Cleanup: improve pod naming, remove dead code, update docs
This commit is contained in:
Mondo Diaz
59
README.md
59
README.md
@@ -46,6 +46,12 @@ Orchard is a centralized binary artifact storage system that provides content-ad
|
||||
- `.whl` - Python wheels (name, version, author)
|
||||
- `.jar` - Java JARs (manifest info, Maven coordinates)
|
||||
- `.zip` - ZIP files (file count, uncompressed size)
|
||||
- **Authentication** - Multiple authentication methods:
|
||||
- Session-based login with username/password
|
||||
- API keys for programmatic access (`orch_` prefixed tokens)
|
||||
- OIDC integration for SSO
|
||||
- Admin user management
|
||||
- **Garbage Collection** - Clean up orphaned artifacts (ref_count=0) via admin API
|
||||
|
||||
### API Endpoints
|
||||
|
||||
@@ -522,15 +528,48 @@ Configuration is provided via environment variables prefixed with `ORCHARD_`:
|
||||
| `ORCHARD_DOWNLOAD_MODE` | Download mode: `presigned`, `redirect`, or `proxy` | `presigned` |
|
||||
| `ORCHARD_PRESIGNED_URL_EXPIRY` | Presigned URL expiry in seconds | `3600` |
|
||||
|
||||
## CI/CD Pipeline
|
||||
|
||||
The GitLab CI/CD pipeline automates building, testing, and deploying Orchard.
|
||||
|
||||
### Pipeline Stages
|
||||
|
||||
| Stage | Jobs | Description |
|
||||
|-------|------|-------------|
|
||||
| lint | `kics`, `hadolint`, `secrets` | Security and code quality scanning |
|
||||
| build | `build_image` | Build and push Docker image |
|
||||
| test | `python_tests`, `frontend_tests` | Run unit tests with coverage |
|
||||
| deploy | `deploy_stage`, `deploy_feature` | Deploy to Kubernetes |
|
||||
| deploy | `integration_test_*` | Post-deployment integration tests |
|
||||
|
||||
### Environments
|
||||
|
||||
| Environment | Branch | Namespace | URL |
|
||||
|-------------|--------|-----------|-----|
|
||||
| Stage | `main` | `orch-stage-namespace` | `orchard-stage.common.global.bsf.tools` |
|
||||
| Feature | `*` (non-main) | `orch-dev-namespace` | `orchard-{branch}.common.global.bsf.tools` |
|
||||
|
||||
### Feature Branch Workflow
|
||||
|
||||
1. Push a feature branch
|
||||
2. Pipeline builds, tests, and deploys to isolated environment
|
||||
3. Integration tests run against the deployed environment
|
||||
4. GitLab UI shows environment link for manual testing
|
||||
5. On merge to main, environment is automatically cleaned up
|
||||
6. Environments also auto-expire after 1 week if branch is not deleted
|
||||
|
||||
### Manual Cleanup
|
||||
|
||||
Feature environments can be manually cleaned up via:
|
||||
- GitLab UI: Environments → Stop environment
|
||||
- CLI: `helm uninstall orchard-{branch} -n orch-dev-namespace`
|
||||
|
||||
## Kubernetes Deployment
|
||||
|
||||
### Using Helm
|
||||
|
||||
```bash
|
||||
# Add Bitnami repo for dependencies
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
|
||||
# Update dependencies
|
||||
# Update dependencies (uses internal OCI registry)
|
||||
cd helm/orchard
|
||||
helm dependency update
|
||||
|
||||
@@ -593,10 +632,16 @@ The following features are planned but not yet implemented:
|
||||
- [ ] Export/Import for air-gapped systems
|
||||
- [ ] Consumer notification
|
||||
- [ ] Automated update propagation
|
||||
- [ ] OIDC/SAML authentication
|
||||
- [ ] API key management
|
||||
- [ ] SAML authentication
|
||||
- [ ] Redis caching layer
|
||||
- [ ] Garbage collection for orphaned artifacts
|
||||
- [ ] Download integrity verification (see `docs/design/integrity-verification.md`)
|
||||
|
||||
### Recently Implemented
|
||||
|
||||
- [x] OIDC authentication
|
||||
- [x] API key management
|
||||
- [x] Garbage collection for orphaned artifacts
|
||||
- [x] User authentication with sessions
|
||||
|
||||
## License
|
||||
|
||||
|
||||
Reference in New Issue
Block a user