diff --git a/stacks/cloudflared/modules/cloudflared/cloudflare.tf b/stacks/cloudflared/modules/cloudflared/cloudflare.tf index bb4f8759..59e748ae 100644 --- a/stacks/cloudflared/modules/cloudflared/cloudflare.tf +++ b/stacks/cloudflared/modules/cloudflared/cloudflare.tf @@ -236,9 +236,10 @@ resource "cloudflare_record" "keyserver" { } # bridge.viktorbarzin.me (Cloudflare Pages, "мост" school site) moved to -# stacks/valia-sites (ADR-0018) — all Valia-site records live there now. The -# state forget lives in the STACK ROOT (../..//removed-bridge.tf): removed{} -# blocks are root-module-only. +# stacks/valia-sites (ADR-0018) — all Valia-site records live there now. +# State handoff was a manual `tg state rm` (2026-07-03): the CI terraform +# (<1.7) rejects removed{} blocks even at the stack root, so declarative +# forget wasn't available. valia-sites imported the live record by id. # Enable HTTP/3 (QUIC) for Cloudflare-proxied domains resource "cloudflare_zone_settings_override" "http3" { diff --git a/stacks/cloudflared/removed-bridge.tf b/stacks/cloudflared/removed-bridge.tf deleted file mode 100644 index f4186c91..00000000 --- a/stacks/cloudflared/removed-bridge.tf +++ /dev/null @@ -1,12 +0,0 @@ -# bridge.viktorbarzin.me (Cloudflare Pages) moved to stacks/valia-sites -# (ADR-0018), which has already imported the live record. Forget it from this -# stack's state WITHOUT destroying. removed{} must sit in the root module — -# a module-level attempt broke init (pipeline 461). Delete this file once the -# apply has run. -removed { - from = module.cloudflared.cloudflare_record.bridge_pages - - lifecycle { - destroy = false - } -} diff --git a/stacks/valia-sites/main.tf b/stacks/valia-sites/main.tf index f185aac5..369302f9 100644 --- a/stacks/valia-sites/main.tf +++ b/stacks/valia-sites/main.tf @@ -272,6 +272,14 @@ resource "kubernetes_cron_job_v1" "sync" { if [ "$$N" -lt 1 ] || ! printf '%s\n' "$$MANIFEST" | cut -d';' -f1 | grep -qx "$$ENTRY"; then echo "GUARD [$$SITE]: N=$$N / $$ENTRY missing -- skipping, site untouched"; continue fi + # Cloudflare Pages hard-caps files at 25 MB — deploying + # without an oversize file would silently break the pages + # that reference it, so skip the whole site instead (last + # deployed content keeps serving) and say so loudly. + OVERSIZE=$$(printf '%s\n' "$$MANIFEST" | awk -F';' '$$3 > 26214400 {print $$1" ("$$3" B)"}') + if [ -n "$$OVERSIZE" ]; then + echo "GUARD [$$SITE]: file(s) exceed the 25MB Pages limit -- skipping, site untouched:"; echo "$$OVERSIZE"; continue + fi HASH=$$(printf '%s' "$$MANIFEST" | sha256sum | cut -d' ' -f1) LAST=$$(curl -sf --cacert $$SA/ca.crt -H "Authorization: Bearer $$KTOKEN" "$$STATE_URL" | jq -r --arg s "$$SITE" '.data[$$s] // ""') if [ "$$HASH" = "$$LAST" ]; then echo "OK [$$SITE]: unchanged"; continue; fi