viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

offinfra-onboard: per-repo GHA->ghcr migration tool + f1-stream ghcr pull secret
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Details
ci/woodpecker/push/build-cli Pipeline was successful
Details

Browse source 
ADR-0002 tracer bullet (infra#13), per Viktor's go-ahead. Idempotent
script: GitHub mirror repo (create/unarchive/visibility), GHA secrets
via gh, Forgejo push-mirror (sync_on_commit) + initial sync, Woodpecker
mirror registration, renders build.yml/deploy.yml from templates
(single-manifest provenance:false, svu semver to Forgejo, ghcr keep-10
retention, Slack notify-failure, manual-event deploy), removes the old
in-cluster build pipeline, commits on the Canonical side. f1-stream
stack gains the ghcr-credentials imagePullSecret (first consumer).

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-12 22:21:22 +00:00
parent 3138a0a040
commit baff3d7477
4 changed files with 344 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
stacks/f1-stream/main.tf
View file

@ -195,6 +195,11 @@ resource "kubernetes_deployment" "f1-stream" {
image_pull_secrets {
name = "registry-credentials"
}
# Private ghcr image (ADR-0002 off-infra builds) cloned into this
# namespace by the kyverno sync-ghcr-credentials allowlist policy.
image_pull_secrets {
name = "ghcr-credentials"
}
}
}
}