From 176a65d3d2de9a0875273e1f916c9c024fb1a10f Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Wed, 10 Jun 2026 18:37:14 +0000
Subject: [PATCH] plotting-book: TF baseline image follows what CI actually
 builds
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Viktor asked to verify the book-plotting push->build->deploy chain.
The chain itself is healthy, but the Terraform baseline image said
ancamilea/book-plotter:latest while CI (GHA on
PassionProjectsAnca/Plotting-Your-Dream-Book) builds and deploys
viktorbarzin/book-plotter:<sha8> + :latest — a from-scratch apply
would have resurrected a stale March image. Baseline now
viktorbarzin/book-plotter:latest. No live change: the running tag is
CI-owned via ignore_changes, plan confirms the image attr is ignored.

[ci skip] deliberately: plan shows UNRELATED pre-existing drift on
this stack (live ns labels managed-by=vault-user-onboarding +
resource-governance/custom-quota=true would be stripped; deployment
keel.sh/policy=patch annotations removed) — auto-applying that needs
its own reviewed pass.
---
 stacks/plotting-book/main.tf | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/stacks/plotting-book/main.tf b/stacks/plotting-book/main.tf
index a0e8f3d9..0e91212d 100644
--- a/stacks/plotting-book/main.tf
+++ b/stacks/plotting-book/main.tf
@@ -8,7 +8,7 @@ resource "kubernetes_namespace" "plotting-book" {
     name = "plotting-book"
     labels = {
       "istio-injection" : "disabled"
-      tier = local.tiers.aux
+      tier               = local.tiers.aux
       "keel.sh/enrolled" = "true"
     }
   }
@@ -122,8 +122,10 @@ resource "kubernetes_deployment" "plotting-book" {
           }
         }
         container {
-          image = "ancamilea/book-plotter:latest"
-          # image = "viktorbarzin/book-plotter:7"
+          # Baseline only — CI owns the live tag (GHA builds viktorbarzin/book-plotter:<sha8>,
+          # Woodpecker repo 43 set-images it; see ignore_changes above). :latest is pushed by
+          # the same GHA build, so a from-scratch apply starts on current code.
+          image             = "viktorbarzin/book-plotter:latest"
           name              = "plotting-book"
           image_pull_policy = "Always"
           env {