay scaffold

This commit is contained in:
2026-06-27 15:55:40 +02:00
parent eae31bab6e
commit cbf583f76c
3 changed files with 22 additions and 7 deletions

View File

@@ -25,7 +25,7 @@ State Hub active workstreams queried on 2026-06-27:
| `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. | | `cust-wp-0051` | This metaplan is the coordination layer for remaining cross-workplan gates. |
| `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. | | `activity-wp-0016-llm-output-robustness-trust-boundary` | Repo-side output robustness bundle is prepared; live deploy/smoke proof remains. |
| `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. | | `three-phoenix-ha-cluster` | HA substrate remains future critical-workload work, not the current State Hub cutover blocker. |
| `staged-promotion-lifecycle` | T02 `railiance/app.toml` contract is done; continue with T03 overlay repo pattern and T04/T05 command/canary implementation before broad production migrations. | | `staged-promotion-lifecycle` | T02 `railiance/app.toml` contract and T03 overlay repo pattern/script are done; continue with T04/T05 command/canary implementation before broad production migrations. |
| `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. | | `rail-ho-wp-0005` | Forgejo production migration is parked behind explicit design, SMTP, backup, runner, and cutover decisions. |
| `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. | | `net-wp-0020` | OpenBao unseal/token custody remains an operator design and smoke gate. |
| `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. | | `issue-wp-0003` | issue-core service is healthy; activity-core REST emission wiring remains. |
@@ -106,7 +106,7 @@ Resume from `docs/daily-triage-stabilization-status.md` and
`ISSUE_SINK_TYPE=rest` and one known-safe emission smoke. `ISSUE_SINK_TYPE=rest` and one known-safe emission smoke.
5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or 5. Request explicit State Hub cutover approval for `CUST-WP-0011-T07`, or
record that WSL2 remains primary for the next operating period. record that WSL2 remains primary for the next operating period.
6. Continue staged-promotion T03/T04/T05 and start artifact-store D7.1/D7.2 6. Continue staged-promotion T04/T05 and start artifact-store D7.1/D7.2
so Forgejo and storage work inherit clear production promotion gates. so Forgejo and storage work inherit clear production promotion gates.
7. Keep Forgejo cutover and State Hub HA work parked until their human decision 7. Keep Forgejo cutover and State Hub HA work parked until their human decision
and drill gates are satisfied. and drill gates are satisfied.

View File

@@ -14,7 +14,7 @@ before starting larger migrations.
| `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. | | `issue-wp-0003` | issue-core is live through ArgoCD; image `0.2.1`, Service port `8765`, ExternalSecret Ready, authenticated smoke created Gitea issue `175`. | Do not flip activity-core blindly. First inject `ISSUE_CORE_API_KEY` into `actcore-runtime-secret` through route `activity-core-issue-sink`; then set activity-core `ISSUE_CORE_URL` to port `8765`, set `ISSUE_SINK_TYPE=rest`, restart/sync, and run one safe emission smoke. |
| `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. | | `rail-ho-wp-0005` | Forgejo migration remains pre-implementation. Inventory is in progress; production decisions, SMTP/email recovery, cutover, and legacy retirement are human-gated. | Resolve T02 production decisions first, then build the disposable Forgejo probe. Do not start production cutover before promotion lifecycle, email recovery, package registry, Actions, backup/restore, and migration drill pass. |
| `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. | | `artifact-store-wp-0007` | All tasks are still `todo`; no live secret gate is currently recorded. | Start with D7.1 fork/object-store landscape and D7.2 compatibility harness. Route D7.3 STS credential vending to NetKingdom if implementation belongs outside artifact-store. |
| `staged-promotion-lifecycle` | Lifecycle spec and T02 `railiance/app.toml` contract are done; overlay pattern, CLI commands, canary template, deployment observation, promotion, and rollback tasks remain. | Start T03 overlay repo pattern, then T04/T05 command and canary template implementation using issue-core/Forgejo as reference consumers for Stage 1/2/3 promotion gates. | | `staged-promotion-lifecycle` | Lifecycle spec, T02 `railiance/app.toml` contract, and T03 overlay repo pattern/script are done; CLI commands, canary template, deployment observation, promotion, and rollback tasks remain. | Start T04 `railiance run` and T05 canary Helm chart template using generated overlays as reference consumers for Stage 1/2 promotion gates. |
## Credential And Operator Routing ## Credential And Operator Routing
@@ -40,8 +40,8 @@ No secret value was read or written. The required non-secret evidence is:
1. Close the issue-core handoff gate because the service is already healthy and 1. Close the issue-core handoff gate because the service is already healthy and
only activity-core live emission remains. only activity-core live emission remains.
2. Continue staged-promotion with T03 overlay repo pattern, then T04/T05 2. Continue staged-promotion with T04 `railiance run` and T05 canary
command and canary template implementation before Forgejo cutover work accelerates. template implementation before Forgejo cutover work accelerates.
3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3 3. Run artifact-store D7.1/D7.2 as an assessment/build harness lane, with D7.3
routed to NetKingdom if STS vending is not artifact-store-owned. routed to NetKingdom if STS vending is not artifact-store-owned.
4. Keep Forgejo production cutover parked behind explicit T02 decisions and the 4. Keep Forgejo production cutover parked behind explicit T02 decisions and the

View File

@@ -295,8 +295,23 @@ Progress 2026-06-27 staged promotion:
rollback, and human approval gates. rollback, and human approval gates.
- `make fix-consistency REPO=railiance-cluster` passed with pre-existing - `make fix-consistency REPO=railiance-cluster` passed with pre-existing
C-12 warnings and synced the T02 status into State Hub. C-12 warnings and synced the T02 status into State Hub.
- Next staged-promotion picks are T03 overlay repo pattern, then T04/T05 - Next staged-promotion picks are T04/T05 command and canary template
command and canary template implementation. implementation; T03 overlay repo pattern is now complete.
Progress 2026-06-27 staged promotion T03:
- Completed `RAIL-BS-WP-0006-T03` in `/home/worsch/railiance-cluster`.
Added `docs/overlay-repo-pattern.md`,
`tools/create_railiance_overlay_repo.sh`, and the `bin/railiance
create-overlay` dispatcher entry. The scaffold writes a separate overlay
repo with `railiance/upstream.toml`, schema-valid `railiance/app.toml`,
stage values, a thin Helm chart, Stage 1 test script, rollback runbook, and
promotion notes without cloning upstream code or handling secrets.
- Verified the generated Forgejo overlay sample against
`schemas/railiance-app.schema.json`; generated Stage 1 script ran with Helm
skipped because Helm is unavailable in this environment.
- `make fix-consistency REPO=railiance-cluster` passed with pre-existing
C-12 warnings and synced the T03 status into State Hub.
## Task: Decide State Hub Migration Strategy ## Task: Decide State Hub Migration Strategy