viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

claude-agent-service image -> ghcr across all five consumer stacks (infra#19)
All checks were successful
ci/woodpecker/push/build-cli Pipeline was successful
Details
ci/woodpecker/push/default Pipeline was successful
Details

Browse source 
GHA now builds+pushes ghcr.io/viktorbarzin/claude-agent-service (public
package, anonymous pulls). Repointed: claude-agent-service (deployment +
git-init/seed-beads-agent inits), claude-breakglass, ci-pipeline-health,
beads-server CronJobs, k8s-version-upgrade (tag var 2fd7670d -> latest —
the Forgejo registry lost that sha; node caches were the only thing
keeping those CronJobs alive). publish-gate: vendor-contact emails
(licensing@/legal@/security@/sales@) ruled license-boilerplate, not PII.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-13 01:47:54 +00:00
parent 8aba3a0179
commit 2f3c58dff1
6 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/publish-gate
View file

@ -47,7 +47,7 @@ say ""; say "-- PII heuristics (tracked files) --"
cd "$CLONE"
EMAILS=$(git grep -hoiE '[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}' -- ':!*.lock' ':!package-lock.json' ':!pnpm-lock.yaml' ':!.beads' 2>/dev/null \
| grep -viE '@(viktorbarzin\.me|meta\.com|example\.(com|org|test)|test\.(com|local)|localhost|users\.noreply\.github\.com|googlegroups\.com)' \
| grep -viE '^(noreply|no-reply|ci|admin|info|support|hello|user|foo|bar|test.*)@' \
| grep -viE '^(noreply|no-reply|ci|admin|info|support|hello|user|foo|bar|test.*|licensing|legal|security|sales)@' \
| sort -u | head -20)
if [ -n "$EMAILS" ]; then say "real-looking emails found:"; say "$EMAILS"; say "(review: PII?)"; DIRTY=1; else say "emails: none beyond allowlist"; fi
KEYS=$(git grep -l 'BEGIN.*PRIVATE KEY' 2>/dev/null | head -5)

2
stacks/beads-server/main.tf
View file

@ -847,7 +847,7 @@ resource "kubernetes_config_map" "beads_metadata" {
locals {
# Phase 3 cutover 2026-05-07 Forgejo registry consolidation.
claude_agent_service_image = "forgejo.viktorbarzin.me/viktor/claude-agent-service:${var.claude_agent_service_image_tag}"
claude_agent_service_image = "ghcr.io/viktorbarzin/claude-agent-service:${var.claude_agent_service_image_tag}"
beadboard_internal_url = "http://${kubernetes_service.beadboard.metadata[0].name}.${kubernetes_namespace.beads.metadata[0].name}.svc.cluster.local"
beads_script_prelude = <<-EOT

2
stacks/ci-pipeline-health/main.tf
View file

@ -30,7 +30,7 @@ variable "image_tag" {
locals {
namespace = "ci-pipeline-health"
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service:${var.image_tag}"
image = "ghcr.io/viktorbarzin/claude-agent-service:${var.image_tag}"
labels = {
app = "ci-pipeline-health"
}

2
stacks/claude-agent-service/main.tf
View file

@ -11,7 +11,7 @@ data "vault_kv_secret_v2" "viktor_secrets" {
locals {
namespace = "claude-agent"
# Phase 3 cutover 2026-05-07 see infra/docs/plans/2026-05-07-forgejo-registry-consolidation-plan.md.
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service"
image = "ghcr.io/viktorbarzin/claude-agent-service"
image_tag = "latest"
labels = {
app = "claude-agent-service"

2
stacks/claude-breakglass/main.tf
View file

@ -20,7 +20,7 @@ locals {
namespace = "claude-breakglass"
# Same image as claude-agent-service the breakglass code lives in that repo
# under app/breakglass/, and the deployment below overrides the command.
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service"
image = "ghcr.io/viktorbarzin/claude-agent-service"
image_tag = "latest"
labels = {
app = "claude-breakglass"

8
stacks/k8s-version-upgrade/main.tf
View file

@ -25,7 +25,7 @@
# - infra/scripts/update_k8s.sh (per-node upgrade body)
variable "schedule" {
type = string
type = string
# Daily 12:00 UTC outside kured window (kured runs 02:00-06:00
# London). Was weekly Sunday until 2026-05-18; daily picks up upstream
# patch releases the same day they land. Concurrency is bounded by the
@ -44,7 +44,7 @@ variable "enabled" {
# ssh-client, curl, jq, envsubst everything the upgrade Jobs need.
variable "image_tag" {
type = string
default = "2fd7670d"
default = "latest"
}
# When true, detection runs but does NOT spawn the preflight Job.
@ -55,7 +55,7 @@ variable "detection_dry_run" {
locals {
namespace = "k8s-upgrade"
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service:${var.image_tag}"
image = "ghcr.io/viktorbarzin/claude-agent-service:${var.image_tag}"
labels = {
app = "k8s-version-upgrade"
}
@ -67,7 +67,7 @@ resource "kubernetes_namespace" "k8s_upgrade" {
metadata {
name = local.namespace
labels = {
tier = local.tiers.cluster
tier = local.tiers.cluster
"keel.sh/enrolled" = "true"
}
}