Three bugs in the notify provisioner DNS record upsert:
1. rec.Record ("DKIM"/"SPF") was used as the DNS record type — Cloudflare
doesn't know those labels. Fix: use rec.DNSType ("TXT"/"MX") from the
resendDNSRecord.type JSON field, which is the actual DNS record type.
2. rec.Name from Resend is already relative to the zone apex
(e.g., "resend._domainkey.mail.project-name"), not relative to the
registered domain. Code was doing rec.Name + "." + host which produced
a doubled subdomain. Fix: pass rec.Name directly — Cloudflare's
normalizeName appends ".baseDomain" to build the correct FQDN.
3. MX records have priority 10 in Resend's response but DNSRecord had no
Priority field and Cloudflare CreateRecord/UpdateRecord didn't send it.
Fix: add Priority int to domain.DNSRecord and include it in the body
for both Create and Update when non-zero.
These bugs caused DKIM/SPF DNS records to never be created for any project.
Re-provision affected projects using POST /projects/{id}/notify/provision
after clearing NOTIFY_RESEND_DOMAIN_ID from the credential store.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add Gitea, Cloudflare DNS, and Kubernetes deployer adapters following
hexagonal architecture. These enable automated project provisioning:
- Git repository creation/management via Gitea
- DNS record management via Cloudflare
- Container deployment to Kubernetes
Includes domain models, ports, handlers, and Woodpecker CI webhook
integration for automated deployments on push.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
