8f67d326c9
feat: derive POSTGRES_DB and Redis prefix from DEPLOY_STAGE for pipeline isolation
2026-04-20 01:33:14 +00:00
d64ce82649
fix: scheduler timezone-aware datetime subtraction in is_source_due
2026-04-20 00:47:26 +00:00
f3aac0ac3d
fix: superset config uses POSTGRES_DB and REDIS_DB env vars for stage isolation
2026-04-19 23:49:11 +00:00
0f2f0460a6
fix: dedicated scheduler Dockerfile with psql for migrations, remove Python splitter
2026-04-19 23:35:00 +00:00
48fed18078
feat: per-stage PostgreSQL users for database isolation (stonks_beta, stonks_paper)
2026-04-19 23:17:22 +00:00
47f10cd3cf
fix: use Python asyncpg migration runner instead of psql, remove postgresql-client from image
2026-04-19 22:54:01 +00:00
4d2adaa9e5
fix: allow infra/migrations in .dockerignore, add psql + migrations to Docker image
2026-04-19 22:51:24 +00:00
021efba294
feat: auto-run migrations via psql init container on scheduler startup
2026-04-19 22:37:50 +00:00
5c63264393
feat: stage-isolated infrastructure — separate Postgres DBs, Redis DBs, and MinIO bucket prefixes per stage
2026-04-19 22:20:03 +00:00
2621b3c5c5
feat: add stage-specific ingress hostnames for beta and paper
2026-04-19 22:00:47 +00:00
651ef838ce
fix: add Argo Rollouts install, secrets seeding, and Kargo admin password fix to runmefirst.sh
2026-04-19 21:58:48 +00:00
4425a023d9
fix: use correct argocd-update sources schema to pin image SHA tags
2026-04-19 21:16:31 +00:00
e5ed2c21a3
fix: pin image SHA tags in Kargo promotions, 1min warehouse poll, auto-promote paper
2026-04-19 20:54:02 +00:00
827be709df
fix: use Recreate strategy for hive-metastore and superset (RWO PVC)
2026-04-19 20:41:22 +00:00
dbd9e74784
fix: add ignoreDifferences for secrets in ArgoCD apps, fix warehouse strategy and Kargo auth annotations
2026-04-19 20:27:31 +00:00
014ffa2fd2
fix: Kargo promotion pipeline — add AnalysisRun CRD, fix warehouse image strategy, add authorized-stage annotations, remove proxy from ArgoCD
2026-04-19 20:08:46 +00:00
a9be904afe
fix: guard ghcr-secret template against nil ghcrAuth values
2026-04-19 19:51:29 +00:00
886911149f
ci: add unshallow fetch and suppress ssh-keyscan stderr in mirror step
2026-04-19 19:46:11 +00:00
1f69a27e3b
fix: replace mktemp with PID-based temp path for BusyBox compat
...
BusyBox mktemp in alpine/k8s doesn't support .json suffix in template.
The mktemp failure triggered set -e, causing pipeline to report failure
despite all 93 tests passing.
2026-04-19 19:35:02 +00:00
4df513d096
fix: remove bucket-init job, wait for pods before readiness check
...
- Remove minio-bucket-init Job entirely (seed_minio.py creates bucket)
- Wait for pods to exist before kubectl wait --for=condition=ready
- Fixes 'no matching resources found' race when pods are still ContainerCreating
2026-04-19 19:25:49 +00:00
b2b8aca7c6
fix: inttest runner crash and minio bucket-init proxy issue
...
- Remove --profiling-output arg from runner.yaml (plugin uses default path)
- Inline profiling hooks in root conftest.py with graceful fallback
- Replace mc-based bucket-init with Python urllib (no proxy interference)
- Add explicit ProxyHandler({}) to guarantee no proxy usage in bucket-init
2026-04-19 19:15:20 +00:00
ed6c0a2ade
ci: copy root conftest.py into image for pytest profiling plugin
2026-04-19 18:44:25 +00:00
318bc19a71
ci: COPY tests/ into service images for inttest seed_sandbox
2026-04-19 18:22:38 +00:00
330f885822
ci: include tests/ in Docker images for inttest seed_sandbox module
2026-04-19 15:16:18 +00:00
d21cc09109
fix: hardcode Harbor cache URLs in FROM lines to bypass Docker Hub rate limits
2026-04-19 09:41:28 +00:00
aaa5c26fe1
fix: use comma-separated build_args format for woodpecker-buildx plugin
2026-04-19 09:36:06 +00:00
3303976f84
fix: use BASE_REGISTRY arg to route all FROM pulls through Harbor cache
...
Default: docker.io (unchanged for external builds)
Woodpecker passes: registry.celestium.life/dockerhub-cache
2026-04-19 09:29:54 +00:00
37e1ad17ea
fix: use BASE_IMAGE build args to pull through Harbor cache, avoid Docker Hub rate limits
...
Dockerfiles default to Docker Hub images (unchanged for external builds).
Woodpecker passes registry.celestium.life/dockerhub-cache/... via build args.
2026-04-19 09:24:43 +00:00
b2e6b6334c
fix: add buildkit registry mirrors to pull Docker Hub/GHCR through Harbor cache
2026-04-19 09:11:50 +00:00
d76c8ffe59
fix: use host network for buildkit driver to resolve registry.celestium.life
2026-04-19 09:10:03 +00:00
4ebf75134f
ci: clear proxy env in minio-bucket-init, capture seed pod logs on failure
2026-04-19 08:55:52 +00:00
0acb787892
feat: pull Woodpecker step images through Harbor dockerhub-cache
...
Only affects .woodpecker.yml (Gitea/local CI). Dockerfiles and
GitHub Actions workflow unchanged — external builds still pull
from Docker Hub directly.
2026-04-19 08:11:03 +00:00
98764dd3f3
fix: add Harbor registry login to Woodpecker build steps
2026-04-19 07:56:55 +00:00
911e42996b
fix: use HARBOR_USERNAME secret in CI, add idempotent Harbor API setup to deploy script
...
- GitHub Actions: login with secrets.HARBOR_USERNAME + HARBOR_PASSWORD
- deploy.sh step 7: creates stonks-oracle project, robot account, tag retention
- All API calls are idempotent (safe to re-run)
2026-04-19 07:45:58 +00:00
5be3ce2db9
feat: migrate CI/CD from GHCR to local Harbor registry
...
- Makefile: GHCR -> registry.celestium.life/stonks-oracle
- GitHub Actions: login to Harbor, use HARBOR_PASSWORD secret
- infra/k8s/*.yaml: all image refs -> registry.celestium.life
- inttest pipeline: remove GHCR pull secret (local registry, no auth)
- Steering docs: update registry/git endpoints
2026-04-19 07:34:28 +00:00
0f2cb41b29
ci: trigger after registry ingress fix
2026-04-19 07:26:45 +00:00
920fed735c
ci: trigger after registry ingress restore
2026-04-19 07:12:31 +00:00
c2372ccd1e
ci: add NO_PROXY to minio-bucket-init to bypass proxy for internal services
2026-04-19 07:02:27 +00:00
2d40d70975
ci: remove remaining ghcr-credentials from inttest seed/minio pod overrides
2026-04-19 06:45:46 +00:00
ebafe795c1
fix: bump seed pod timeout to 5m and add debug diagnostics on pipeline failures
2026-04-19 06:34:58 +00:00
19b63dd369
ci: migrate inttest images from GHCR to local registry, remove ghcr-credentials
2026-04-19 06:22:35 +00:00
e3e1531847
ci: add Docker Hub auth + proxy CA to inttest namespace, fix MinIO pull secret
2026-04-19 06:09:56 +00:00
f140f68c1a
ci: use logins setting for Docker Hub auth in buildkit (fixes 429 rate limit)
2026-04-19 05:58:37 +00:00
998d915b6e
ci: add Docker Hub auth to buildx steps to avoid rate limits
2026-04-19 05:52:10 +00:00
a73b40bf50
ci: add no_proxy with .celestium.life to all buildx steps for DinD proxy bypass
2026-04-19 05:40:34 +00:00
529dd2b0c8
ci: trigger pipeline
2026-04-19 05:30:47 +00:00
dad9b46fa2
ci: pre-create kargo-controller SA with Helm labels, fix JSON pod annotations, remove --wait from woodpecker helm
2026-04-19 05:28:09 +00:00
00a6485e70
ci: sync esnixi changes - CA download, dockerhub auth, local-path storage, proxy exclusions, pod annotations
2026-04-19 05:14:13 +00:00
dba79b1dae
ci: grant cluster-admin to default SA in woodpecker ns for inttest step pods
2026-04-19 04:52:24 +00:00
b38f4c4766
ci: use .local suffix in NO_PROXY to cover all cluster-internal traffic
2026-04-19 03:03:34 +00:00
Celes Renata