Records successful key-cape Forgejo migration, image CI workflow, and railiance01 registry pull; tiers 0-2 of migration ladder now satisfied.
231 lines
11 KiB
Markdown
231 lines
11 KiB
Markdown
# Forgejo Migration Inventory
|
||
|
||
Date: 2026-06-04
|
||
Workplan: RAIL-HO-WP-0005
|
||
Task: RAIL-HO-WP-0005-T01
|
||
|
||
## Scope
|
||
|
||
This is the first-pass inventory for migrating the current Gitea installation
|
||
to Forgejo on railiance01. It captures facts that were safe to verify from
|
||
public Gitea API metadata, State Hub repo records, and Kubernetes object
|
||
metadata. It deliberately does not dump Helm values, Kubernetes Secrets, user
|
||
tokens, deploy keys, SMTP credentials, or other secret-bearing configuration.
|
||
|
||
## Current Gitea Runtime
|
||
|
||
- Public URL: `http://gitea.coulomb.social`
|
||
- API URL checked: `http://92.205.130.254:32166/api/v1`
|
||
- Kubernetes namespace: `default`
|
||
- Helm release: `gitea`
|
||
- Chart/app observed by Helm metadata: `gitea-12.5.0`, app `1.25.4`
|
||
- Workload image observed from Kubernetes metadata: `docker.gitea.com/gitea:1.25.4-rootless`
|
||
- Main service: `gitea`, NodePort `3000:32166/TCP`
|
||
- SSH service: `gitea-ssh-nodeport`, NodePort `22:30022/TCP`
|
||
- Ingress: `gitea.coulomb.social`, class `traefik`, address `92.205.130.254`, ports `80,443`
|
||
- Gitea pod status observed: `1/1 Running`
|
||
|
||
## Current Storage
|
||
|
||
Gitea-related PVCs observed in namespace `default`:
|
||
|
||
| PVC | Size | StorageClass | Age | Migration classification |
|
||
| --- | ---: | --- | --- | --- |
|
||
| `gitea-shared-storage` | 10Gi | `local-path` | 276d | Must migrate or restore; contains Git/app shared state. |
|
||
| `data-gitea-postgresql-ha-postgresql-0` | 10Gi | `local-path` | 276d | Legacy bundled PostgreSQL data; preserve until final cutover rollback expires. |
|
||
| `data-gitea-postgresql-ha-postgresql-1` | 10Gi | `local-path` | 276d | Legacy bundled PostgreSQL data; preserve until final cutover rollback expires. |
|
||
| `data-gitea-postgresql-ha-postgresql-2` | 10Gi | `local-path` | 276d | Legacy bundled PostgreSQL data; preserve until final cutover rollback expires. |
|
||
| `valkey-data-gitea-valkey-cluster-0` | 8Gi | `local-path` | 276d | Cache/session data; likely disposable, confirm before cutover. |
|
||
| `valkey-data-gitea-valkey-cluster-1` | 8Gi | `local-path` | 276d | Cache/session data; likely disposable, confirm before cutover. |
|
||
| `valkey-data-gitea-valkey-cluster-2` | 8Gi | `local-path` | 276d | Cache/session data; likely disposable, confirm before cutover. |
|
||
|
||
Related platform services already available:
|
||
|
||
| Service | Namespace | Status |
|
||
| --- | --- | --- |
|
||
| `gitea-db` CNPG cluster | `databases` | Healthy, 1/1 ready |
|
||
| `apps-pg` CNPG cluster | `databases` | Healthy, 1/1 ready |
|
||
| `valkey` Helm release | `platform` | Deployed |
|
||
| `openbao` Helm release | `openbao` | Deployed |
|
||
|
||
## Public Repository Inventory
|
||
|
||
The public `coulomb` organization API exposed 49 repositories. All visible repos
|
||
are public, use `main` as default branch, and have code enabled.
|
||
|
||
| Repository | Issues | Wiki | Releases | Packages | Actions | Open issues | Updated |
|
||
| --- | --- | --- | --- | --- | --- | ---: | --- |
|
||
| `coulomb/artifact-store` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/audit-core` | yes | yes | yes | yes | yes | 0 | 2026-06-01 |
|
||
| `coulomb/binect-chrome` | yes | yes | yes | yes | yes | 2 | 2026-01-16 |
|
||
| `coulomb/binect-js` | yes | yes | yes | yes | yes | 0 | 2026-01-16 |
|
||
| `coulomb/can-you-assist` | yes | yes | yes | yes | yes | 0 | 2026-05-28 |
|
||
| `coulomb/citation-engine` | yes | yes | yes | yes | yes | 0 | 2026-05-24 |
|
||
| `coulomb/citation-evidence` | yes | yes | yes | yes | yes | 0 | 2026-05-26 |
|
||
| `coulomb/citation-work` | yes | yes | yes | yes | yes | 0 | 2026-05-25 |
|
||
| `coulomb/coordination-engine` | yes | yes | yes | yes | yes | 0 | 2026-06-01 |
|
||
| `coulomb/direkt-vermittlung-de` | yes | yes | yes | yes | yes | 0 | 2025-12-01 |
|
||
| `coulomb/domain-tree` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/email-connect` | yes | yes | yes | yes | yes | 0 | 2026-06-02 |
|
||
| `coulomb/evidence-anchor` | yes | yes | yes | yes | yes | 0 | 2026-05-24 |
|
||
| `coulomb/evidence-binder` | yes | yes | yes | yes | yes | 0 | 2026-05-24 |
|
||
| `coulomb/evidence-source` | yes | yes | yes | yes | yes | 0 | 2026-05-24 |
|
||
| `coulomb/flex-auth` | yes | yes | yes | yes | yes | 0 | 2026-05-22 |
|
||
| `coulomb/guide-board` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/helix-forge` | yes | yes | yes | yes | yes | 0 | 2026-05-22 |
|
||
| `coulomb/info-tech-canon` | yes | yes | yes | yes | yes | 0 | 2026-05-27 |
|
||
| `coulomb/infospace-bench` | yes | yes | yes | yes | yes | 0 | 2026-05-20 |
|
||
| `coulomb/issue-core` | yes | yes | yes | no | yes | 0 | 2026-05-23 |
|
||
| `coulomb/kaizen-agentic` | yes | yes | yes | no | yes | 4 | 2026-03-24 |
|
||
| `coulomb/key-cape` | yes | yes | yes | yes | yes | 0 | 2026-06-01 |
|
||
| `coulomb/kontextual-engine` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/llm-connect` | yes | yes | yes | yes | yes | 0 | 2026-06-03 |
|
||
| `coulomb/marki-docx` | yes | yes | yes | yes | yes | 0 | 2026-03-18 |
|
||
| `coulomb/markitect-filter` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/markitect-main` | yes | yes | yes | no | yes | 60 | 2026-05-23 |
|
||
| `coulomb/markitect-quarkdown` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/markitect-tool` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/open-cmis-tck` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/open-reuse` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/ops-bridge` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/ops-warden` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/phase-memory` | yes | yes | yes | yes | yes | 0 | 2026-05-19 |
|
||
| `coulomb/polycode-sim` | yes | yes | yes | no | yes | 0 | 2025-10-30 |
|
||
| `coulomb/railiance-fabric` | yes | yes | yes | yes | yes | 0 | 2026-06-03 |
|
||
| `coulomb/ralph-workplan` | yes | yes | yes | yes | yes | 0 | 2026-03-16 |
|
||
| `coulomb/repo-scoping` | yes | yes | yes | yes | yes | 0 | 2026-05-18 |
|
||
| `coulomb/repo-seed` | yes | yes | yes | no | no | 0 | 2025-11-18 |
|
||
| `coulomb/shard-wiki` | yes | yes | yes | yes | yes | 0 | 2026-05-15 |
|
||
| `coulomb/state-hub` | yes | yes | yes | yes | yes | 0 | 2026-06-03 |
|
||
| `coulomb/tele-mcp` | yes | yes | yes | yes | yes | 0 | 2025-09-07 |
|
||
| `coulomb/testdrive-jsui` | yes | yes | yes | no | yes | 0 | 2025-12-17 |
|
||
| `coulomb/the-custodian` | yes | yes | yes | yes | yes | 0 | 2026-06-03 |
|
||
| `coulomb/timeline-svg` | yes | yes | yes | yes | yes | 0 | 2026-01-23 |
|
||
| `coulomb/user-engine` | yes | yes | yes | yes | yes | 0 | 2026-06-03 |
|
||
| `coulomb/vantage-point` | yes | yes | yes | yes | yes | 0 | 2026-05-15 |
|
||
| `coulomb/vergabe-teilnahme` | yes | yes | yes | yes | yes | 0 | 2026-05-23 |
|
||
|
||
## State Hub Registration Cross-Check
|
||
|
||
Matched to State Hub repo records:
|
||
|
||
- `artifact-store`
|
||
- `can-you-assist`
|
||
- `citation-engine`
|
||
- `citation-evidence`
|
||
- `citation-work`
|
||
- `domain-tree`
|
||
- `email-connect`
|
||
- `evidence-anchor`
|
||
- `evidence-binder`
|
||
- `evidence-source`
|
||
- `flex-auth`
|
||
- `guide-board`
|
||
- `helix-forge`
|
||
- `info-tech-canon`
|
||
- `infospace-bench`
|
||
- `issue-core`
|
||
- `kaizen-agentic`
|
||
- `key-cape`
|
||
- `kontextual-engine`
|
||
- `llm-connect`
|
||
- `marki-docx`
|
||
- `markitect-filter`
|
||
- `markitect-main`
|
||
- `markitect-quarkdown`
|
||
- `markitect-tool`
|
||
- `open-cmis-tck`
|
||
- `open-reuse`
|
||
- `ops-bridge`
|
||
- `ops-warden`
|
||
- `phase-memory`
|
||
- `railiance-fabric`
|
||
- `repo-scoping`
|
||
- `state-hub`
|
||
- `the-custodian`
|
||
- `user-engine`
|
||
- `vergabe-teilnahme`
|
||
|
||
Missing or uncertain in State Hub by simple name/remote matching:
|
||
|
||
- `audit-core`
|
||
- `binect-chrome`
|
||
- `binect-js`
|
||
- `coordination-engine`
|
||
- `direkt-vermittlung-de`
|
||
- `polycode-sim`
|
||
- `ralph-workplan`
|
||
- `repo-seed`
|
||
- `shard-wiki`
|
||
- `tele-mcp`
|
||
- `testdrive-jsui`
|
||
- `timeline-svg`
|
||
- `vantage-point`
|
||
|
||
These may be intentionally unregistered, registered under aliases, or outside
|
||
current State Hub ownership. They need review before cutover so no repository is
|
||
lost or left with an untracked remote.
|
||
|
||
## Feature Classification
|
||
|
||
| Feature | Observed state | Migration class |
|
||
| --- | --- | --- |
|
||
| Git repositories | 49 public repos in `coulomb` org | Automatic plus verification clone/push for sample repos. |
|
||
| Issues | Enabled on all visible repos; open issues at least on `markitect-main`, `kaizen-agentic`, `binect-chrome` | Must preserve or explicitly classify unsupported. |
|
||
| Wiki | Enabled on all visible repos | Must verify actual wiki content per repo with credentialed or git-based check. |
|
||
| Releases | Enabled on all visible repos | Must preserve release records and assets where present. |
|
||
| Packages | Enabled on most repos; disabled on a few older/template repos | Must verify actual package data with authenticated API or storage inspection. |
|
||
| Actions | Enabled on most repos; disabled on `repo-seed` | Must verify whether workflows/runners are actually in use. |
|
||
| Pull requests/projects | API reports pull requests and projects enabled on visible repos | Must include in migration drill result matrix. |
|
||
| Users/org/team membership | Not safely inventoried from public API in this pass | Requires authenticated admin inventory. |
|
||
| Deploy keys/SSH keys/tokens/webhooks | Not inspected | Requires authenticated admin inventory; cannot be inferred from public repo fields. |
|
||
| LFS/attachments | Not inspected | Requires authenticated API/storage inventory and restore drill. |
|
||
| SMTP/account recovery | Not inspected | Covered by T06; requires approved test account and mail path. |
|
||
|
||
## Immediate Gaps Before Probe or Cutover
|
||
|
||
1. Resolve WP-0005 T02 production choices before creating durable Forgejo
|
||
manifests.
|
||
2. Complete an authenticated Gitea admin inventory for users, teams, deploy
|
||
keys, SSH keys, access tokens, webhooks, packages, LFS, attachments, and
|
||
actual wiki/release asset contents.
|
||
3. Decide whether the 13 missing/uncertain Gitea repos should be registered in
|
||
State Hub, archived, or explicitly excluded from migration.
|
||
4. Fix host preflight drift observed by `make status`:
|
||
- `CoulombCore` UFW reported inactive.
|
||
- Both `CoulombCore` and `Railiance01` reported `PasswordAuthentication yes`.
|
||
5. Establish a backup target and restore drill before migrating any production
|
||
repository data.
|
||
6. Keep legacy Gitea as source of truth until Forgejo probe and restore checks
|
||
pass.
|
||
|
||
## Current T01 Status
|
||
|
||
This first pass satisfies the public and infrastructure metadata part of T01.
|
||
T01 should remain open until the authenticated admin inventory and missing repo
|
||
classification are complete.
|
||
|
||
## Addendum (2026-07-04) — migration ladder and new repos
|
||
|
||
`RAIL-HO-WP-0005` now uses a **staged per-repo ladder** instead of an isolated
|
||
probe namespace (T03 cancelled). Repos to add or re-classify on next inventory
|
||
refresh:
|
||
|
||
| Repo | On Gitea (2026-06) | On Forgejo (2026-07-04) | Tier | Notes |
|
||
| --- | --- | --- | ---: | --- |
|
||
| `forgejo-actions-probe` | — | yes | 0 | Disposable runner/OCI probe |
|
||
| `glas-harness` | yes (not in table above) | yes (canonical) | 1 | Git+SSH+CI pilot |
|
||
| `key-cape` | yes | yes (canonical) | 2 | Image CI + `crictl pull` on railiance01 |
|
||
|
||
Evidence: `the-custodian/docs/forgejo-repo-migration-pilot-glas-harness.md`
|
||
|
||
**Tier definitions** (for per-repo `migration tier` column in a future refresh):
|
||
|
||
| Tier | Criteria | Examples |
|
||
| ---: | --- | --- |
|
||
| 0 | Disposable integration probes | `forgejo-actions-probe` |
|
||
| 1 | Non-production; git+CI only | `glas-harness` |
|
||
| 2 | Non-production with container image + registry pull | `key-cape` (done) |
|
||
| 3 | Production drain wave / sweep registration | `state-hub`, `issue-core`, … |
|
||
|
||
Production repos stay on Gitea until tier 0–2 gates and T09 backup drill pass.
|