railiance-apps/docs/forgejo-on-railiance01.md
tegwick f49be83f7e Enable Forgejo Actions and Recreate deployment strategy
Actions are required for CI runners. Recreate avoids leveldb queue lock
contention on the shared PVC during Helm upgrades.
2026-07-03 21:44:57 +02:00

2.6 KiB

Forgejo on railiance01

Production source forge at https://forgejo.coulomb.social.

Mirrors the coulombcore Gitea pattern (railiance-forge) but targets railiance01 using the same OAS split as other S5 apps (inter-hub, reuse-surface).

Layer ownership

Layer Repo Concern
S3 railiance-platform forgejo-db CNPG cluster + network policies
S5 railiance-apps Helm release, ingress, operator Makefile
S2 railiance-cluster Traefik, cert-manager, cnpg operator

Hostname decision: the-custodian/docs/forgejo-production-decisions.md.

Hosts

Item Value
Server railiance01 92.205.62.239
Namespace forgejo
Helm release forgejo
HTTP service forgejo-gitea-http (chart naming; ingress must target this)
Chart gitea-charts/gitea 12.5.0 (Forgejo-compatible; 12.6+ needs Gitea 1.26 config edit-ini)
Image code.forgejo.org/forgejo/forgejo:11.0.3
Database forgejo-db-rw.databases.svc.cluster.local:5432
Kubeconfig ~/.kube/config-hosteurope

Bootstrap (first deploy)

1. Database credentials (platform)

cd ~/railiance-platform
# One-time: create and SOPS-encrypt helm/forgejo-db-secret.sops.yaml from template
KUBECONFIG=~/.kube/config-hosteurope make forgejo-db-deploy
KUBECONFIG=~/.kube/config-hosteurope make forgejo-db-status

2. Application secrets (apps)

cd ~/railiance-apps
# Encrypt helm/forgejo-secrets.sops.yaml from template (DB PASSWD must match platform secret)
make check-sops

3. Deploy Forgejo

cd ~/railiance-apps
make forgejo-dry-run
make forgejo-deploy
make forgejo-ingress-deploy
make forgejo-ssh-nodeport-deploy   # optional; git+ssh via nodePort 30022
make forgejo-status
make forgejo-smoke

Upgrade notes

  • Pin FORGEJO_CHART_VERSION=12.5.0 — chart 12.6+ requires Gitea 1.26 config edit-ini.
  • strategy.type: Recreate in helm/forgejo-values.yaml — avoids leveldb queue lock on the shared RWO PVC during rolling updates.
  • Actions enabled via gitea.config.actions.ENABLED: true.
  • Ingress backend service name is forgejo-gitea-http (Helm release naming).

Day-2 operator targets

make forgejo-status
make forgejo-logs
make forgejo-smoke

Coexistence with Gitea

Gitea on coulombcore remains canonical until RAIL-HO-WP-0005 migration drills and cutover pass. Do not repoint repo remotes until Wave 1 cutover is approved.

  • Gitea reference: ~/railiance-forge/Makefile (gitea-deploy)
  • Drain plan: the-custodian/docs/coulombcore-drain-placement-plan.md Wave 1
  • Onboarding checklist: docs/s5-app-onboarding-checklist.md