Print ORCHARD_TEST_URL and ORCHARD_TEST_PASSWORD to diagnose
why tests are failing with 401 - the password variable may not
be reaching the pytest execution.
- Replace in-cluster k8s jobs with standard CI runner execution
- Use STAGE_ADMIN_PASSWORD CI variable instead of Secrets Manager
- Simplify reset_stage_template (no longer needs kubectl/IRSA)
- integration_test_stage now uses standard integration_test_template
Requires setting STAGE_ADMIN_PASSWORD CI variable in GitLab settings.
- Add ORCHARD_ADMIN_PASSWORD env var to set initial admin password
- When set, admin user created without forced password change
- Add AWS Secrets Manager support for stage/prod deployments
- Add .env file support for local docker development
- Add Helm chart auth config (adminPassword, existingSecret, secretsManager)
Environments configured:
- Local: .env file or defaults to changeme123
- Feature/dev: orchardtest123 (hardcoded in values-dev.yaml)
- Stage: AWS Secrets Manager (orchard-stage-creds)
- Prod: AWS Secrets Manager (orch-prod-creds)
- Add create_default_admin() call to factory reset (admin user wasn't being
created after reset, only on server restart)
- Add retry logic to reset_stage CI job (3 attempts with 5s delay)
- Use proper context manager for httpx client
- Increase timeout to 120s for reset operation
- Add retry: 1 at job level for transient failures
- Backend: Python 3.12 with FastAPI, SQLAlchemy, boto3
- Frontend: React 18 with TypeScript, Vite build tooling
- Updated Dockerfile for multi-stage Node + Python build
- Updated CI pipeline for Python backend
- Removed old Go code (cmd/, internal/, go.mod, go.sum)
- Updated README with new tech stack documentation
- Helm chart with PostgreSQL, MinIO, Redis as optional subcharts
- Production and external infrastructure value files
- HPA, Ingress, and health probe support
- GitLab CI pipeline using Buildah for container builds
- Multi-stage pipeline: test, build, publish
