olsitec-foundation platform repo
|
All checks were successful
CI / preflight (push) Successful in 7s
CI / typecheck (push) Successful in 17s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 12s
pulumi-preview / preview (push) Successful in 20s
ecosystem-selftest / eslint-gate (push) Successful in 5s
ecosystem-selftest / yamllint-gate (push) Successful in 4s
The ecosystem-CI architecture: reusable Forgejo workflows (on: workflow_call) that downstream repos reference as `uses: olsitec/foundation/.forgejo/workflows/<x>.yml@master`. - reusable-node-build.yml: install + build for npm/bun/none — covers the npm package (olsicrypto), bun package (document-engine), and no-artifact versioned (olsitrack/api) shapes. - reusable-docker-build.yml: docker build via the host socket (R5: trusted repos only until the runner is fenced) — the seaspots-homepage / token-service shape. - reusable-lint.yml: eslint + yamllint gate (either error → job non-zero). - reusable-semantic-release.yml: conventionalcommits-preset version probe (dry-run), faithful to the GitLab template; outputs the computed next version. Real Forgejo publishing deferred (no @semantic-release/forgejo analogue yet). - ecosystem-selftest.yml + ci/semantic-release-bumptest.sh: self-contained proof on the runner of the 999_testing acceptance criteria that need no external repo — the semantic-release bump sequence (1.0.0→1.1.0→1.1.1→2.0.0→3.0.0) and the eslint/yamllint non-zero-exit gates. Validated in a foundation-ci container. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .forgejo/workflows | ||
| backup | ||
| bootstrap | ||
| ci | ||
| containers | ||
| documentation | ||
| dr | ||
| offsite-backup | ||
| packages | ||
| preflight | ||
| provision | ||
| .gitignore | ||
| bun.lock | ||
| package.json | ||
| README.md | ||
| VERSIONS | ||
olsitec-foundation
The self-hosting platform "egg": a single Pulumi project that brings up Forgejo (+ Actions +
OCI/npm registry), PostgreSQL, HashiCorp Vault, RustFS (S3), and a reverse proxy as plain OCI
containers on one VM — recoverable from {a VM, this repo, the master passphrase}.
This is Layer 0. Kubernetes, ArgoCD and everything else are Layer-1 consumers of this foundation (see ADR-004).
Layout
bootstrap/— the egg Pulumi project (phases, components, config).packages/— shared, publishable Pulumi modules (@olsitec/pulumi-*).preflight/— host & toolchain validation (run before any deploy).backup/,dr/— backup + disaster-recovery automation..forgejo/workflows/— CI (preflight, pulumi preview/up, backup-verify).documentation/— planning, ADRs, contracts, baseline overlay. Readdocumentation/000_baseline.mdanddocumentation/000_TOPOLOGY.mdfirst.
Status
Planning complete (PLAN-001 vision, PLAN-002 strategy, ADR-004/005 accepted). Implementation not yet started — next step is T00 (contracts) per PLAN-002 §10.
Recovery in one line
git clone this repo → set PULUMI_CONFIG_PASSPHRASE → ./preflight/preflight.sh →
pulumi up → restore latest offsite backup. Full procedure: dr/RUNBOOK.md (TBD, task T13).