ldraney/notion-mcp-remote
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases 2 Packages Activity Actions

feat: activate repo in Woodpecker + add Harbor push secrets #8

New issue
Closed
opened 2026-04-21 01:31:00 +00:00 by forgejo_admin · 2 comments
forgejo_admin commented 2026-04-21 01:31:00 +00:00
Contributor
Copy link

Type

Feature

Lineage

Standalone — scoped from project-notion-mcp-remote. Follows service-onboarding-sop steps 7–8.

Repo

forgejo_admin/notion-mcp-remote

User Story

As an operator
I want this repo activated in Woodpecker with Harbor push credentials configured
So that pushes to main trigger a build-and-push pipeline that authenticates to Harbor.

Context

Woodpecker does not auto-discover new Forgejo repos. Activation is a manual UI step (tracked as woodpecker-sdk #6 — no activate_repo MCP tool yet). Harbor credentials must be added as repo secrets so the build-and-push plugin can authenticate — these come from tofu apply output on pal-e-platform (Harbor robot account for this service).

SOP requires using mcp__woodpecker__create_repo_secret, not the Woodpecker UI, for secret entry.

File Targets

No repo file changes. Woodpecker UI + MCP tool calls only.

Acceptance Criteria

  • Repo forgejo_admin/notion-mcp-remote visible as active in Woodpecker UI
  • Secrets harbor_username and harbor_password visible via mcp__woodpecker__list_repo_secrets for this repo
  • Values match the Harbor robot account produced by tofu apply (not admin credentials)
  • Pushing to a feature branch triggers a pipeline run that reaches (but may fail at) the build-and-push step — proves activation + secrets are wired up
  • main push produces a full green pipeline once the Harbor URL fix is in place

Test Expectations

  • mcp__woodpecker__list_pipelines shows a run for a test commit
  • Build step logs show "successfully pushed" to Harbor (after the Harbor URL fix)
  • Run command: mcp__woodpecker__list_pipelines (filter by this repo)

Constraints

  • Wait until pal-e-platform tofu apply creates the Harbor robot — robot credentials come from the tofu output, not Harbor UI
  • Use mcp__woodpecker__create_repo_secret, not the Woodpecker UI

Checklist

  • Prereq: tofu apply completed (Harbor robot exists)
  • Prereq: Harbor URL fix merged (so the pipeline uses internal URL)
  • Repo activated
  • Harbor secrets added via MCP
  • Pipeline verified
  • No unrelated changes

Related

  • project-notion-mcp-remote
  • story-notion-mcp-remote-ops-deploy-gitops
  • service-onboarding-sop
### Type Feature ### Lineage Standalone — scoped from `project-notion-mcp-remote`. Follows `service-onboarding-sop` steps 7–8. ### Repo `forgejo_admin/notion-mcp-remote` ### User Story As an operator I want this repo activated in Woodpecker with Harbor push credentials configured So that pushes to `main` trigger a build-and-push pipeline that authenticates to Harbor. ### Context Woodpecker does not auto-discover new Forgejo repos. Activation is a manual UI step (tracked as `woodpecker-sdk #6` — no `activate_repo` MCP tool yet). Harbor credentials must be added as **repo secrets** so the `build-and-push` plugin can authenticate — these come from `tofu apply` output on pal-e-platform (Harbor robot account for this service). SOP requires using `mcp__woodpecker__create_repo_secret`, not the Woodpecker UI, for secret entry. ### File Targets No repo file changes. Woodpecker UI + MCP tool calls only. ### Acceptance Criteria - [ ] Repo `forgejo_admin/notion-mcp-remote` visible as active in Woodpecker UI - [ ] Secrets `harbor_username` and `harbor_password` visible via `mcp__woodpecker__list_repo_secrets` for this repo - [ ] Values match the Harbor robot account produced by `tofu apply` (not admin credentials) - [ ] Pushing to a feature branch triggers a pipeline run that reaches (but may fail at) the `build-and-push` step — proves activation + secrets are wired up - [ ] `main` push produces a full green pipeline once the Harbor URL fix is in place ### Test Expectations - [ ] `mcp__woodpecker__list_pipelines` shows a run for a test commit - [ ] Build step logs show "successfully pushed" to Harbor (after the Harbor URL fix) - Run command: `mcp__woodpecker__list_pipelines` (filter by this repo) ### Constraints - Wait until pal-e-platform `tofu apply` creates the Harbor robot — robot credentials come from the tofu output, not Harbor UI - Use `mcp__woodpecker__create_repo_secret`, not the Woodpecker UI ### Checklist - [ ] Prereq: `tofu apply` completed (Harbor robot exists) - [ ] Prereq: Harbor URL fix merged (so the pipeline uses internal URL) - [ ] Repo activated - [ ] Harbor secrets added via MCP - [ ] Pipeline verified - [ ] No unrelated changes ### Related - `project-notion-mcp-remote` - `story-notion-mcp-remote-ops-deploy-gitops` - `service-onboarding-sop`
forgejo_admin commented 2026-04-21 12:28:59 +00:00
Author
Contributor
Copy link

Scope Review: APPROVED

Review note: review-1048-2026-04-21

Feature template fully satisfied. Traceability triangle complete (story note verified on project page; arch:woodpecker label is non-blocking — backing note is a known cross-project gap). Dependency on #5 (Harbor URL fix) is explicit; AC4 is well-designed so activation + secrets can be verified independently of the Harbor URL fix landing.

Field-state observations for the implementer:

  • Repo already reports active: true in Woodpecker (id 16), but list_pipelines returns [] — verify activation is functional by pushing a test commit, not just by reading the flag.
  • list_repo_secrets returns []harbor_username and harbor_password are genuinely missing. AC2 is real, outstanding work.
  • .woodpecker.yaml (not .yml) is present on main at commit 837e2f2 and references Dockerfile.k8s correctly.

Advisory (non-blocking):

  • [SCOPE] Create arch-woodpecker architecture note in pal-e-docs. Owned by pal-e-platform project, not this ticket.
  • [BODY] Consider tightening AC1 to also require a visible pipeline row in mcp__woodpecker__list_pipelines from a test push, so the implementer does not claim completion on a stale active flag.

Ready to advance from backlog to todo.

## Scope Review: APPROVED Review note: `review-1048-2026-04-21` Feature template fully satisfied. Traceability triangle complete (story note verified on project page; `arch:woodpecker` label is non-blocking — backing note is a known cross-project gap). Dependency on #5 (Harbor URL fix) is explicit; AC4 is well-designed so activation + secrets can be verified independently of the Harbor URL fix landing. Field-state observations for the implementer: - Repo already reports `active: true` in Woodpecker (id 16), but `list_pipelines` returns `[]` — verify activation is _functional_ by pushing a test commit, not just by reading the flag. - `list_repo_secrets` returns `[]` — `harbor_username` and `harbor_password` are genuinely missing. AC2 is real, outstanding work. - `.woodpecker.yaml` (not `.yml`) is present on main at commit `837e2f2` and references `Dockerfile.k8s` correctly. Advisory (non-blocking): - `[SCOPE]` Create `arch-woodpecker` architecture note in pal-e-docs. Owned by pal-e-platform project, not this ticket. - `[BODY]` Consider tightening AC1 to also require a visible pipeline row in `mcp__woodpecker__list_pipelines` from a test push, so the implementer does not claim completion on a stale `active` flag. Ready to advance from backlog to todo.
forgejo_admin commented 2026-05-10 15:56:17 +00:00
Author
Contributor
Copy link

Done. Woodpecker repo deactivated/reactivated, Harbor secrets set, pipeline #8 succeeded. Closing.

Done. Woodpecker repo deactivated/reactivated, Harbor secrets set, pipeline #8 succeeded. Closing.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
3-add-woodpecker-ci-pipeline-dockerfile-an
21-migrate-to-mcp-remote-auth
19-extend-token-ttl
17-fix-stateless-sessions
15-fix-hatch-build
13-fix-build-backend
11-pypi-ci
9-repo-presentation
7-pypi-publish
5-qa-test-script
v0.2.0
v0.1.1
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/notion-mcp-remote#8
No description provided.