a9be904afe
fix: guard ghcr-secret template against nil ghcrAuth values
2026-04-19 19:51:29 +00:00
886911149f
ci: add unshallow fetch and suppress ssh-keyscan stderr in mirror step
2026-04-19 19:46:11 +00:00
1f69a27e3b
fix: replace mktemp with PID-based temp path for BusyBox compat
...
BusyBox mktemp in alpine/k8s doesn't support .json suffix in template.
The mktemp failure triggered set -e, causing pipeline to report failure
despite all 93 tests passing.
2026-04-19 19:35:02 +00:00
4df513d096
fix: remove bucket-init job, wait for pods before readiness check
...
- Remove minio-bucket-init Job entirely (seed_minio.py creates bucket)
- Wait for pods to exist before kubectl wait --for=condition=ready
- Fixes 'no matching resources found' race when pods are still ContainerCreating
2026-04-19 19:25:49 +00:00
b2b8aca7c6
fix: inttest runner crash and minio bucket-init proxy issue
...
- Remove --profiling-output arg from runner.yaml (plugin uses default path)
- Inline profiling hooks in root conftest.py with graceful fallback
- Replace mc-based bucket-init with Python urllib (no proxy interference)
- Add explicit ProxyHandler({}) to guarantee no proxy usage in bucket-init
2026-04-19 19:15:20 +00:00
ed6c0a2ade
ci: copy root conftest.py into image for pytest profiling plugin
2026-04-19 18:44:25 +00:00
318bc19a71
ci: COPY tests/ into service images for inttest seed_sandbox
2026-04-19 18:22:38 +00:00
330f885822
ci: include tests/ in Docker images for inttest seed_sandbox module
2026-04-19 15:16:18 +00:00
d21cc09109
fix: hardcode Harbor cache URLs in FROM lines to bypass Docker Hub rate limits
2026-04-19 09:41:28 +00:00
aaa5c26fe1
fix: use comma-separated build_args format for woodpecker-buildx plugin
2026-04-19 09:36:06 +00:00
3303976f84
fix: use BASE_REGISTRY arg to route all FROM pulls through Harbor cache
...
Default: docker.io (unchanged for external builds)
Woodpecker passes: registry.celestium.life/dockerhub-cache
2026-04-19 09:29:54 +00:00
37e1ad17ea
fix: use BASE_IMAGE build args to pull through Harbor cache, avoid Docker Hub rate limits
...
Dockerfiles default to Docker Hub images (unchanged for external builds).
Woodpecker passes registry.celestium.life/dockerhub-cache/... via build args.
2026-04-19 09:24:43 +00:00
b2e6b6334c
fix: add buildkit registry mirrors to pull Docker Hub/GHCR through Harbor cache
2026-04-19 09:11:50 +00:00
d76c8ffe59
fix: use host network for buildkit driver to resolve registry.celestium.life
2026-04-19 09:10:03 +00:00
4ebf75134f
ci: clear proxy env in minio-bucket-init, capture seed pod logs on failure
2026-04-19 08:55:52 +00:00
0acb787892
feat: pull Woodpecker step images through Harbor dockerhub-cache
...
Only affects .woodpecker.yml (Gitea/local CI). Dockerfiles and
GitHub Actions workflow unchanged — external builds still pull
from Docker Hub directly.
2026-04-19 08:11:03 +00:00
98764dd3f3
fix: add Harbor registry login to Woodpecker build steps
2026-04-19 07:56:55 +00:00
911e42996b
fix: use HARBOR_USERNAME secret in CI, add idempotent Harbor API setup to deploy script
...
- GitHub Actions: login with secrets.HARBOR_USERNAME + HARBOR_PASSWORD
- deploy.sh step 7: creates stonks-oracle project, robot account, tag retention
- All API calls are idempotent (safe to re-run)
2026-04-19 07:45:58 +00:00
5be3ce2db9
feat: migrate CI/CD from GHCR to local Harbor registry
...
- Makefile: GHCR -> registry.celestium.life/stonks-oracle
- GitHub Actions: login to Harbor, use HARBOR_PASSWORD secret
- infra/k8s/*.yaml: all image refs -> registry.celestium.life
- inttest pipeline: remove GHCR pull secret (local registry, no auth)
- Steering docs: update registry/git endpoints
2026-04-19 07:34:28 +00:00
0f2cb41b29
ci: trigger after registry ingress fix
2026-04-19 07:26:45 +00:00
920fed735c
ci: trigger after registry ingress restore
2026-04-19 07:12:31 +00:00
c2372ccd1e
ci: add NO_PROXY to minio-bucket-init to bypass proxy for internal services
2026-04-19 07:02:27 +00:00
2d40d70975
ci: remove remaining ghcr-credentials from inttest seed/minio pod overrides
2026-04-19 06:45:46 +00:00
ebafe795c1
fix: bump seed pod timeout to 5m and add debug diagnostics on pipeline failures
2026-04-19 06:34:58 +00:00
19b63dd369
ci: migrate inttest images from GHCR to local registry, remove ghcr-credentials
2026-04-19 06:22:35 +00:00
e3e1531847
ci: add Docker Hub auth + proxy CA to inttest namespace, fix MinIO pull secret
2026-04-19 06:09:56 +00:00
f140f68c1a
ci: use logins setting for Docker Hub auth in buildkit (fixes 429 rate limit)
2026-04-19 05:58:37 +00:00
998d915b6e
ci: add Docker Hub auth to buildx steps to avoid rate limits
2026-04-19 05:52:10 +00:00
a73b40bf50
ci: add no_proxy with .celestium.life to all buildx steps for DinD proxy bypass
2026-04-19 05:40:34 +00:00
529dd2b0c8
ci: trigger pipeline
2026-04-19 05:30:47 +00:00
dad9b46fa2
ci: pre-create kargo-controller SA with Helm labels, fix JSON pod annotations, remove --wait from woodpecker helm
2026-04-19 05:28:09 +00:00
00a6485e70
ci: sync esnixi changes - CA download, dockerhub auth, local-path storage, proxy exclusions, pod annotations
2026-04-19 05:14:13 +00:00
dba79b1dae
ci: grant cluster-admin to default SA in woodpecker ns for inttest step pods
2026-04-19 04:52:24 +00:00
b38f4c4766
ci: use .local suffix in NO_PROXY to cover all cluster-internal traffic
2026-04-19 03:03:34 +00:00
9e39d59afa
ci: add woodpecker Kyverno proxy CA policy with NO_PROXY for gRPC
2026-04-19 03:00:06 +00:00
76dd58c1dc
ci: final pipeline fixes - kargo SA workaround, oauth2 flow, timeouts
2026-04-19 02:41:41 +00:00
cd4f84a949
ci: trigger with fixed webhook and oauth2
2026-04-19 02:06:18 +00:00
94054c0439
ci: trigger after oauth2 credential refresh
2026-04-19 02:05:33 +00:00
3069102f1b
ci: add frontend/.dockerignore to override root exclusions for dashboard build
2026-04-19 02:04:14 +00:00
8bee515bd4
ci: fix runmelast hanging, add proxy CA injection, clean SA/CRD leftovers on redeploy
2026-04-19 02:01:18 +00:00
47baacedf5
ci: use 192.168.42.1 as custom_dns for buildx to resolve registry via local DNS
2026-04-18 22:28:27 +00:00
039221ea52
ci: add no_cache to dashboard build to prevent stale layer issue
2026-04-18 22:19:29 +00:00
2406ee8e91
ci: make mirror-github step failure-tolerant, skip if no SSH key
2026-04-18 22:12:48 +00:00
4759c6bd41
ci: trigger pipeline with proper TLS registry
2026-04-18 22:10:22 +00:00
1b621861d3
ci: use registry.celestium.life with letsencrypt TLS for builds
2026-04-18 21:25:30 +00:00
d8738083b6
ci: use internal registry URL for builds (HTTP, no TLS timeout)
2026-04-18 21:16:37 +00:00
1607baba90
ci: persist live fixes to pipeline scripts - grpc addr, storage, remove netpol, webhook config
2026-04-18 21:14:51 +00:00
ee28db684f
ci: exclude tests/integration from unit test step (needs live cluster)
2026-04-18 21:05:16 +00:00
5f6d23888a
ci: fix lint errors across project, update ruff.toml per-file ignores
2026-04-18 21:02:28 +00:00
4d1894c652
ci: revert to python:3.12-slim for lint, ruff image has no shell
2026-04-18 20:58:39 +00:00
Celes Renata