feat: comprehensive docs, unit tests, docker-compose app services

- Add scheduler and ingestion unit tests (test_scheduler_unit.py, test_ingestion_unit.py) - Add all 13 app services + dashboard to docker-compose.yml - Add full documentation suite: API reference, Helm reference, Docker deployment guide, 3 architecture diagrams (K8s, Docker Compose, data pipeline), AI agent guide, backup/restore guide, observability/metrics reference, per-service docs - Add intelligence pipeline deep-dive docs with Mermaid diagrams - Update README with documentation index and links - Add specs for comprehensive-quality-docs, intelligence-pipeline-deep-dive, sanitized-pipeline-docs
2026-04-22 02:56:41 +00:00
parent f251c53f92
commit 88ad1e8d99
57 changed files with 13318 additions and 51 deletions
@@ -0,0 +1,63 @@
+# CronJob + RBAC to clean up orphaned Woodpecker step secrets (wp-*-step-secret)
+# These accumulate when builds fail or are cancelled before cleanup runs.
+# Runs every 6 hours. TTL auto-deletes completed Job pods after 5 minutes.
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: wp-secret-cleanup
+  namespace: woodpecker
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: wp-secret-cleanup
+  namespace: woodpecker
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: wp-secret-cleanup
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: woodpecker
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: cleanup-wp-step-secrets
+  namespace: woodpecker
+spec:
+  schedule: "0 */6 * * *"
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      ttlSecondsAfterFinished: 300
+      template:
+        spec:
+          serviceAccountName: default
+          restartPolicy: Never
+          containers:
+            - name: cleanup
+              image: registry.celestium.life/dockerhub-cache/bitnami/kubectl:latest
+              command:
+                - /bin/sh
+                - -c
+                - |
+                  echo 'Cleaning up orphaned Woodpecker step secrets...'
+                  SECRETS=$(kubectl get secret -n woodpecker -o name | grep 'wp-.*step-secret')
+                  COUNT=$(echo "$SECRETS" | grep -c 'step-secret' || true)
+                  echo "Found $COUNT orphaned step secrets"
+                  if [ "$COUNT" -gt 0 ]; then
+                    echo "$SECRETS" | while read s; do
+                      kubectl delete -n woodpecker "$s" 2>/dev/null || true
+                    done
+                    echo "Cleanup complete"
+                  else
+                    echo "Nothing to clean"
+                  fi