philipp/unrip
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make repo deployment list authoritative
All checks were successful
deploy / deploy (push) Successful in 31s
Details

Browse source 
Proof: Automatic rollout now reconciles a repo-owned deployment list that explicitly includes operator-dashboard, instead of depending on mutable Forgejo variables or deployment metadata labels.

Assumptions: Repo-owned application deployments are the set enumerated in scripts/deploy/repo_deployments.py and each deployment still uses container name app for image updates.

Still fake: Forgejo still shows older workflow behavior on prior runs, so this commit must be validated by one more push-driven deployment cycle.
This commit is contained in:
philipp 2026-04-08 22:33:59 +02:00
parent 181fb771c7
commit 28a4a7ea6c
4 changed files with 59 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.forgejo/workflows/deploy.yml
View file

@ -150,10 +150,9 @@ jobs:
| python3 "$WORKSPACE_DIR/scripts/deploy/render_release_manifest.py" --image "$IMAGE" \ | python3 "$WORKSPACE_DIR/scripts/deploy/render_release_manifest.py" --image "$IMAGE" \
| kubectl apply -f - | kubectl apply -f -
kubectl -n "$PROJECT_NAMESPACE" get deployment \ python3 "$WORKSPACE_DIR/scripts/deploy/repo_deployments.py" --format lines \
-l "app.kubernetes.io/part-of=$PROJECT_NAME" \
-o name \
| while IFS= read -r deployment; do | while IFS= read -r deployment; do
[ -n "$deployment" ] || continue [ -n "$deployment" ] || continue
kubectl -n "$PROJECT_NAMESPACE" rollout status "$deployment" --timeout=180s kubectl -n "$PROJECT_NAMESPACE" set image "deployment/$deployment" app="$IMAGE"
kubectl -n "$PROJECT_NAMESPACE" rollout status "deployment/$deployment" --timeout=180s
done done

2
scripts/deploy/bootstrap.sh
View file

@ -10,7 +10,7 @@ FORGEJO_REMOTE_NAME="${FORGEJO_REMOTE_NAME:-forgejo}"
PROJECT_NAME="${PROJECT_NAME:-unrip}" PROJECT_NAME="${PROJECT_NAME:-unrip}"
PROJECT_NAMESPACE="${PROJECT_NAMESPACE:-$PROJECT_NAME}" PROJECT_NAMESPACE="${PROJECT_NAMESPACE:-$PROJECT_NAME}"
PROJECT_DEPLOYMENTS="${PROJECT_DEPLOYMENTS:-near-intents-ingest,market-reference-ingest,liquidity-manager,inventory-sync,history-writer,ops-sentinel,strategy-engine,trade-executor,operator-dashboard}" PROJECT_DEPLOYMENTS="${PROJECT_DEPLOYMENTS:-$(python3 "$ROOT_DIR/scripts/deploy/repo_deployments.py" --format csv)}"
PROJECT_REGISTRY_SECRET_NAME="${PROJECT_REGISTRY_SECRET_NAME:-${PROJECT_NAME}-registry-creds}" PROJECT_REGISTRY_SECRET_NAME="${PROJECT_REGISTRY_SECRET_NAME:-${PROJECT_NAME}-registry-creds}"
APP_SECRET_NAME="${APP_SECRET_NAME:-${PROJECT_NAME}-secrets}" APP_SECRET_NAME="${APP_SECRET_NAME:-${PROJECT_NAME}-secrets}"
SYNC_FORGEJO_REMOTE="${SYNC_FORGEJO_REMOTE:-1}" SYNC_FORGEJO_REMOTE="${SYNC_FORGEJO_REMOTE:-1}"

39
scripts/deploy/repo_deployments.py Normal file
View file

@ -0,0 +1,39 @@
#!/usr/bin/env python3
from __future__ import annotations
import argparse
REPO_DEPLOYMENTS = [
"near-intents-ingest",
"market-reference-ingest",
"liquidity-manager",
"inventory-sync",
"history-writer",
"ops-sentinel",
"strategy-engine",
"trade-executor",
"operator-dashboard",
]
def main() -> int:
parser = argparse.ArgumentParser(description="Print repo-owned application deployments.")
parser.add_argument(
"--format",
choices=("lines", "csv"),
default="lines",
help="Output format for deployment names.",
)
args = parser.parse_args()
if args.format == "csv":
print(",".join(REPO_DEPLOYMENTS))
else:
for deployment in REPO_DEPLOYMENTS:
print(deployment)
return 0
if __name__ == "__main__":
raise SystemExit(main())

16
test/repo_deployments_test.py Normal file
View file

@ -0,0 +1,16 @@
import unittest
from scripts.deploy.repo_deployments import REPO_DEPLOYMENTS
class RepoDeploymentsTest(unittest.TestCase):
def test_repo_deployments_include_runtime_authority_and_dashboard(self):
self.assertIn("ops-sentinel", REPO_DEPLOYMENTS)
self.assertIn("operator-dashboard", REPO_DEPLOYMENTS)
def test_repo_deployments_are_unique(self):
self.assertEqual(len(REPO_DEPLOYMENTS), len(set(REPO_DEPLOYMENTS)))
if __name__ == "__main__":
unittest.main()