- Bun workspaces (packages/* + bootstrap); Pulumi nodejs runtime under
packagemanager: bun (no npm fallback needed).
- bootstrap/config.ts: typed FoundationConfig per CONTRACT_001; loadConfig()
fails closed, aggregating all missing+malformed keys in one error. Reads flat
dotted keys; image digests excluded (they live in VERSIONS, D5).
- bootstrap/Pulumi.foundation.yaml: non-secret placeholders only (RFC-5737 vm.host,
.invalid offsite); no encryptionsalt/secrets committed (D2). pulumi preview = 0
resources under the passphrase provider via gitignored file:// state backend.
- Stage-1 vendoring: packages/pulumi-{docker,vault} as @olsitec/* (source-only,
logic unchanged). vault's 5 type-only imports from modules/olsitec re-homed
verbatim into pulumi-vault/olsitec-types.ts to keep the egg self-contained.
Realizes PLAN-002 §10 T02; ADR-005 / 000_TOPOLOGY.md §5 Stage-1.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1.7 KiB
VENDORED — @olsitec/pulumi-docker
Source (absolute path): /Users/andiolsi/work/olsicloud4/pulumi/modules/docker/
Copy date: 2026-06-30
Stage: Stage-1 vendoring per documentation/000_TOPOLOGY.md §5.
What this is
A verbatim copy of the olsicloud4 modules/docker Pulumi module (the
DockerDeployments @pulumi/docker-over-SSH wrapper, CONTRACT_003). At day-zero the
foundation registry does not yet exist, so bootstrap/ consumes this module locally
through the Bun workspace (packages/*) instead of from a registry — this resolves the
"registry hosts the modules that build the registry" paradox (000_TOPOLOGY.md §3, ADR-005).
What was copied
index.ts, package.json, tsconfig.json, .editorconfig, .gitignore.
Not copied: node_modules/, package-lock.json (lockfiles), .git/.
Changes made vs. the source
package.jsonname:docker→@olsitec/pulumi-docker; addedversion(0.0.0, pre-publish placeholder) andmain/types(index.ts) so the Bun workspace resolves it.- No behavioural change.
index.tslogic is byte-for-byte the upstream source.
Lifecycle (000_TOPOLOGY.md §5)
- Stage 1 — VENDOR (this commit): copied here; consumed locally via Bun workspace.
- Stage 2 — PUBLISH (later task): once the foundation Forgejo npm registry is live, CI
publishes
@olsitec/pulumi-docker@<semver>(semantic-release-monorepo, Conventional Commits). - Stage 3 — CONSUME (steady state): downstream projects switch imports from
olsicloud4/pulumi/modules/dockerto the published package; the old module is frozen then removed.
Do not refactor the vendored logic here. Behavioural changes belong upstream or in Stage-2+ work.