bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity
112 Commits 19 Branches 0 Tags
5ba3c2f3ade234ae76e0a4f98334a89e604eb2d3
Commit Graph

112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mondo Diaz
5ba3c2f3ad Add post-deployment integration tests 
Adds integration test jobs that run after deployment to verify the
deployed application is functioning correctly. Tests cover:
- Health endpoint
- Project creation
- Package creation
- Artifact upload
- Artifact download (with content verification)
- Artifact listing

Each test run creates isolated resources (using unique IDs) and
cleans up after itself. Tests run against the deployed URL for
both stage (main branch) and feature branch deployments.
 2026-01-14 18:15:25 +00:00
Mondo Diaz
52125545cf Run only unit tests in CI test stage 
Integration tests require Docker Compose services (PostgreSQL, MinIO, Redis)
which aren't available in the CI container. Unit tests run independently.
 2026-01-14 18:15:25 +00:00
Mondo Diaz
58bdb208a9 Remove exists rule from frontend_tests for consistent behavior 2026-01-14 18:15:25 +00:00
Mondo Diaz
0c4c263059 Enhance test jobs with caching, coverage, and parallel execution 
CI improvements:
- Add needs: [] to run tests parallel with build (faster pipeline)
- Add pip/npm caching (faster subsequent runs)
- Add 15m timeout to prevent hung jobs
- Add pytest coverage with cobertura report for GitLab
- Add pytest JUnit report for test tab in MR
- Add vitest coverage with cobertura report for GitLab
- Add coverage regex for badge display

Frontend:
- Add @vitest/coverage-v8 dependency
- Configure vitest coverage reporter (text, cobertura, html)
 2026-01-14 18:15:25 +00:00
Mondo Diaz
5087aefdf8 Use deps.global.bsf.tools registry for frontend_tests image 2026-01-14 18:15:25 +00:00
Mondo Diaz
3b54c74912 Fix frontend_tests to use correct container registry 2026-01-14 18:15:25 +00:00
Mondo Diaz
157cb4910f Refactor CI pipeline with templates and add frontend tests 
- Add frontend_tests job (npm run test with Vitest)
- Add verification checks to deploy_stage (health, API, frontend)
- Extract shared YAML anchors: deploy_template, helm_setup, verify_deployment
- Reduce code duplication across deploy jobs
 2026-01-14 18:15:25 +00:00
Mondo Diaz
1a7fb3e5ba Fix security scan issues and harden docker-compose 
Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)

KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml

Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)

Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)
 2026-01-14 18:15:25 +00:00
Mondo Diaz
35d29bba75 Add comprehensive deployment verification 
- Health endpoint polling with retry loop
- API check (GET /api/v1/projects returns 200)
- Frontend check (HTML is served)
- Clear output with section headers
 2026-01-14 18:15:25 +00:00
Mondo Diaz
6cd937881f Add deployment verification with health check polling 
- Add --wait --timeout 5m to helm upgrade
- Add kubectl rollout status check
- Poll health endpoint for up to 5 minutes (for cert provisioning)
 2026-01-14 18:15:25 +00:00
Mondo Diaz
04d3801994 Add PROSPER-NOTES.md to gitignore 2026-01-14 18:15:25 +00:00
Mondo Diaz
b08af27086 Add build_image dependency to deploy jobs 2026-01-14 18:15:25 +00:00
Mondo Diaz
03d1e9b843 Fix image tag format to match Prosper output (git.linux-amd64-SHA) 2026-01-14 18:15:25 +00:00
Mondo Diaz
d8b68da004 Clean up CI pipeline and remove unused values files 
- Use branch name (CI_COMMIT_REF_SLUG) instead of commit SHA for feature IDs
- Remove commented-out code and unused deploy template
- Fix deploy_stage to use kubectl config use-context
- Remove values-production.yaml and values-external.yaml
 2026-01-14 18:15:25 +00:00
Mondo Diaz
09b51f5223 Add kubectl context to cleanup_feature job 2026-01-14 18:15:25 +00:00
Mondo Diaz
1bc9b947bc Fix helm path by returning to project root before deploy 2026-01-14 18:15:25 +00:00
Mondo Diaz
f0cc2c0fbe Use kubectl config use-context for agent authentication 2026-01-14 18:15:25 +00:00
Mondo Diaz
d4ed0aa2e7 Test: hardcode agent path to rule out variable interpolation 2026-01-14 18:15:25 +00:00
Mondo Diaz
74595c68cf Add GitLab Agent configs with CI/CD access for deployments 2026-01-14 18:15:25 +00:00
Mondo Diaz
0327027306 Fix GitLab Agent paths to use full project:agent format 2026-01-14 18:15:25 +00:00
Armando Diaz
deda6e33a0 update jobs to use correct image and agents. 2026-01-14 18:15:25 +00:00
Mondo Diaz
96477db51f Add feature branch deployment pipeline 
- Add deploy_feature job for ephemeral dev environments
- Use unique identifier (feat-{short_sha}) for K8s resource isolation
- Dynamic hostnames for ingress (orchard-{sha}.common.global.bsf.tools)
- Add cleanup_feature job with on_stop for automatic cleanup on merge
- Add values-dev.yaml with lighter resources for ephemeral deployments
- Refactor deploy_stage to use dynamic image tag from CI
 2026-01-14 18:15:25 +00:00
Dane Moss
d8352fde7c comment out rule block for now 2026-01-14 18:15:25 +00:00
Dane Moss
397fa785e1 try another rule 2026-01-14 18:15:25 +00:00
Dane Moss
ce3863212d update job name 2026-01-14 18:15:25 +00:00
Dane Moss
fe68b3e257 Update .gitlab-ci.yml file 2026-01-14 18:15:25 +00:00
Dane Moss
2ebea2f7e3 Update 2 files 
- /helm/orchard/values-stage.yaml
- /.gitlab-ci.yml
 2026-01-14 18:15:25 +00:00
Mondo Diaz
7cfad28f67 Merge branch 'agent-config' into 'main' 
Agent config

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!26
 2026-01-13 15:09:02 -06:00
Mondo Diaz
37666e41a7 Agent config 2026-01-13 15:09:02 -06:00
Dane Moss
0cc4f25362 Merge branch 'update_changelog' into 'main' 
add changelog entry

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!25
 2026-01-12 10:11:50 -07:00
Dane Moss
5c9da9003b add changelog entry 2026-01-12 10:11:50 -07:00
Dane Moss
90bb2a3a39 Merge branch 'feature/auth-system' into 'main' 
Implement authentication system with access control UI

Closes #50 and #18

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!24
 2026-01-12 09:52:35 -07:00
Mondo Diaz
617bcbe89c Implement authentication system with access control UI 2026-01-12 09:52:35 -07:00
Mondo Diaz
1cbd335443 Merge branch 'feature/drag-drop-upload' into 'main' 
Add drag-and-drop upload component with chunked uploads and offline support

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!23
 2026-01-08 11:59:33 -06:00
Mondo Diaz
10d3694794 Add drag-and-drop upload component with chunked uploads and offline support 2026-01-08 11:59:32 -06:00
Mondo Diaz
bccbc71c13 Merge branch 'feature/download-verification' into 'main' 
Add download verification with SHA256 checksum support (#26, #27, #28, #29)

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!22
 2026-01-07 13:36:46 -06:00
Mondo Diaz
35fda65d38 Add download verification with SHA256 checksum support (#26, #27, #28, #29) 2026-01-07 13:36:46 -06:00
Mondo Diaz
08dce6cbb8 Merge branch 'feature/audit-history-api' into 'main' 
Metadata database tracks all uploads with project, package, tag, and timestamp queryable via API

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!21
 2026-01-07 12:31:46 -06:00
Mondo Diaz
2f1891cf01 Metadata database tracks all uploads with project, package, tag, and timestamp queryable via API 2026-01-07 12:31:44 -06:00
Mondo Diaz
81458b3bcb Merge branch 'feature/ref-count-management' into 'main' 
Add ref_count management for deletions with atomic operations and error handling

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!20
 2026-01-06 13:44:23 -06:00
Mondo Diaz
7e68baed08 Add ref_count management for deletions with atomic operations and error handling 2026-01-06 13:44:23 -06:00
Mondo Diaz
66622caf5d Add AGENTS.md to gitignore for OpenCode compatibility 2026-01-05 09:24:33 -06:00
Mondo Diaz
96d79e4127 Merge branch 'fix/helm-minio-ingress-rename' into 'main' 
Fix Helm chart: rename minio.ingress to minioIngress to avoid subchart conflict

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!19
 2025-12-16 12:51:42 -06:00
Mondo Diaz
accba9e404 Fix Helm chart: rename minio.ingress to minioIngress to avoid subchart conflict 2025-12-16 12:51:41 -06:00
Dane Moss
64e420fb58 Merge branch 'cut_new_release' into 'main' 
release new image with presigned URL support for direct s3 downloads as default download mode

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!18
 2025-12-15 15:30:38 -07:00
dane.moss
994f166de8 release new image with presigned URL support for direct s3 downloads as default download mode 2025-12-15 15:17:53 -07:00
Mondo Diaz
8999552949 Merge branch 'feature/presigned-url-downloads' into 'main' 
Add presigned URL support for direct S3 downloads (#48)

Closes #48

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!17
 2025-12-15 16:06:51 -06:00
Mondo Diaz
2df97ae94a Add presigned URL support for direct S3 downloads (#48) 2025-12-15 16:06:51 -06:00
Mondo Diaz
caa0c5af0c Merge branch 'feature/store-sha256-checksums' into 'main' 
Store SHA256 checksums with artifacts and add multiple hash support

Closes #25

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!16
 2025-12-15 14:47:31 -06:00
Mondo Diaz
3fd2747ae4 Store SHA256 checksums with artifacts and add multiple hash support 2025-12-15 14:47:30 -06:00