admin/stonks-oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: migrate CI/CD from GHCR to local Harbor registry

Browse Source 
- Makefile: GHCR -> registry.celestium.life/stonks-oracle
- GitHub Actions: login to Harbor, use HARBOR_PASSWORD secret
- infra/k8s/*.yaml: all image refs -> registry.celestium.life
- inttest pipeline: remove GHCR pull secret (local registry, no auth)
- Steering docs: update registry/git endpoints
This commit is contained in:
Celes Renata
2026-04-19 07:34:28 +00:00
parent 0f2cb41b29
commit 5be3ce2db9
16 changed files with 44 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.kiro/steering/kubernetes-conventions.md
+2 -3
View File
@@ -13,7 +13,7 @@ The namespace is NOT managed by Helm — it's created by `runmefirst.sh` with He
- Services defined in `values.yaml` under `services:` — the deployments template iterates over them
- Adding a new service: add entry to `values.yaml`, add network policy if it needs ingress, add ingress if it needs external access
- Dashboard uses nginx-unprivileged on port 8080 (not 80)
- Superset uses custom image `ghcr.io/celesrenata/stonks-oracle/superset:latest` with trino + psycopg2 drivers
- Superset uses custom image `registry.celestium.life/stonks-oracle/superset:latest` with trino + psycopg2 drivers
## TLS
- Internal services: use `ca-issuer` ClusterIssuer (local CA)
@@ -44,9 +44,8 @@ The namespace is NOT managed by Helm — it's created by `runmefirst.sh` with He
- Ollama: `ollama.ollama-service.svc.cluster.local:11434`
## Images
- All images from `ghcr.io/celesrenata/stonks-oracle/<service>:latest`
- All images from `registry.celestium.life/stonks-oracle/<service>:latest`
- Use `imagePullPolicy: Always`
- Use `imagePullSecrets` referencing `ghcr-credentials`
## Labels
- `app.kubernetes.io/part-of: stonks-oracle`
.kiro/steering/project-context.md
+5 -3
View File
@@ -29,18 +29,20 @@ Three-layer signal aggregation engine:
- Trading Engine: `https://stonks-trading.celestium.life`
- Superset: `https://stonks-dash.celestium.life`
- Trino: `https://stonks-trino.celestium.life`
- Gitea: `https://git.celestium.life`
- Harbor Registry: `https://registry.celestium.life`
## Infrastructure
- Kubernetes cluster: 4x NixOS nodes (gremlin-1 through gremlin-4), reachable via `kubectl`, `virtctl`, `ssh root@gremlin-{1,2,3,4}`
- NixOS configs stored at `/etc/nixos` on gremlin-1, git-pushed to other hosts
- Ingress: Traefik, domain `*.celestium.life`
- Cert-Manager: `ca-issuer` (local CA) for internal services
- Container registry: `ghcr.io/celesrenata/stonks-oracle`
- Container registry: `registry.celestium.life/stonks-oracle`
## CI/CD
- GitHub Actions workflow at `.github/workflows/build.yml`
- Push to `main` triggers: lint → pytest → frontend vitest → build all service images + dashboard + superset → push to GHCR
- Images tagged as `ghcr.io/celesrenata/stonks-oracle/<service>:<sha>` and `:latest`
- Push to `main` triggers: lint → pytest → frontend vitest → build all service images + dashboard + superset → push to Harbor
- Images tagged as `registry.celestium.life/stonks-oracle/<service>:<sha>` and `:latest`
- Dashboard image: `frontend/Dockerfile` (multi-stage: node:24 → nginx-unprivileged on port 8080)
- Superset image: `docker/Dockerfile.superset` (apache/superset + trino + psycopg2)
- Python service images: `docker/Dockerfile` with `SERVICE_CMD` build arg