claude-agent-service image -> ghcr across all five consumer stacks (infra#19)
GHA now builds+pushes ghcr.io/viktorbarzin/claude-agent-service (public package, anonymous pulls). Repointed: claude-agent-service (deployment + git-init/seed-beads-agent inits), claude-breakglass, ci-pipeline-health, beads-server CronJobs, k8s-version-upgrade (tag var 2fd7670d -> latest — the Forgejo registry lost that sha; node caches were the only thing keeping those CronJobs alive). publish-gate: vendor-contact emails (licensing@/legal@/security@/sales@) ruled license-boilerplate, not PII. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
8aba3a0179
commit
2f3c58dff1
6 changed files with 9 additions and 9 deletions
|
|
@ -47,7 +47,7 @@ say ""; say "-- PII heuristics (tracked files) --"
|
||||||
cd "$CLONE"
|
cd "$CLONE"
|
||||||
EMAILS=$(git grep -hoiE '[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}' -- ':!*.lock' ':!package-lock.json' ':!pnpm-lock.yaml' ':!.beads' 2>/dev/null \
|
EMAILS=$(git grep -hoiE '[a-z0-9._%+-]+@[a-z0-9.-]+\.[a-z]{2,}' -- ':!*.lock' ':!package-lock.json' ':!pnpm-lock.yaml' ':!.beads' 2>/dev/null \
|
||||||
| grep -viE '@(viktorbarzin\.me|meta\.com|example\.(com|org|test)|test\.(com|local)|localhost|users\.noreply\.github\.com|googlegroups\.com)' \
|
| grep -viE '@(viktorbarzin\.me|meta\.com|example\.(com|org|test)|test\.(com|local)|localhost|users\.noreply\.github\.com|googlegroups\.com)' \
|
||||||
| grep -viE '^(noreply|no-reply|ci|admin|info|support|hello|user|foo|bar|test.*)@' \
|
| grep -viE '^(noreply|no-reply|ci|admin|info|support|hello|user|foo|bar|test.*|licensing|legal|security|sales)@' \
|
||||||
| sort -u | head -20)
|
| sort -u | head -20)
|
||||||
if [ -n "$EMAILS" ]; then say "real-looking emails found:"; say "$EMAILS"; say "(review: PII?)"; DIRTY=1; else say "emails: none beyond allowlist"; fi
|
if [ -n "$EMAILS" ]; then say "real-looking emails found:"; say "$EMAILS"; say "(review: PII?)"; DIRTY=1; else say "emails: none beyond allowlist"; fi
|
||||||
KEYS=$(git grep -l 'BEGIN.*PRIVATE KEY' 2>/dev/null | head -5)
|
KEYS=$(git grep -l 'BEGIN.*PRIVATE KEY' 2>/dev/null | head -5)
|
||||||
|
|
|
||||||
|
|
@ -847,7 +847,7 @@ resource "kubernetes_config_map" "beads_metadata" {
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
# Phase 3 cutover 2026-05-07 — Forgejo registry consolidation.
|
# Phase 3 cutover 2026-05-07 — Forgejo registry consolidation.
|
||||||
claude_agent_service_image = "forgejo.viktorbarzin.me/viktor/claude-agent-service:${var.claude_agent_service_image_tag}"
|
claude_agent_service_image = "ghcr.io/viktorbarzin/claude-agent-service:${var.claude_agent_service_image_tag}"
|
||||||
beadboard_internal_url = "http://${kubernetes_service.beadboard.metadata[0].name}.${kubernetes_namespace.beads.metadata[0].name}.svc.cluster.local"
|
beadboard_internal_url = "http://${kubernetes_service.beadboard.metadata[0].name}.${kubernetes_namespace.beads.metadata[0].name}.svc.cluster.local"
|
||||||
|
|
||||||
beads_script_prelude = <<-EOT
|
beads_script_prelude = <<-EOT
|
||||||
|
|
|
||||||
|
|
@ -30,7 +30,7 @@ variable "image_tag" {
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
namespace = "ci-pipeline-health"
|
namespace = "ci-pipeline-health"
|
||||||
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service:${var.image_tag}"
|
image = "ghcr.io/viktorbarzin/claude-agent-service:${var.image_tag}"
|
||||||
labels = {
|
labels = {
|
||||||
app = "ci-pipeline-health"
|
app = "ci-pipeline-health"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ data "vault_kv_secret_v2" "viktor_secrets" {
|
||||||
locals {
|
locals {
|
||||||
namespace = "claude-agent"
|
namespace = "claude-agent"
|
||||||
# Phase 3 cutover 2026-05-07 — see infra/docs/plans/2026-05-07-forgejo-registry-consolidation-plan.md.
|
# Phase 3 cutover 2026-05-07 — see infra/docs/plans/2026-05-07-forgejo-registry-consolidation-plan.md.
|
||||||
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service"
|
image = "ghcr.io/viktorbarzin/claude-agent-service"
|
||||||
image_tag = "latest"
|
image_tag = "latest"
|
||||||
labels = {
|
labels = {
|
||||||
app = "claude-agent-service"
|
app = "claude-agent-service"
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ locals {
|
||||||
namespace = "claude-breakglass"
|
namespace = "claude-breakglass"
|
||||||
# Same image as claude-agent-service — the breakglass code lives in that repo
|
# Same image as claude-agent-service — the breakglass code lives in that repo
|
||||||
# under app/breakglass/, and the deployment below overrides the command.
|
# under app/breakglass/, and the deployment below overrides the command.
|
||||||
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service"
|
image = "ghcr.io/viktorbarzin/claude-agent-service"
|
||||||
image_tag = "latest"
|
image_tag = "latest"
|
||||||
labels = {
|
labels = {
|
||||||
app = "claude-breakglass"
|
app = "claude-breakglass"
|
||||||
|
|
|
||||||
|
|
@ -44,7 +44,7 @@ variable "enabled" {
|
||||||
# ssh-client, curl, jq, envsubst — everything the upgrade Jobs need.
|
# ssh-client, curl, jq, envsubst — everything the upgrade Jobs need.
|
||||||
variable "image_tag" {
|
variable "image_tag" {
|
||||||
type = string
|
type = string
|
||||||
default = "2fd7670d"
|
default = "latest"
|
||||||
}
|
}
|
||||||
|
|
||||||
# When true, detection runs but does NOT spawn the preflight Job.
|
# When true, detection runs but does NOT spawn the preflight Job.
|
||||||
|
|
@ -55,7 +55,7 @@ variable "detection_dry_run" {
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
namespace = "k8s-upgrade"
|
namespace = "k8s-upgrade"
|
||||||
image = "forgejo.viktorbarzin.me/viktor/claude-agent-service:${var.image_tag}"
|
image = "ghcr.io/viktorbarzin/claude-agent-service:${var.image_tag}"
|
||||||
labels = {
|
labels = {
|
||||||
app = "k8s-version-upgrade"
|
app = "k8s-version-upgrade"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue