fe8db19aaf
CI now drives the Deployment rollout (kubectl set image to the build SHA in .woodpecker.yml), so the stack moves to image_tag = "latest": the Deployment runs whatever CI last set (image ignore_changes keeps TF from fighting it), and the CronJob uses :latest + imagePullPolicy=Always (fresh pod each weekly run). Keel stays enrolled in parallel as a redundant net. Docs: rewrite the runbook "Deploying" section for build-triggers-deploy; record the reversal of decision #12 in the auto-upgrade design doc (owned apps drive their own rollout, Keel parallel — upstream stays Keel-only); add the owned-app deploy model to infra/.claude/CLAUDE.md CI/CD section. [ci skip] — applied locally (stack-scoped); avoids a broad CI auto-apply. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
29 lines
877 B
HCL
29 lines
877 B
HCL
include "root" {
|
|
path = find_in_parent_folders()
|
|
}
|
|
|
|
dependency "platform" {
|
|
config_path = "../platform"
|
|
skip_outputs = true
|
|
}
|
|
|
|
dependency "vault" {
|
|
config_path = "../vault"
|
|
skip_outputs = true
|
|
}
|
|
|
|
dependency "external-secrets" {
|
|
config_path = "../external-secrets"
|
|
skip_outputs = true
|
|
}
|
|
|
|
inputs = {
|
|
# :latest — CI drives the rollout. On every master push the pipeline builds
|
|
# latest + :<sha> and runs `kubectl set image deployment/job-hunter ...:<sha>`
|
|
# so the Deployment rolls to the just-built code immediately (no wait for
|
|
# Keel's poll). Keel stays enrolled in parallel as a redundant net. The
|
|
# CronJob uses :latest + Always pull (fresh pod each run). Project version
|
|
# lives in pyproject.toml + git tag vX.Y.Z (semver), independent of the
|
|
# deploy tag. CI OOM that had blocked all builds since 2026-04 is fixed.
|
|
image_tag = "latest"
|
|
}
|