The ecosystem-CI architecture: reusable Forgejo workflows (on: workflow_call)
that downstream repos reference as
`uses: olsitec/foundation/.forgejo/workflows/<x>.yml@master`.
- reusable-node-build.yml: install + build for npm/bun/none — covers the npm
package (olsicrypto), bun package (document-engine), and no-artifact versioned
(olsitrack/api) shapes.
- reusable-docker-build.yml: docker build via the host socket (R5: trusted repos
only until the runner is fenced) — the seaspots-homepage / token-service shape.
- reusable-lint.yml: eslint + yamllint gate (either error → job non-zero).
- reusable-semantic-release.yml: conventionalcommits-preset version probe (dry-run),
faithful to the GitLab template; outputs the computed next version. Real Forgejo
publishing deferred (no @semantic-release/forgejo analogue yet).
- ecosystem-selftest.yml + ci/semantic-release-bumptest.sh: self-contained proof
on the runner of the 999_testing acceptance criteria that need no external repo —
the semantic-release bump sequence (1.0.0→1.1.0→1.1.1→2.0.0→3.0.0) and the
eslint/yamllint non-zero-exit gates. Validated in a foundation-ci container.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Completes T14: the two CI pipelines that need Pulumi stack state, which
bootstrap/state/ is gitignored from. Solves the blocker by publishing a
fresh `pulumi stack export` to RustFS after every `up`, then having CI
pull + import it.
- state-publish.sh: ships the stack export to rfs/foundation-ci-state/
foundation-stack.json via a throwaway mc container on foundation-net
(ADR-007), exactly like backup.sh. Secrets inside the export stay
passphrase-encrypted; config travels in the committed (encrypted)
Pulumi.foundation.yaml. run.sh invokes it best-effort after `up`.
- rustfs.ts + Pulumi.foundation.yaml: declare the foundation-ci-state
bucket (created belt-and-suspenders by state-publish on first run).
- pulumi-preview.yml (push/PR): read-only drift/PR check. Pulls + imports
state, materializes the operator key from the SSH_PRIVATE_KEY secret
(the provider + index.ts read it), `pulumi preview` — never `up`. A diff
is informational so the job fails only on a program/preview error.
- backup-verify.yml (weekly + dispatch): reuses backup.sh/restore.sh
unchanged to produce a bundle and restore-verify it from offsite
(CONTRACT_004 §4.6). Imports real state so the bundle's pulumi-state.json
is real, not an empty deployment.
Repo-scoped Actions secrets set via the admin API: PULUMI_CONFIG_PASSPHRASE,
SSH_PRIVATE_KEY, RUSTFS_ACCESS_KEY, RUSTFS_SECRET_KEY. Both pipelines
validated end-to-end in a foundation-ci container on the VM (preview exit 0;
backup-verify RESTORE VERIFY PASS from offsite).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Stand up the foundation's own CI on its Forgejo runner. The committed scope here
is the self-contained half (toolchain + typecheck); the stack-state-dependent
pipelines (pulumi preview, backup-verify) need CI secrets + a state fetch and
land next.
- containers/ci-image/Dockerfile + VERSIONS IMAGE_CI: one baked image carrying
exactly what preflight validates (pulumi/bun/node/docker/git/age/zstd/jq/vault/
psql/mc). Built on the VM (like caddy-cloudflare) and used LOCALLY by the runner.
- runner.ts: give act_runner a config.yaml — container.network=foundation-net (so
job containers reach foundation-forgejo:3000 for checkout + the data plane) and
force_pull=false (use the local foundation-ci image, no registry). Self-heals on up.
- .forgejo/workflows/ci.yml: preflight (tools + versions vs VERSIONS pins) +
typecheck (bun install + tsc --noEmit on bootstrap). Gates every push.
- run.sh / backup.sh / restore.sh / dr: take PULUMI_CONFIG_PASSPHRASE from env when
set (CI secret), falling back to `pass` (operator) — so the scripts run pass-free
in CI.
Reusable-workflows architecture (per the chosen direction) — the ecosystem CI
(semantic-release, docker/npm/bun builds, eslint/yamllint over the 999_testing.md
candidates) builds on this image + runner next phase.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Repo topology, baseline overlay, planning docs (PLAN-001/002), ADR-004/005,
and the bootstrap/packages/documentation skeleton. Implementation (T00+) not started.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>