bitforge/orchard
3
0
Fork 0
Code Projects Wiki Activity

Compare commits

base: bitforge:b2a860bafddbf6402077131fc2c42f391d7b0413
Branches Tags
bitforge:main bitforge:fix/pypi-proxy-timeout bitforge:feature/transparent-proxy bitforge:fix/upstream-caching-bugs-2 bitforge:fix/purge-seed-data-user-id bitforge:fix/upstream-caching-bugs bitforge:feature/proxy-schema bitforge:fix/migration-rollback bitforge:fix/teams-migration-runtime-v2 bitforge:fix/teams-migration-runtime bitforge:feature/multi-tenancy-teams bitforge:feature/stage-password-ci-var bitforge:feature/admin-password-env-var bitforge:feature/package-dependencies bitforge:fix/reset-stage-before-tests bitforge:fix/release-wait-for-stage-tests bitforge:fix/ci-prod-namespace bitforge:fix/factory-reset-admin-user bitforge:feature/stage-reset-job
..
compare: bitforge:fix/ci-prod-namespace
Branches Tags
bitforge:main bitforge:fix/pypi-proxy-timeout bitforge:feature/transparent-proxy bitforge:fix/upstream-caching-bugs-2 bitforge:fix/purge-seed-data-user-id bitforge:fix/upstream-caching-bugs bitforge:feature/proxy-schema bitforge:fix/migration-rollback bitforge:fix/teams-migration-runtime-v2 bitforge:fix/teams-migration-runtime bitforge:feature/multi-tenancy-teams bitforge:feature/stage-password-ci-var bitforge:feature/admin-password-env-var bitforge:feature/package-dependencies bitforge:fix/reset-stage-before-tests bitforge:fix/release-wait-for-stage-tests bitforge:fix/ci-prod-namespace bitforge:fix/factory-reset-admin-user bitforge:feature/stage-reset-job

3 Commits
b2a860bafd ... fix/ci-pro

Author SHA1 Message Date
Mondo Diaz
0e01e17dfe Add gitleaks fingerprint for test file false positive 2026-01-23 21:55:13 +00:00
Mondo Diaz
ca46ab1ea0 Make release job wait for stage integration tests 
Add needs: [integration_test_stage, changelog] to release job override.
This ensures the tag (which triggers prod deploy) is only created after
stage integration tests pass, preventing race conditions between pipelines.
 2026-01-23 19:55:39 +00:00
Mondo Diaz
a01c45cb64 Fix production CI deployment and simplify tag pipeline 
- Change prod namespace from orch-prod-namespace to orch-namespace
- Skip all build/test/scan jobs on tag pipelines (image already built on main)
- Tag pipelines now only run deploy_prod and smoke_test_prod
 2026-01-23 13:38:31 -06:00
3 changed files with 12 additions and 35 deletions
Expand all files Collapse all files

34
.gitlab-ci.yml
View File

@@ -197,10 +197,20 @@ release:
PYTEST_SCRIPT PYTEST_SCRIPT
# Integration tests for stage deployment (full suite) # Integration tests for stage deployment (full suite)
# Reset stage template - shared by pre and post test reset jobs integration_test_stage:
<<: *integration_test_template
needs: [deploy_stage]
variables:
ORCHARD_TEST_URL: $STAGE_URL
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
when: on_success
# Reset stage environment after integration tests (clean slate for next run)
# Calls the /api/v1/admin/factory-reset endpoint which handles DB and S3 cleanup # Calls the /api/v1/admin/factory-reset endpoint which handles DB and S3 cleanup
.reset_stage_template: &reset_stage_template reset_stage:
stage: deploy stage: deploy
needs: [integration_test_stage]
image: deps.global.bsf.tools/docker/python:3.12-slim image: deps.global.bsf.tools/docker/python:3.12-slim
timeout: 5m timeout: 5m
retry: 1 # Retry once on transient failures retry: 1 # Retry once on transient failures
@@ -274,26 +284,6 @@ release:
rules: rules:
- if: '$CI_COMMIT_BRANCH == "main"' - if: '$CI_COMMIT_BRANCH == "main"'
when: on_success when: on_success
# Reset stage BEFORE integration tests (ensure known state)
reset_stage_pre:
<<: *reset_stage_template
needs: [deploy_stage]
# Integration tests for stage deployment (full suite)
integration_test_stage:
<<: *integration_test_template
needs: [reset_stage_pre]
variables:
ORCHARD_TEST_URL: $STAGE_URL
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
when: on_success
# Reset stage AFTER integration tests (clean slate for next run)
reset_stage:
<<: *reset_stage_template
needs: [integration_test_stage]
allow_failure: true # Don't fail pipeline if reset has issues allow_failure: true # Don't fail pipeline if reset has issues
# Integration tests for feature deployment (full suite) # Integration tests for feature deployment (full suite)

8
.gitleaks.toml
View File

@@ -1,8 +0,0 @@
# Gitleaks configuration
# https://github.com/gitleaks/gitleaks#configuration
[allowlist]
# Test files that contain variable names matching secret patterns (e.g., s3_key)
paths = [
'''backend/tests/.*\.py''',
]

5
CHANGELOG.md
View File

@@ -7,15 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Changed ### Changed
- Added pre-test stage reset to ensure known environment state before integration tests (#54)
## [0.5.1] - 2026-01-23
### Changed
- Simplified tag pipeline to only run deploy and smoke tests (image already built on main) (#54) - Simplified tag pipeline to only run deploy and smoke tests (image already built on main) (#54)
### Fixed ### Fixed
- Fixed production CI deployment namespace to use correct `orch-namespace` (#54) - Fixed production CI deployment namespace to use correct `orch-namespace` (#54)
- Added gitleaks config to allowlist test files from secret scanning (#54)
## [0.5.0] - 2026-01-23 ## [0.5.0] - 2026-01-23
### Added ### Added