jordan/rdev
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7249575dea
rdev/.woodpecker.yml
jordan a9ad3d8304
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
chore: accumulated platform hardening and CI fixes 
CI / Woodpecker:
- Add explicit depends_on to all .woodpecker.yml steps (rdev + templates)
- Fix skip_tls_verify -> skip-tls-verify (correct Kaniko flag name)
- Add replicasets get/list to deployer RBAC for rollout status
- Skeleton template: add failure:ignore on docs steps, Traefik TLS
  annotations on ingress, depends_on on verify step

Component templates:
- Fix container name in deploy steps (PROJECT_NAME-COMPONENT_NAME)
- Replace kubectl scale with kubectl patch for replicas
- Add post-deploy image verification and rollout status checks
- Applied consistently across all 5 component templates

Adapters:
- gitea: Add HTTP client timeout (30s), context cancellation checks,
  handle 404 on GetRepo/DeleteRepo
- zot: Add retry with exponential backoff (doWithRetry), limit response
  body reads to 10MB
- cockroach: Use net.JoinHostPort for IPv6-safe DSN construction
- woodpecker: Fix error wrapping (%v -> %w)
- redis: Fix error wrapping (%v -> %w)
- deployer: Add context cancellation checks

Services:
- apikey_service: Fix error wrapping (%v -> %w)
- component_deploy: Fix error wrapping (%v -> %w)
- project_infra: Fix error wrapping (%v -> %w)
- webhook/dispatcher: Fix error wrapping (%v -> %w)

Other:
- CLAUDE.md: Add guide links for Gitea, Go 1.25, Woodpecker v3,
  Traefik v3, Zot registry
- circuitbreaker: Add test for error wrapping
- docs: Update deployment, troubleshooting, and runbook docs
- health: Fix error wrapping (%v -> %w)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-10 23:16:56 -07:00

90 lines
2.6 KiB
YAML
Raw Blame History

# Woodpecker CI for rdev platform
# Builds and deploys rdev-api, rdev-worker, and rdev-claudebox
#
# TODO: Remove skip-tls-verify from Kaniko steps once cert verification is tested.
# Registry has valid LE cert via Traefik — Kaniko should be able to verify it.
# Test by removing from one step first. If Kaniko can't verify (runs inside
# cluster hitting internal service), mount the CA bundle instead.
variables:
- &when_main
branch: main
event: push
steps:
# Run tests first
test:
image: golang:1.25-alpine
depends_on: []
commands:
- apk add --no-cache git
- go test ./...
# Build rdev-api image
build-api:
image: woodpeckerci/plugin-kaniko
depends_on: [test]
settings:
registry: registry.threesix.ai
repo: rdev/api
tags:
- latest
- ${CI_COMMIT_SHA:0:8}
context: .
dockerfile: Dockerfile.api
cache: true
skip-tls-verify: true
when:
<<: *when_main
# Build rdev-worker image
build-worker:
image: woodpeckerci/plugin-kaniko
depends_on: [test]
settings:
registry: registry.threesix.ai
repo: rdev/worker
tags:
- latest
- ${CI_COMMIT_SHA:0:8}
context: .
dockerfile: Dockerfile.worker
cache: true
skip-tls-verify: true
when:
<<: *when_main
# Build rdev-claudebox image
build-claudebox:
image: woodpeckerci/plugin-kaniko
depends_on: [test]
settings:
registry: registry.threesix.ai
repo: rdev/claudebox
tags:
- latest
- ${CI_COMMIT_SHA:0:8}
context: .
dockerfile: Dockerfile
cache: true
skip-tls-verify: true
when:
<<: *when_main
# Deploy to k3s cluster
deploy:
image: bitnami/kubectl:latest
depends_on: [build-api, build-worker, build-claudebox]
commands:
- echo "Deploying rdev-api..."
- kubectl set image deployment/rdev-api rdev-api=registry.threesix.ai/rdev/api:${CI_COMMIT_SHA:0:8} -n rdev
- kubectl rollout status deployment/rdev-api -n rdev --timeout=120s
- echo "Deploying rdev-worker..."
- kubectl set image deployment/rdev-worker worker=registry.threesix.ai/rdev/worker:${CI_COMMIT_SHA:0:8} claudebox=registry.threesix.ai/rdev/claudebox:${CI_COMMIT_SHA:0:8} -n rdev
- kubectl rollout status deployment/rdev-worker -n rdev --timeout=120s
- echo "Deploying claudebox statefulset..."
- kubectl set image statefulset/claudebox claudebox=registry.threesix.ai/rdev/claudebox:${CI_COMMIT_SHA:0:8} -n rdev
- kubectl rollout status statefulset/claudebox -n rdev --timeout=300s
when:
<<: *when_main
Reference in New Issue View Git Blame Copy Permalink