diff --git a/docs/forgejo-migration-inventory.md b/docs/forgejo-migration-inventory.md index 860a127..0131e40 100644 --- a/docs/forgejo-migration-inventory.md +++ b/docs/forgejo-migration-inventory.md @@ -214,7 +214,10 @@ refresh: | Repo | On Gitea (2026-06) | On Forgejo (2026-07-04) | Tier | Notes | | --- | --- | --- | ---: | --- | | `forgejo-actions-probe` | — | yes | 0 | Disposable runner/OCI probe | -| `glas-harness` | yes (not in table above) | yes (canonical) | 1 | Git+SSH+CI pilot; see `the-custodian/docs/forgejo-repo-migration-pilot-glas-harness.md` | +| `glas-harness` | yes (not in table above) | yes (canonical) | 1 | Git+SSH+CI pilot | +| `key-cape` | yes | yes (canonical) | 2 | Image CI + `crictl pull` on railiance01 | + +Evidence: `the-custodian/docs/forgejo-repo-migration-pilot-glas-harness.md` **Tier definitions** (for per-repo `migration tier` column in a future refresh): @@ -222,7 +225,7 @@ refresh: | ---: | --- | --- | | 0 | Disposable integration probes | `forgejo-actions-probe` | | 1 | Non-production; git+CI only | `glas-harness` | -| 2 | Non-production with container image + registry pull | TBD (`key-cape` candidate) | +| 2 | Non-production with container image + registry pull | `key-cape` (done) | | 3 | Production drain wave / sweep registration | `state-hub`, `issue-core`, … | Production repos stay on Gitea until tier 0–2 gates and T09 backup drill pass. diff --git a/workplans/RAIL-HO-WP-0005-forgejo-production-migration.md b/workplans/RAIL-HO-WP-0005-forgejo-production-migration.md index a341b4d..f762088 100644 --- a/workplans/RAIL-HO-WP-0005-forgejo-production-migration.md +++ b/workplans/RAIL-HO-WP-0005-forgejo-production-migration.md @@ -100,7 +100,7 @@ Integration evidence now comes from **in-production probes and repo pilots**: | --- | --- | --- | --- | | 0 | `coulomb/forgejo-actions-probe` | Runner scheduling, DinD, OCI image-build | **done** | | 1 | `coulomb/glas-harness` | Non-production git+SSH+CI routing drill | **done** | -| 2 | TBD (small lib with image, e.g. `key-cape`) | Image-build workflow + registry pull on railiance01 | **next** | +| 2 | `coulomb/key-cape` | Image-build workflow + registry pull on railiance01 | **done** | | 3 | Production set (`state-hub`, `issue-core`, …) | Canonical remotes, sweep paths, deploy loops | **gated** | Each tier must pass before the next. T03 (isolated probe namespace) is cancelled; @@ -325,13 +325,14 @@ Acceptance: - Retention and cleanup expectations are documented. - Package data is included in backup and restore drills. -**Partial (2026-07-04):** OCI registry live (`/v2/` auth challenge). Probe image -`forgejo.coulomb.social/coulomb/forgejo-actions-probe` built and pushed via -Actions. Remaining: publish and pull a **tier-2 pilot** app image (not yet -`state-hub`); document retention; include packages in backup drill (T09). +**Partial (2026-07-04):** OCI registry live (`/v2/` auth challenge). Tier-0/2 +images built and pulled on railiance01: `forgejo-actions-probe`, `key-cape` +(`crictl pull forgejo.coulomb.social/coulomb/key-cape:latest` succeeded). +Remaining: `state-hub` image after tier-3 approval; document retention; include +packages in backup drill (T09). -**Done when:** a tier-2 pilot image (or `state-hub` after explicit approval) can -be published to Forgejo and pulled by railiance01 k3s. +**Done when:** tier-2 gate is fully satisfied (✓) and tier-3 production images +follow the same pattern after explicit approval. --- @@ -363,8 +364,12 @@ non-root (static docker-cli, no `apk add`); `actions/checkout@v4` fails — use `git clone` in job. Remaining: reusable workflow templates in `railiance-enablement` (S4); resource limits review; no cluster-admin on runner. +**Partial (2026-07-04):** tier-2 satisfied by `key-cape` (`container-build`, +archive checkout, static docker-cli). Remaining: publish reusable workflow +template in `railiance-enablement` (S4). + **Done when:** tier-2 pilot repo runs Forgejo Actions end-to-end and publishes -a pullable image without privileged cluster-wide credentials. +a pullable image without privileged cluster-wide credentials. **Tier 2: done.** --- @@ -428,9 +433,13 @@ Minimum checks (per tier): - State Hub registered repo remotes can be updated safely (deferred for tier-1). - Rollback plan is rehearsed (Gitea copy unchanged). -**Next:** tier-2 repo with container image + `.gitea/workflows` port to -`.forgejo/workflows`. **Not ready:** `state-hub` until hub-core build context -template and sweep `remote_url` playbook exist. +**Tier 2 complete (2026-07-04):** `key-cape` — multi-stage Dockerfile built and +pushed via archive-checkout workflow; `crictl pull` on railiance01 succeeded. +Evidence in `the-custodian/docs/forgejo-repo-migration-pilot-glas-harness.md` +(tier 2 section). + +**Not ready:** `state-hub` (tier 3) until hub-core build context template and +sweep `remote_url` playbook exist. **Done when:** tiers 0–2 pass with written result matrices and no unknown critical migration gaps remain for production repos. @@ -505,15 +514,16 @@ T01 inventory ──► T02 decisions ──┬──► T04 platform (forgejo-d T05+T08 ──► T10 migration ladder ──► T11 production cutover ──► T12 Gitea retire tier0 probe ✓ tier1 glas-harness ✓ - tier2 image repo (next) + tier2 key-cape ✓ tier3 production (gated) T03 isolated probe: CANCELLED (superseded by T05 + in-production pilots) ``` -**Current focus (2026-07-04):** T10 tier-2 image pilot; parallel T09 backup -drill and T02 open decisions (SMTP, backup target). Do not start T11 -`state-hub` until T09 complete and `CUST-WP-0054` Wave-1 gates satisfied. +**Current focus (2026-07-04):** T10 tiers 0–2 **complete**; T09 backup drill +and T02 open decisions (SMTP, backup target) before tier-3 production repos. +Do not start T11 `state-hub` until T09 complete and `CUST-WP-0054` Wave-1 +gates satisfied. **Absorbed by `CUST-WP-0054-T04`:** forge + CI on railiance01; workstation build retirement; staged repo promotion before State Hub primary move (T05).