bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity
106 Commits 19 Branches 0 Tags
157cb4910fb0110913b7a972d2645a6ba8cd853c
Commit Graph

33 Commits

Author SHA1 Message Date
Mondo Diaz
157cb4910f Refactor CI pipeline with templates and add frontend tests 
- Add frontend_tests job (npm run test with Vitest)
- Add verification checks to deploy_stage (health, API, frontend)
- Extract shared YAML anchors: deploy_template, helm_setup, verify_deployment
- Reduce code duplication across deploy jobs
 2026-01-14 18:15:25 +00:00
Mondo Diaz
1a7fb3e5ba Fix security scan issues and harden docker-compose 
Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)

KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml

Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)

Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)
 2026-01-14 18:15:25 +00:00
Mondo Diaz
35d29bba75 Add comprehensive deployment verification 
- Health endpoint polling with retry loop
- API check (GET /api/v1/projects returns 200)
- Frontend check (HTML is served)
- Clear output with section headers
 2026-01-14 18:15:25 +00:00
Mondo Diaz
6cd937881f Add deployment verification with health check polling 
- Add --wait --timeout 5m to helm upgrade
- Add kubectl rollout status check
- Poll health endpoint for up to 5 minutes (for cert provisioning)
 2026-01-14 18:15:25 +00:00
Mondo Diaz
b08af27086 Add build_image dependency to deploy jobs 2026-01-14 18:15:25 +00:00
Mondo Diaz
03d1e9b843 Fix image tag format to match Prosper output (git.linux-amd64-SHA) 2026-01-14 18:15:25 +00:00
Mondo Diaz
d8b68da004 Clean up CI pipeline and remove unused values files 
- Use branch name (CI_COMMIT_REF_SLUG) instead of commit SHA for feature IDs
- Remove commented-out code and unused deploy template
- Fix deploy_stage to use kubectl config use-context
- Remove values-production.yaml and values-external.yaml
 2026-01-14 18:15:25 +00:00
Mondo Diaz
09b51f5223 Add kubectl context to cleanup_feature job 2026-01-14 18:15:25 +00:00
Mondo Diaz
1bc9b947bc Fix helm path by returning to project root before deploy 2026-01-14 18:15:25 +00:00
Mondo Diaz
f0cc2c0fbe Use kubectl config use-context for agent authentication 2026-01-14 18:15:25 +00:00
Mondo Diaz
d4ed0aa2e7 Test: hardcode agent path to rule out variable interpolation 2026-01-14 18:15:25 +00:00
Mondo Diaz
0327027306 Fix GitLab Agent paths to use full project:agent format 2026-01-14 18:15:25 +00:00
Armando Diaz
deda6e33a0 update jobs to use correct image and agents. 2026-01-14 18:15:25 +00:00
Mondo Diaz
96477db51f Add feature branch deployment pipeline 
- Add deploy_feature job for ephemeral dev environments
- Use unique identifier (feat-{short_sha}) for K8s resource isolation
- Dynamic hostnames for ingress (orchard-{sha}.common.global.bsf.tools)
- Add cleanup_feature job with on_stop for automatic cleanup on merge
- Add values-dev.yaml with lighter resources for ephemeral deployments
- Refactor deploy_stage to use dynamic image tag from CI
 2026-01-14 18:15:25 +00:00
Dane Moss
d8352fde7c comment out rule block for now 2026-01-14 18:15:25 +00:00
Dane Moss
397fa785e1 try another rule 2026-01-14 18:15:25 +00:00
Dane Moss
ce3863212d update job name 2026-01-14 18:15:25 +00:00
Dane Moss
fe68b3e257 Update .gitlab-ci.yml file 2026-01-14 18:15:25 +00:00
Dane Moss
2ebea2f7e3 Update 2 files 
- /helm/orchard/values-stage.yaml
- /.gitlab-ci.yml
 2026-01-14 18:15:25 +00:00
Mondo Diaz
7e68baed08 Add ref_count management for deletions with atomic operations and error handling 2026-01-06 13:44:23 -06:00
Dane Moss
bc3da14d50 Add prosper config 2025-12-12 13:52:27 -07:00
Mondo Diaz
386ea0df4d Add NPM_REGISTRY build arg support in Dockerfile 
- Accept NPM_REGISTRY ARG in frontend build stage
- Configure npm registry before install if provided
- Add build-arg to MR build stage in CI
 2025-12-05 17:58:12 -06:00
Armando Diaz
2105fca189 add npm repo 2025-12-05 17:53:15 -06:00
Armando Diaz
9fb54970e8 trim ci jobs for now 2025-12-05 17:27:56 -06:00
Mondo Diaz
2261bfc830 Rewrite from Go + vanilla JS to Python (FastAPI) + React (TypeScript) 
- Backend: Python 3.12 with FastAPI, SQLAlchemy, boto3
- Frontend: React 18 with TypeScript, Vite build tooling
- Updated Dockerfile for multi-stage Node + Python build
- Updated CI pipeline for Python backend
- Removed old Go code (cmd/, internal/, go.mod, go.sum)
- Updated README with new tech stack documentation
 2025-12-05 17:16:43 -06:00
Armando Diaz
343f7bfc59 will setup deploy job later 2025-12-05 16:59:01 -06:00
Armando Diaz
f0a4bf11c3 start deploy job config 2025-12-05 08:51:25 -06:00
Armando Diaz
214a485ad9 update build ci 2025-12-04 19:13:57 -06:00
Armando Diaz
5861f9639a install missing deps 2025-12-04 17:34:10 -06:00
Armando Diaz
b6493c55d0 set missing var 2025-12-04 17:32:41 -06:00
Armando Diaz
f2698e48e7 fix typo 2025-12-04 17:22:57 -06:00
Armando Diaz
a46e968a3c test building 2025-12-04 17:18:06 -06:00
Mondo Diaz
cd75cb864d Add Helm chart and GitLab CI pipeline 
- Helm chart with PostgreSQL, MinIO, Redis as optional subcharts
- Production and external infrastructure value files
- HPA, Ingress, and health probe support
- GitLab CI pipeline using Buildah for container builds
- Multi-stage pipeline: test, build, publish
 2025-12-04 14:57:46 -06:00