fix(dev): 🐛 revert automated-upload damage — restore working image pins + OIDC secrets

Automated upload (95deeef) overwrote 5 manually-pinned values: - forgejo-server: restore workflow-webhook-20260305 (DB has v15a/v15b migrations; rolling back to 14.0.2-edp1-rootless WILL break the DB) - garm: restore v0.1.7-forgejo-22 (v0.1.7-forgejo-23 has exec format error — wrong arch build, crashes on OTC CCE amd64 nodes) - sizer-receiver/secret.yaml: re-add sizer-oidc-client secret (deleted by upload; causes OIDC auth failure on every sizer-receiver login) - dex/manifests/dex-sizer-client.yaml: re-add (deleted by upload; dex cannot resolve sizer OIDC client without this secret) - dex.yaml: restore manifests source block (removed by upload; without it ArgoCD never deploys the dex/manifests/ directory) backup-alerts.yaml (new VMRule from automated upload) is kept as-is.
2026-06-12 10:10:50 +02:00 · 2026-06-12 10:10:50 +02:00 · 900c1f6c80
commit 900c1f6c80
parent 95deeef6a0
5 changed files with 28 additions and 6 deletions
--- a/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/secret.yaml
+++ b/otc/dev.t09.de/stacks/ci-sizer/sizer-receiver/secret.yaml
@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sizer-oidc-client
+  labels:
+    app: sizer-receiver
+type: Opaque
+stringData:
+  client-secret: "73eda9068bd00dfe67d29f087b5540cb1cd82cc1dd2ac0f838558ac8bbcfcb3a"
--- a/otc/dev.t09.de/stacks/core/dex.yaml
+++ b/otc/dev.t09.de/stacks/core/dex.yaml
@ -27,3 +27,6 @@ spec:
    - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances
      targetRevision: HEAD
      ref: values
+    - repoURL: https://edp.buildth.ing/DevFW-CICD/stacks-instances
+      targetRevision: HEAD
+      path: "otc/dev.t09.de/stacks/core/dex/manifests"
--- a/otc/dev.t09.de/stacks/core/dex/manifests/dex-sizer-client.yaml
+++ b/otc/dev.t09.de/stacks/core/dex/manifests/dex-sizer-client.yaml
@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: dex-sizer-client
+  namespace: dex
+type: Opaque
+stringData:
+  clientSecret: "73eda9068bd00dfe67d29f087b5540cb1cd82cc1dd2ac0f838558ac8bbcfcb3a"
--- a/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml
+++ b/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml
@ -174,10 +174,9 @@ service:

 image:
  pullPolicy: "IfNotPresent"
-  # Overrides the image tag whose default is the chart appVersion.
-  #tag: "8.0.3"
-  # Adds -rootless suffix to image name
-  # rootless: true
-  fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:14.0.2-edp1-rootless
+  # DB has v15a/v15b migrations from workflow-webhook build.
+  # Using that image until a proper v15+ EDP release is cut.
+  # DO NOT revert — automated upload will break the DB schema.
+  fullOverride: edp.buildth.ing/devfw-cicd/edp-forgejo:workflow-webhook-20260305

 forgejo: {}
--- a/otc/dev.t09.de/stacks/garm/garm/values.yaml
+++ b/otc/dev.t09.de/stacks/garm/garm/values.yaml
@ -26,7 +26,10 @@ credentials:

 image:
  repository: edp.buildth.ing/devfw-cicd/garm-forgejo
-  tag: v0.1.7-forgejo-23
+  # NOTE: v0.1.7-forgejo-23 has exec format error (wrong arch build).
+  # Rolled back to -22 until -23 is rebuilt for amd64.
+  # DO NOT bump — automated upload will restore wrong arch.
+  tag: v0.1.7-forgejo-22

 providerConfig:
  edgeConnect: