DevFW-CICD/stacks-instances
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
622 commits 2 branches 2 tags 3.7 MiB
Commit graph

14 commits

Author SHA1 Message Date
Daniel Sy
8939b4f32b
fix(secrets-backup): 🔄 sync simplified manifest from template 
Remove client-side openssl encryption. OBS SSE-KMS handles encryption at rest.
Updated: no apk add openssl, no openssl enc step, no secrets-backup-config Secret,
upload .tar.gz directly. Image tag bumped to 1.0.1 (built without openssl).

Ref: IPCEICIS-9317
 2026-06-12 13:12:20 +02:00
Daniel Sy
900c1f6c80
fix(dev): 🐛 revert automated-upload damage — restore working image pins + OIDC secrets 
Automated upload (95deeef) overwrote 5 manually-pinned values:

- forgejo-server: restore workflow-webhook-20260305 (DB has v15a/v15b
  migrations; rolling back to 14.0.2-edp1-rootless WILL break the DB)
- garm: restore v0.1.7-forgejo-22 (v0.1.7-forgejo-23 has exec format
  error — wrong arch build, crashes on OTC CCE amd64 nodes)
- sizer-receiver/secret.yaml: re-add sizer-oidc-client secret (deleted
  by upload; causes OIDC auth failure on every sizer-receiver login)
- dex/manifests/dex-sizer-client.yaml: re-add (deleted by upload;
  dex cannot resolve sizer OIDC client without this secret)
- dex.yaml: restore manifests source block (removed by upload;
  without it ArgoCD never deploys the dex/manifests/ directory)

backup-alerts.yaml (new VMRule from automated upload) is kept as-is.
 2026-06-12 10:11:00 +02:00
Automated pipeline
95deeef6a0 Automated upload for dev.t09.de 2026-06-12 07:46:00 +00:00
Daniel Sy
9bbcf4efca
fix(secrets-backup): 🐛 add openssl install + upgrade image to 1.32.0 
alpine/k8s:1.28.0 does not ship openssl. Script calls openssl enc
on line 116 causing exit 127 on every run since initial deploy.

Fix:
- apk add --no-cache openssl at script start (defensive, idempotent)
- upgrade image 1.28.0 -> 1.32.0 (kubectl client was 5 minor versions
  behind cluster v1.33, outside supported skew of +/-1)
 2026-06-12 09:32:48 +02:00
Daniel Sy
bd82384eb1
fix(dex): 🔐 correct sizer client secret to match sizer-oidc-client 
The deploy hydration created dex-sizer-client with wrong value.
Reverting to the original shared secret that sizer expects
(73eda906... - active for 81 days before hydration overwrote it).

Changes:
- sizer-oidc-client: restore correct shared secret
- dex-sizer-client: add managed manifest to prevent future drift
- dex.yaml: add manifests source for ArgoCD to sync the secret

Broken by stacks rehydration pipeline run.
 2026-06-08 17:11:10 +02:00
Automated pipeline
422f568c8e Automated upload for dev.t09.de 2026-06-08 12:15:27 +00:00
Patrick Sy
a7bc25603c
Added DevFW-CICD users as admins 2026-05-19 14:01:18 +02:00
Daniel Sy
61721097d6
chore(sizer): 🔧 rename forgejo-runner-sizer to ci-sizer in deployment configs 
- Update container image names to ci-sizer-{receiver,collector}
- Update Dex OIDC client ID and name to ci-sizer
- Template allowed-org as SIZER_ALLOWED_ORG variable
 2026-04-21 14:16:39 +02:00
Daniel Sy
46a1c1aa33
feat(dex): add forgejo-runner-sizer OIDC static client 
Register forgejo-runner-sizer as a Dex static client for OIDC
authentication on sizer.dev.t09.de. Adds the client secret env var
injection and the staticClients entry with secretEnv reference.
 2026-04-10 13:22:45 +02:00
Daniel Sy
6d3f8eee5a
Update Argo CD helm chart target revision to v9.4.6 2026-03-03 13:46:53 +01:00
Automated pipeline
8a84de46d0 Automated upload for dev.t09.de 2026-02-17 09:34:42 +00:00
Martin McCaffery
585ccce95d
Automated upload for dev.t09.de 2026-01-30 14:56:24 +01:00
Martin McCaffery
b3b41f3451
Clean up dead environment config 2026-01-30 10:57:48 +01:00
Automated pipeline
f179351f83 Automated upload for dev.t09.de 2025-12-05 13:56:55 +00:00