recruiter-responder: pull image from ghcr + ghcr-credentials on all consumers (ADR-0002, infra#27)
Migrating recruiter-responder off in-cluster Woodpecker builds: GHA will build and push ghcr.io/viktorbarzin/recruiter-responder (PRIVATE package). This commit lands the pull-side prerequisites BEFORE the first off-infra build fires: - stacks/recruiter-responder: image base forgejo -> ghcr (inert on the live Deployment - both containers are ignore_changes'd; the Woodpecker deploy moves the tag) + ghcr-credentials imagePullSecrets on the Deployment (covers the recruiter-responder container AND the alembic-migrate init container, which share the image). - stacks/openclaw: ghcr-credentials imagePullSecrets on the openclaw Deployment - its install-recruiter-plugin init container consumes the :latest tag of this image. The image ref itself flips to ghcr in a follow-up once the first GHA build has created the package (flipping now would ImagePullBackOff on a not-yet-existing package and wedge the apply). - stacks/kyverno: allowlist openclaw in sync-ghcr-credentials so the pull secret is cloned into that namespace too. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin
parent
c594274c83
commit
57ff41e47e
3 changed files with 24 additions and 3 deletions
|
|
@ -24,6 +24,9 @@ locals {
|
|||
"wealthfolio",
|
||||
"fire-planner",
|
||||
"recruiter-responder",
|
||||
# openclaw's install-recruiter-plugin init container pulls the PRIVATE
|
||||
# ghcr.io/viktorbarzin/recruiter-responder:latest image (infra#27).
|
||||
"openclaw",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue