Document Forgejo tier 2.5: operator SSH, templates, railiance stack promotion

Record tegwick SSH identity, enablement workflow templates, and five railiance
repos on Forgejo with ci-smoke. Update state-hub gate checklist.
This commit is contained in:
codex
2026-07-04 12:51:05 +02:00
parent 5d3270e564
commit dd0ee14f50

View File

@@ -83,7 +83,7 @@ git push "https://<user>:<token>@forgejo.coulomb.social/coulomb/<repo>.git" main
| Gap | Impact | Mitigation for next repos |
| --- | --- | --- |
| `tegwick` Gitea user not on Forgejo | SSH as `git@92.205.130.254` (Gitea) ≠ `git@92.205.62.239` (Forgejo); keys are per-forge | Register operator keys on Forgejo users before cutover; or use `forgejo_admin` interim |
| ~~`tegwick` not on Forgejo~~ | **Resolved 2026-07-04**`tegwick` admin user + `workstation-automation` SSH key; `forgejo-remote` greets `Hi there, tegwick!` | Add other operator keys before team cutover |
| No automated Gitea→Forgejo mirror | Gitea copy drifts after Forgejo becomes canonical | Staged cutover: freeze Gitea pushes, one-way mirror, or retire Gitea remote after verification |
| `actions/checkout@v4` on host runner | Breaks multi-step workflows that depend on checkout | `git clone` in `run:` step (see image-build probe) |
| Issues/wiki/releases/LFS | Not exercised in pilot | Classify per repo in migration inventory before production repos |
@@ -123,14 +123,35 @@ tar xzf /tmp/repo.tar.gz -C buildctx --strip-components=1
Image: `forgejo.coulomb.social/coulomb/key-cape:latest`
## Tier 2.5 — railiance stack (2026-07-04)
Infra/platform repos promoted before tier-3 production set. Canonical remote is
Forgejo; Gitea `gitea` remote retained for rollback mirror.
| Repo | Forgejo | `origin` | CI workflow | Notes |
| --- | --- | --- | --- | --- |
| `railiance-enablement` | yes | `forgejo-remote` | `ci-smoke` + templates in `workflows/` | S4 canonical templates |
| `railiance-infra` | yes | `forgejo-remote` | `ci-smoke` | |
| `railiance-apps` | yes | `forgejo-remote` | `ci-smoke` | |
| `railiance-platform` | yes | `forgejo-remote` | `ci-smoke` | Local uncommitted `Makefile`/helm edits not in promotion |
| `railiance-cluster` | yes | `forgejo-remote` | `ci-smoke` | |
Promotion helper: `railiance-enablement/tools/promote-repo-to-forgejo.sh`
Template docs: `railiance-enablement/docs/forgejo-actions-workflow-templates.md`
Operator SSH (2026-07-04): user `tegwick` on Forgejo (admin, `coulomb` Owners
team); workstation key moved from `forgejo_admin` to `tegwick`.
## Not ready for state-hub yet
Before `state-hub`, the ladder still needs:
- [ ] Operator/user SSH identity on Forgejo (not only `forgejo_admin`)
- [ ] Reusable workflow template with `hub-core` build context (multi-repo checkout)
- [x] Operator/user SSH identity on Forgejo (`tegwick` + workstation key)
- [x] Reusable workflow templates in `railiance-enablement` (incl. multi-repo / `hub-core` context template)
- [ ] State Hub `remote_url` + sweep checkout path update playbook
- [ ] Gitea read-only mirror or push-disable policy for repos after cutover
- [ ] Scheduled Forgejo backups (disaster-control track; restore drill passed)
## References