chore(garm): ⬆️ bump garm-forgejo to v0.1.7-forgejo-21

chore(garm): ⬆️ bump garm-forgejo to v0.1.7-forgejo-20
chore(garm): ⬆️ bump garm-forgejo to v0.1.7-forgejo-19
2026-04-24 15:47:23 +02:00 · 2026-04-24 14:51:58 +02:00 · 2026-04-24 13:41:52 +02:00 · 2026-04-22 13:19:32 +02:00 · 2026-04-21 17:15:41 +02:00 · 2026-04-21 16:27:25 +02:00
11 changed files with 81 additions and 27 deletions
--- a/otc/dev.t09.de/stacks/core/dex/values.yaml
+++ b/otc/dev.t09.de/stacks/core/dex/values.yaml
@ -34,6 +34,11 @@ envVars:
      secretKeyRef:
        name: dex-argo-client
        key: clientSecret
+  - name: FORGEJO_RUNNER_SIZER_CLIENT_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: dex-runner-sizer-client
+        key: clientSecret
  - name: LOG_LEVEL
    value: debug

@ -74,3 +79,8 @@ config:
        - "https://grafana.dev.t09.de/login/generic_oauth"
      name: "Grafana"
      secretEnv: "OIDC_DEX_GRAFANA_CLIENT_SECRET"
+    - id: ci-sizer
+      name: "CI Sizer"
+      redirectURIs:
+        - "https://sizer.dev.t09.de/ui/callback"
+      secretEnv: "FORGEJO_RUNNER_SIZER_CLIENT_SECRET"
--- a/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml
+++ b/otc/dev.t09.de/stacks/forgejo/forgejo-server/values.yaml
@ -137,6 +137,9 @@ gitea:
      ENABLED: true
      ADAPTER: redis

+    security:
+      GLOBAL_TWO_FACTOR_REQUIREMENT: admin
+
    service:
      DISABLE_REGISTRATION: true
      ENABLE_NOTIFY_MAIL: true
--- a/otc/dev.t09.de/stacks/garm/garm.yaml
+++ b/otc/dev.t09.de/stacks/garm/garm.yaml
@ -20,7 +20,7 @@ spec:
  sources:
    - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm
      path: charts/garm
-      targetRevision: v0.0.12
+      targetRevision: v0.0.15
      helm:
        valueFiles:
          - $values/otc/dev.t09.de/stacks/garm/garm/values.yaml
--- a/otc/dev.t09.de/stacks/garm/garm/values.yaml
+++ b/otc/dev.t09.de/stacks/garm/garm/values.yaml
@ -26,7 +26,7 @@ credentials:

 image:
  repository: edp.buildth.ing/devfw-cicd/garm-forgejo
-  tag: v0.1.7-forgejo-3
+  tag: v0.1.7-forgejo-21

 providerConfig:
  edgeConnect:
@ -37,8 +37,9 @@ providerConfig:
      name: Hamburg
      organization: TelekomOP
  edgeConnectK8s:
+    pendingTimeout: "5m"
    sizer:
-      sidecarImage: edp.buildth.ing/devfw-cicd/forgejo-runner-sizer-collector:latest
+      sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:latest
      sidecarPushEndpoint: https://sizer.dev.t09.de/api/v1/metrics
      baseUrl: "https://sizer.dev.t09.de"
      readToken:
--- a/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml
+++ b/otc/dev.t09.de/stacks/garm/sizer-receiver/deployment.yaml
@ -16,9 +16,11 @@ spec:
      labels:
        app: sizer-receiver
    spec:
+      securityContext:
+        fsGroup: 65534
      containers:
        - name: receiver
-          image: edp.buildth.ing/devfw-cicd/forgejo-runner-sizer-receiver:latest
+          image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:latest
          imagePullPolicy: Always
          args:
            - --db=/data/metrics.db
@ -37,6 +39,34 @@ spec:
                secretKeyRef:
                  name: sizer-tokens
                  key: hmac-key
+            - name: GARM_URL
+              value: "http://garm.garm.svc.cluster.local:80"
+            - name: GARM_USER
+              value: "admin"
+            - name: GARM_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: garm-fixed-credentials
+                  key: admin_password
+            - name: RECEIVER_OIDC_ISSUER
+              value: "https://dex.dev.t09.de"
+            - name: RECEIVER_OIDC_CLIENT_ID
+              value: "ci-sizer"
+            - name: RECEIVER_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: sizer-oidc-client
+                  key: client-secret
+            - name: RECEIVER_OIDC_REDIRECT_URI
+              value: "https://sizer.dev.t09.de/ui/callback"
+            - name: RECEIVER_SESSION_TTL
+              value: "12h"
+            - name: RECEIVER_ALLOWED_ORG
+              value: "DevFW"
+            - name: RECEIVER_CPU_SIZING_MODE
+              value: "observe"
+            - name: RECEIVER_MEMORY_QOS
+              value: "guaranteed"
          volumeMounts:
            - name: data
              mountPath: /data
--- a/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml
+++ b/otc/edp.buildth.ing/stacks/forgejo/forgejo-server/values.yaml
@ -137,6 +137,9 @@ gitea:
      ENABLED: true
      ADAPTER: redis

+    security:
+      GLOBAL_TWO_FACTOR_REQUIREMENT: admin
+
    service:
      DISABLE_REGISTRATION: true
      ENABLE_NOTIFY_MAIL: true
@ -177,4 +180,4 @@ image:
  # rootless: true
  fullOverride: observability.buildth.ing/devfw-cicd/edp-forgejo:14.0.2-edp1-rootless

-forgejo: {}
+forgejo: {}
--- a/otc/edp.buildth.ing/stacks/garm/garm.yaml
+++ b/otc/edp.buildth.ing/stacks/garm/garm.yaml
@ -20,7 +20,7 @@ spec:
  sources:
    - repoURL: https://edp.buildth.ing/DevFW-CICD/garm-helm
      path: charts/garm
-      targetRevision: v0.0.7
+      targetRevision: v0.0.11
      helm:
        valueFiles:
          - $values/otc/edp.buildth.ing/stacks/garm/garm/values.yaml
--- a/otc/edp.buildth.ing/stacks/garm/garm/values.yaml
+++ b/otc/edp.buildth.ing/stacks/garm/garm/values.yaml
@ -26,7 +26,7 @@ credentials:

 image:
  repository: observability.buildth.ing/devfw-cicd/garm-forgejo
-  tag: v0.1.7-forgejo-1
+  tag: v0.1.7-forgejo-21

 providerConfig:
  edgeConnect:
@ -36,6 +36,9 @@ providerConfig:
    cloudlet:
      name: Hamburg
      organization: TelekomOP
+  edgeConnectK8s:
+    sizer:
+      sidecarImage: edp.buildth.ing/devfw-cicd/ci-sizer-collector:0.0.4

 garm:
  logging:
--- a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml
+++ b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver.yaml
@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: optimiser-receiver
+  name: sizer-receiver
  namespace: argocd
  labels:
    env: dev
@ -22,4 +22,4 @@ spec:
  source:
    repoURL: https://observability.buildth.ing/DevFW-CICD/stacks-instances
    targetRevision: HEAD
-    path: "otc/edp.buildth.ing/stacks/garm/optimiser-receiver"
+    path: "otc/edp.buildth.ing/stacks/garm/sizer-receiver"
--- a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml
+++ b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/deployment.yaml
@ -1,22 +1,22 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: optimiser-receiver
+  name: sizer-receiver
  labels:
-    app: optimiser-receiver
+    app: sizer-receiver
 spec:
  replicas: 1
  selector:
    matchLabels:
-      app: optimiser-receiver
+      app: sizer-receiver
  template:
    metadata:
      labels:
-        app: optimiser-receiver
+        app: sizer-receiver
    spec:
      containers:
        - name: receiver
-          image: edp.buildth.ing/devfw-cicd/forgejo-runner-optimiser-receiver:0.0.3
+          image: edp.buildth.ing/devfw-cicd/ci-sizer-receiver:0.0.4
          args:
            - --db=/data/metrics.db
          ports:
@ -27,13 +27,17 @@ spec:
            - name: RECEIVER_READ_TOKEN
              valueFrom:
                secretKeyRef:
-                  name: optimiser-tokens
+                  name: sizer-tokens
                  key: read-token
            - name: RECEIVER_HMAC_KEY
              valueFrom:
                secretKeyRef:
-                  name: optimiser-tokens
+                  name: sizer-tokens
                  key: hmac-key
+            - name: RECEIVER_CPU_SIZING_MODE
+              value: "observe"
+            - name: RECEIVER_MEMORY_QOS
+              value: "guaranteed"
          volumeMounts:
            - name: data
              mountPath: /data
@ -59,17 +63,17 @@ spec:
      volumes:
        - name: data
          persistentVolumeClaim:
-            claimName: optimiser-receiver-data
+            claimName: sizer-receiver-data
 ---
 apiVersion: v1
 kind: Service
 metadata:
-  name: optimiser-receiver
+  name: sizer-receiver
  labels:
-    app: optimiser-receiver
+    app: sizer-receiver
 spec:
  selector:
-    app: optimiser-receiver
+    app: sizer-receiver
  ports:
    - name: http
      port: 8080
@ -79,9 +83,9 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: optimiser-receiver-data
+  name: sizer-receiver-data
  labels:
-    app: optimiser-receiver
+    app: sizer-receiver
  annotations:
    everest.io/disk-volume-type: GPSSD
 spec:
--- a/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml
+++ b/otc/edp.buildth.ing/stacks/garm/optimiser-receiver/ingress.yaml
@ -5,22 +5,22 @@ metadata:
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    cert-manager.io/cluster-issuer: main

-  name: optimiser-receiver
+  name: sizer-receiver
  namespace: garm
 spec:
  ingressClassName: nginx
  rules:
-    - host: optimiser.edp.buildth.ing
+    - host: sizer.edp.buildth.ing
      http:
        paths:
          - backend:
              service:
-                name: optimiser-receiver
+                name: sizer-receiver
                port:
                  number: 8080
            path: /
            pathType: Prefix
  tls:
    - hosts:
-        - optimiser.edp.buildth.ing
-      secretName: optimiser-receiver-tls
+        - sizer.edp.buildth.ing
+      secretName: sizer-receiver-tls
Author	SHA1	Message	Date
Daniel Sy	bc96d8d7aa	chore(garm): ⬆️ bump garm-forgejo to v0.1.7-forgejo-21	2026-04-24 15:47:23 +02:00
Daniel Sy	e65abf162e	chore(garm): ⬆️ bump garm-forgejo to v0.1.7-forgejo-20	2026-04-24 14:51:58 +02:00
Daniel Sy	a9dcf29f7a	chore(garm): ⬆️ bump garm-forgejo to v0.1.7-forgejo-19	2026-04-24 13:41:52 +02:00
Daniel Sy	b72e2049e3	chore: bump garm image to v0.1.7-forgejo-18 for dev.t09.de	2026-04-22 13:19:32 +02:00
Daniel Sy	4cea4ffde7	chore: bump garm to v0.1.7-forgejo-17 (activeDeadlineSeconds)	2026-04-21 17:15:41 +02:00
Daniel Sy	0b13b89640	chore(garm): ⬆️ bump garm-helm to v0.0.15 (startup probe fix)	2026-04-21 16:27:25 +02:00
Daniel Sy	4aa8973c91	chore(garm): ⬆️ bump garm-helm chart to v0.0.14	2026-04-21 16:03:06 +02:00
Daniel Sy	c682c48be0	chore: bump garm image to v0.1.7-forgejo-16	2026-04-21 15:53:50 +02:00
Daniel Sy	61721097d6	chore(sizer): 🔧 rename forgejo-runner-sizer to ci-sizer in deployment configs - Update container image names to ci-sizer-{receiver,collector} - Update Dex OIDC client ID and name to ci-sizer - Template allowed-org as SIZER_ALLOWED_ORG variable	2026-04-21 14:16:39 +02:00
Daniel Sy	487e1ac15c	chore(garm): ⬆️ bump garm to v0.1.7-forgejo-15	2026-04-20 17:32:22 +02:00
Daniel Sy	2af607e949	chore(garm): ⬆️ bump garm to v0.1.7-forgejo-14, add CPU sizing mode env vars	2026-04-20 16:08:12 +02:00
Daniel Sy	f2c885cd84	fix(sizer): 🔧 sync gitops with live deployment — add OIDC config, remove legacy Forgejo tokens	2026-04-16 15:05:53 +02:00
Daniel Sy	08740eb1da	chore: bump garm image to v0.1.7-forgejo-13 (RunNumber enrichment via WebSocket)	2026-04-16 13:32:12 +02:00
Daniel Sy	47f99082db	feat(sizer-receiver): ✨ add GARM WebSocket event enrichment env vars Add GARM_URL, GARM_USER, and GARM_PASSWORD environment variables to the sizer-receiver deployment so it can connect to GARM's WebSocket event stream for run-status enrichment. Ref: IPCEICIS-8514	2026-04-15 15:46:55 +02:00
Daniel Sy	a3bae88ce9	fix(sizer-receiver): 🐛 add fsGroup to pod securityContext for PVC write access Distroless nonroot container (UID 65534) needs matching fsGroup to write to the PVC used for SQLite migrations. Ref: IPCEICIS-8514	2026-04-15 14:45:27 +02:00
Daniel Sy	9374d90d1f	chore(garm): ⬆️ bump image to v0.1.7-forgejo-12 (ParseExtraSpecs fix) Pick up double-encoding fix from garm-provider-edge-connect v2.0.30. Ref: IPCEICIS-8514	2026-04-15 13:50:54 +02:00
Daniel Sy	e0f74e9ec4	chore(garm): ⬆️ bump image to v0.1.7-forgejo-11 with fixed provider binary Ref: IPCEICIS-8514	2026-04-15 12:25:37 +02:00
Daniel Sy	58c694c9d1	chore(garm): 📦 bump image to v0.1.7-forgejo-10 (GitHub Actions cgroup fix) Provider v2.0.27 fixes CIProvider-aware CGROUP_PROCESS_MAP for GitHub Actions runner detection, completing multi-provider support. Ref: IPCEICIS-8514	2026-04-15 10:23:57 +02:00
Daniel Sy	d1ab2f6c85	chore(garm): 📦 bump image to v0.1.7-forgejo-9 (multi-provider support) garm-provider-edge-connect v2.0.26 adds GitHub Actions + Forgejo multi-provider support.	2026-04-14 16:58:24 +02:00
Daniel Sy	246be79659	chore(garm): bump to v0.1.7-forgejo-8 (revert buildkitd wrapper)	2026-04-14 13:01:17 +02:00
Daniel Sy	6f9a6372f1	chore(garm): bump garm image to v0.1.7-forgejo-7 - Includes provider v2.0.24 with pod cleanup fixes: - GetPod returns terminal pods for proper GARM lifecycle - ListInstances prefix mismatch fixed - ProviderID consistency fix - buildkitd SIGTERM graceful shutdown	2026-04-14 11:23:53 +02:00
Daniel Sy	d116313afe	chore(garm): bump to v0.1.7-forgejo-6 (provider nil map fix)	2026-04-13 18:02:37 +02:00
Daniel Sy	ee8b2f0e9c	chore(garm): bump helm chart to v0.0.13 for nodes RBAC	2026-04-13 16:35:44 +02:00
Daniel Sy	dedebf1747	chore(garm): update image to v0.1.7-forgejo-5 and add pending_timeout config	2026-04-13 15:23:48 +02:00
Daniel Sy	46a1c1aa33	feat(dex): add forgejo-runner-sizer OIDC static client Register forgejo-runner-sizer as a Dex static client for OIDC authentication on sizer.dev.t09.de. Adds the client secret env var injection and the staticClients entry with secretEnv reference.	2026-04-10 13:22:45 +02:00
Automated pipeline	2f15b6b373	Automated upload for edp.buildth.ing	2026-03-17 13:25:52 +00:00
Automated pipeline	4b11db5668	Automated upload for dev.t09.de	2026-03-17 14:16:23 +01:00