RAIL-HO-WP-0005-T10: tier-2 key-cape image pilot complete

Records successful key-cape Forgejo migration, image CI workflow, and
railiance01 registry pull; tiers 0-2 of migration ladder now satisfied.
This commit is contained in:
tegwick 2026-07-04 10:26:28 +02:00
parent 67b259f6dc
commit 2d62317ada
2 changed files with 30 additions and 17 deletions

View file

@ -100,7 +100,7 @@ Integration evidence now comes from **in-production probes and repo pilots**:
| --- | --- | --- | --- |
| 0 | `coulomb/forgejo-actions-probe` | Runner scheduling, DinD, OCI image-build | **done** |
| 1 | `coulomb/glas-harness` | Non-production git+SSH+CI routing drill | **done** |
| 2 | TBD (small lib with image, e.g. `key-cape`) | Image-build workflow + registry pull on railiance01 | **next** |
| 2 | `coulomb/key-cape` | Image-build workflow + registry pull on railiance01 | **done** |
| 3 | Production set (`state-hub`, `issue-core`, …) | Canonical remotes, sweep paths, deploy loops | **gated** |
Each tier must pass before the next. T03 (isolated probe namespace) is cancelled;
@ -325,13 +325,14 @@ Acceptance:
- Retention and cleanup expectations are documented.
- Package data is included in backup and restore drills.
**Partial (2026-07-04):** OCI registry live (`/v2/` auth challenge). Probe image
`forgejo.coulomb.social/coulomb/forgejo-actions-probe` built and pushed via
Actions. Remaining: publish and pull a **tier-2 pilot** app image (not yet
`state-hub`); document retention; include packages in backup drill (T09).
**Partial (2026-07-04):** OCI registry live (`/v2/` auth challenge). Tier-0/2
images built and pulled on railiance01: `forgejo-actions-probe`, `key-cape`
(`crictl pull forgejo.coulomb.social/coulomb/key-cape:latest` succeeded).
Remaining: `state-hub` image after tier-3 approval; document retention; include
packages in backup drill (T09).
**Done when:** a tier-2 pilot image (or `state-hub` after explicit approval) can
be published to Forgejo and pulled by railiance01 k3s.
**Done when:** tier-2 gate is fully satisfied (✓) and tier-3 production images
follow the same pattern after explicit approval.
---
@ -363,8 +364,12 @@ non-root (static docker-cli, no `apk add`); `actions/checkout@v4` fails — use
`git clone` in job. Remaining: reusable workflow templates in
`railiance-enablement` (S4); resource limits review; no cluster-admin on runner.
**Partial (2026-07-04):** tier-2 satisfied by `key-cape` (`container-build`,
archive checkout, static docker-cli). Remaining: publish reusable workflow
template in `railiance-enablement` (S4).
**Done when:** tier-2 pilot repo runs Forgejo Actions end-to-end and publishes
a pullable image without privileged cluster-wide credentials.
a pullable image without privileged cluster-wide credentials. **Tier 2: done.**
---
@ -428,9 +433,13 @@ Minimum checks (per tier):
- State Hub registered repo remotes can be updated safely (deferred for tier-1).
- Rollback plan is rehearsed (Gitea copy unchanged).
**Next:** tier-2 repo with container image + `.gitea/workflows` port to
`.forgejo/workflows`. **Not ready:** `state-hub` until hub-core build context
template and sweep `remote_url` playbook exist.
**Tier 2 complete (2026-07-04):** `key-cape` — multi-stage Dockerfile built and
pushed via archive-checkout workflow; `crictl pull` on railiance01 succeeded.
Evidence in `the-custodian/docs/forgejo-repo-migration-pilot-glas-harness.md`
(tier 2 section).
**Not ready:** `state-hub` (tier 3) until hub-core build context template and
sweep `remote_url` playbook exist.
**Done when:** tiers 02 pass with written result matrices and no unknown
critical migration gaps remain for production repos.
@ -505,15 +514,16 @@ T01 inventory ──► T02 decisions ──┬──► T04 platform (forgejo-d
T05+T08 ──► T10 migration ladder ──► T11 production cutover ──► T12 Gitea retire
tier0 probe ✓
tier1 glas-harness ✓
tier2 image repo (next)
tier2 key-cape ✓
tier3 production (gated)
T03 isolated probe: CANCELLED (superseded by T05 + in-production pilots)
```
**Current focus (2026-07-04):** T10 tier-2 image pilot; parallel T09 backup
drill and T02 open decisions (SMTP, backup target). Do not start T11
`state-hub` until T09 complete and `CUST-WP-0054` Wave-1 gates satisfied.
**Current focus (2026-07-04):** T10 tiers 02 **complete**; T09 backup drill
and T02 open decisions (SMTP, backup target) before tier-3 production repos.
Do not start T11 `state-hub` until T09 complete and `CUST-WP-0054` Wave-1
gates satisfied.
**Absorbed by `CUST-WP-0054-T04`:** forge + CI on railiance01; workstation
build retirement; staged repo promotion before State Hub primary move (T05).