bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity
109 Commits 19 Branches 0 Tags
b90e478f4b78251450ccc449cc8e5ece8798c164
Commit Graph

109 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mondo Diaz
b90e478f4b Run only unit tests in CI test stage 
Integration tests require Docker Compose services (PostgreSQL, MinIO, Redis)
which aren't available in the CI container. Unit tests run independently.
 2026-01-13 23:01:08 +00:00
Mondo Diaz
b6e5a0fa4d Remove exists rule from frontend_tests for consistent behavior 2026-01-13 22:53:32 +00:00
Mondo Diaz
22c173ec37 Enhance test jobs with caching, coverage, and parallel execution 
CI improvements:
- Add needs: [] to run tests parallel with build (faster pipeline)
- Add pip/npm caching (faster subsequent runs)
- Add 15m timeout to prevent hung jobs
- Add pytest coverage with cobertura report for GitLab
- Add pytest JUnit report for test tab in MR
- Add vitest coverage with cobertura report for GitLab
- Add coverage regex for badge display

Frontend:
- Add @vitest/coverage-v8 dependency
- Configure vitest coverage reporter (text, cobertura, html)
 2026-01-13 22:50:50 +00:00
Mondo Diaz
acd31129e9 Use deps.global.bsf.tools registry for frontend_tests image 2026-01-13 22:45:12 +00:00
Mondo Diaz
b74276ba70 Fix frontend_tests to use correct container registry 2026-01-13 22:44:27 +00:00
Mondo Diaz
085ed898e2 Refactor CI pipeline with templates and add frontend tests 
- Add frontend_tests job (npm run test with Vitest)
- Add verification checks to deploy_stage (health, API, frontend)
- Extract shared YAML anchors: deploy_template, helm_setup, verify_deployment
- Reduce code duplication across deploy jobs
 2026-01-13 22:43:21 +00:00
Mondo Diaz
4ec91b46ed Fix security scan issues and harden docker-compose 
Hadolint fixes:
- Use printf instead of echo for escape sequences
- Add hadolint ignore for apt pin version (DL3008)

KICS fixes (docker-compose):
- Add security_opt: no-new-privileges to all services
- Add mem_limit and cpus to prevent resource exhaustion
- Add healthcheck to orchard-server in docker-compose.yml

Gitleaks:
- Add .gitleaksignore for false positive (s3_key attribute name)
- Remove allow_failure from secrets job (now blocking)

Also:
- Remove || echo fallback from python_tests (tests should fail pipeline)
 2026-01-13 22:40:51 +00:00
Mondo Diaz
d6644e9039 Add comprehensive deployment verification 
- Health endpoint polling with retry loop
- API check (GET /api/v1/projects returns 200)
- Frontend check (HTML is served)
- Clear output with section headers
 2026-01-13 22:28:48 +00:00
Mondo Diaz
f1b0c93f30 Add deployment verification with health check polling 
- Add --wait --timeout 5m to helm upgrade
- Add kubectl rollout status check
- Poll health endpoint for up to 5 minutes (for cert provisioning)
 2026-01-13 22:28:30 +00:00
Mondo Diaz
69180dd9eb Add PROSPER-NOTES.md to gitignore 2026-01-13 22:20:45 +00:00
Mondo Diaz
b07b6a8f8f Add build_image dependency to deploy jobs 2026-01-13 22:14:31 +00:00
Mondo Diaz
ace643bb2e Fix image tag format to match Prosper output (git.linux-amd64-SHA) 2026-01-13 22:06:02 +00:00
Mondo Diaz
f1aae057ed Clean up CI pipeline and remove unused values files 
- Use branch name (CI_COMMIT_REF_SLUG) instead of commit SHA for feature IDs
- Remove commented-out code and unused deploy template
- Fix deploy_stage to use kubectl config use-context
- Remove values-production.yaml and values-external.yaml
 2026-01-13 21:51:50 +00:00
Mondo Diaz
66515f24d4 Add kubectl context to cleanup_feature job 2026-01-13 21:49:28 +00:00
Mondo Diaz
892f63e685 Fix helm path by returning to project root before deploy 2026-01-13 21:37:37 +00:00
Mondo Diaz
cd7c930176 Use kubectl config use-context for agent authentication 2026-01-13 21:28:10 +00:00
Mondo Diaz
0bbfe38293 Test: hardcode agent path to rule out variable interpolation 2026-01-13 21:12:08 +00:00
Mondo Diaz
86567b4ae1 Add GitLab Agent configs with CI/CD access for deployments 2026-01-13 20:08:29 +00:00
Mondo Diaz
d3a47f6167 Fix GitLab Agent paths to use full project:agent format 2026-01-13 19:32:09 +00:00
Armando Diaz
089d4a50df update jobs to use correct image and agents. 2026-01-13 12:05:16 -06:00
Mondo Diaz
f6b79a7af0 Add feature branch deployment pipeline 
- Add deploy_feature job for ephemeral dev environments
- Use unique identifier (feat-{short_sha}) for K8s resource isolation
- Dynamic hostnames for ingress (orchard-{sha}.common.global.bsf.tools)
- Add cleanup_feature job with on_stop for automatic cleanup on merge
- Add values-dev.yaml with lighter resources for ephemeral deployments
- Refactor deploy_stage to use dynamic image tag from CI
 2026-01-13 16:45:48 +00:00
Dane Moss
deda96795b comment out rule block for now 2026-01-13 16:43:49 +00:00
Dane Moss
f555dd6bde try another rule 2026-01-13 16:43:49 +00:00
Dane Moss
36b79485ba update job name 2026-01-13 16:43:49 +00:00
Dane Moss
b58deb4a60 Update .gitlab-ci.yml file 2026-01-13 16:43:49 +00:00
Dane Moss
d3bacfe6b6 Update 2 files 
- /helm/orchard/values-stage.yaml
- /.gitlab-ci.yml
 2026-01-13 16:43:49 +00:00
Dane Moss
0cc4f25362 Merge branch 'update_changelog' into 'main' 
add changelog entry

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!25
 2026-01-12 10:11:50 -07:00
Dane Moss
5c9da9003b add changelog entry 2026-01-12 10:11:50 -07:00
Dane Moss
90bb2a3a39 Merge branch 'feature/auth-system' into 'main' 
Implement authentication system with access control UI

Closes #50 and #18

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!24
 2026-01-12 09:52:35 -07:00
Mondo Diaz
617bcbe89c Implement authentication system with access control UI 2026-01-12 09:52:35 -07:00
Mondo Diaz
1cbd335443 Merge branch 'feature/drag-drop-upload' into 'main' 
Add drag-and-drop upload component with chunked uploads and offline support

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!23
 2026-01-08 11:59:33 -06:00
Mondo Diaz
10d3694794 Add drag-and-drop upload component with chunked uploads and offline support 2026-01-08 11:59:32 -06:00
Mondo Diaz
bccbc71c13 Merge branch 'feature/download-verification' into 'main' 
Add download verification with SHA256 checksum support (#26, #27, #28, #29)

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!22
 2026-01-07 13:36:46 -06:00
Mondo Diaz
35fda65d38 Add download verification with SHA256 checksum support (#26, #27, #28, #29) 2026-01-07 13:36:46 -06:00
Mondo Diaz
08dce6cbb8 Merge branch 'feature/audit-history-api' into 'main' 
Metadata database tracks all uploads with project, package, tag, and timestamp queryable via API

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!21
 2026-01-07 12:31:46 -06:00
Mondo Diaz
2f1891cf01 Metadata database tracks all uploads with project, package, tag, and timestamp queryable via API 2026-01-07 12:31:44 -06:00
Mondo Diaz
81458b3bcb Merge branch 'feature/ref-count-management' into 'main' 
Add ref_count management for deletions with atomic operations and error handling

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!20
 2026-01-06 13:44:23 -06:00
Mondo Diaz
7e68baed08 Add ref_count management for deletions with atomic operations and error handling 2026-01-06 13:44:23 -06:00
Mondo Diaz
66622caf5d Add AGENTS.md to gitignore for OpenCode compatibility 2026-01-05 09:24:33 -06:00
Mondo Diaz
96d79e4127 Merge branch 'fix/helm-minio-ingress-rename' into 'main' 
Fix Helm chart: rename minio.ingress to minioIngress to avoid subchart conflict

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!19
 2025-12-16 12:51:42 -06:00
Mondo Diaz
accba9e404 Fix Helm chart: rename minio.ingress to minioIngress to avoid subchart conflict 2025-12-16 12:51:41 -06:00
Dane Moss
64e420fb58 Merge branch 'cut_new_release' into 'main' 
release new image with presigned URL support for direct s3 downloads as default download mode

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!18
 2025-12-15 15:30:38 -07:00
dane.moss
994f166de8 release new image with presigned URL support for direct s3 downloads as default download mode 2025-12-15 15:17:53 -07:00
Mondo Diaz
8999552949 Merge branch 'feature/presigned-url-downloads' into 'main' 
Add presigned URL support for direct S3 downloads (#48)

Closes #48

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!17
 2025-12-15 16:06:51 -06:00
Mondo Diaz
2df97ae94a Add presigned URL support for direct S3 downloads (#48) 2025-12-15 16:06:51 -06:00
Mondo Diaz
caa0c5af0c Merge branch 'feature/store-sha256-checksums' into 'main' 
Store SHA256 checksums with artifacts and add multiple hash support

Closes #25

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!16
 2025-12-15 14:47:31 -06:00
Mondo Diaz
3fd2747ae4 Store SHA256 checksums with artifacts and add multiple hash support 2025-12-15 14:47:30 -06:00
Mondo Diaz
96367da448 Merge branch 'feature/integrity-verification-design' into 'main' 
Add integrity verification workflow design document

Closes #24

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!15
 2025-12-15 14:00:32 -06:00
Mondo Diaz
2686fdcb89 Add integrity verification workflow design document 2025-12-15 14:00:32 -06:00
Dane Moss
0eb2deb4ca Merge branch 'update_urls' into 'main' 
update URLs to point to BSF

Closes #46

See merge request esv/bsf/bsf-integration/orchard/orchard-mvp!14
 2025-12-15 11:30:07 -07:00