docs(session): correct ecosystem-CI architecture to reusable workflows
All checks were successful
CI / preflight (push) Successful in 5s
CI / typecheck (push) Successful in 13s
pulumi-preview / preview (push) Successful in 17s

The composite-action pivot was based on a false negative — reusable workflows
DO work on Forgejo 11 (caller needs `runs-on`; short cross-repo ref). Correct the
SESSION_002 + HANDOVER ecosystem-CI sections, the next-steps Forgejo-upgrade note,
and point the required-reads at .forgejo/workflows/README.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Andreas Niemann 2026-07-01 01:50:59 +02:00
parent 290f48ba18
commit 786e1d2e53
2 changed files with 24 additions and 21 deletions

View file

@ -12,7 +12,7 @@ Continue the **olsitec-foundation** build. You are the **Lead Agent, HIGH-RISK /
2. `documentation/sessions/SESSION_2026-07-01_001.md` ← the prior session (gaps closed, T11/T13/T14-core)
3. `documentation/contracts/CONTRACT_001004` + `decisions/ADR_004,005,006,007`
(**ADR-007** is the control-plane mechanism the whole egg runs on — read it first)
4. `actions/README.md` ← the ecosystem-CI composite-action contract + the Forgejo-11 finding
4. `.forgejo/workflows/README.md` ← the ecosystem-CI reusable-workflow contract + the Forgejo-11 caller quirk
5. `documentation/999_testing.md` ← the operator's acceptance-test plan (now implemented)
## Where things stand
@ -27,9 +27,11 @@ Working tree clean on `master`.
`backup-verify.yml` (weekly + dispatch; RESTORE VERIFY PASS from offsite).
- `ecosystem-selftest.yml` — semantic-release bump sequence (1.0.0→1.1.0→1.1.1→2.0.0→3.0.0) +
eslint/yamllint non-zero-exit gates.
- `actions/` composite actions (node-build, docker-build, lint, semantic-release-version) — the
ecosystem-CI reuse layer. **Forgejo 11 has NO reusable workflows**; downstream repos call composite
actions by FULL URL: `uses: https://forge.olsitec.net/olsitec/foundation/actions/<x>@master`.
- `.forgejo/workflows/reusable-*.yml` (node-build, docker-build, lint, semantic-release) — the
ecosystem-CI reuse layer. Downstream repos call them as
`uses: olsitec/foundation/.forgejo/workflows/<x>.yml@master`. **Forgejo-11 quirk:** the calling job
MUST set `runs-on` (omitting it → silently zero runs; removed by a v15 upgrade) and use the SHORT
cross-repo ref (not a full URL). See `.forgejo/workflows/README.md`.
`cd bootstrap && ./run.sh up` is idempotent and now also publishes `pulumi stack export` to RustFS
(`bootstrap/state-publish.sh`) so the state-dependent CI has Pulumi state.
@ -69,6 +71,6 @@ Working tree clean on `master`.
`docs/DAY-ZERO-TIMELINE.md`.
4. **Hardening** — pin floating refs (`IMAGE_REGISTRY` PIN_DIGEST, `IMAGE_RUSTFS` `latest`, `IMAGE_CI` tag);
pre-bake pulumi plugins into `foundation-ci` (drop preview's per-run auto-install); register in Olsitec
MCP (D6); consider a Forgejo upgrade to regain reusable workflows.
MCP (D6); a Forgejo v15 upgrade would drop the reusable-workflow caller `runs-on`/short-ref quirks.
Validate each task live (VM `./run.sh up` + the runner for CI) and commit per task.