Validate session 2026-03-28 merges (4 PRs) #88

New issue

Open

opened 2026-03-28 12:09:07 +00:00 by forgejo_admin · 2 comments

forgejo_admin commented

2026-03-28 12:09:07 +00:00

Owner

Type

Task

Scope

Validate 4 PRs merged during session 2026-03-28. Multiple Woodpecker pipelines are failing or killed.

Lineage: Validation audit — session 2026-03-28 pipeline gap

User Story: As a platform operator, I want to verify that merged code is deployed and working, so that done means done.

PRs merged:

CI status:

Pipeline #101 — FAILURE
Pipeline #100 — KILLED
Pipeline #99 — KILLED
Pipeline #98 — KILLED

Test Expectations: Pipeline green on Woodpecker, ArgoCD sync healthy, manual feature verification — pages render in browser without errors.

Constraints: Diagnose before fixing — pull logs first. Killed pipelines may be expected (superseded by newer runs) — confirm this.

Acceptance Criteria

Pipeline #101 failure diagnosed — root cause documented
Killed pipelines (#100, #99, #98) understood — were they superseded or broken?
ArgoCD sync verified for pal-e-app deployment
Pages render correctly in browser (manual spot-check)
Pipeline verified
Deployment confirmed
Features validated

project-pal-e-platform

### Type Task ### Scope Validate 4 PRs merged during session 2026-03-28. Multiple Woodpecker pipelines are failing or killed. **Lineage:** Validation audit — session 2026-03-28 pipeline gap **User Story:** As a platform operator, I want to verify that merged code is deployed and working, so that done means done. **PRs merged:** - #83 - #84 - #85 - #86 **CI status:** - Pipeline #101 — FAILURE - Pipeline #100 — KILLED - Pipeline #99 — KILLED - Pipeline #98 — KILLED **Test Expectations:** Pipeline green on Woodpecker, ArgoCD sync healthy, manual feature verification — pages render in browser without errors. **Constraints:** Diagnose before fixing — pull logs first. Killed pipelines may be expected (superseded by newer runs) — confirm this. ### Acceptance Criteria - [ ] Pipeline #101 failure diagnosed — root cause documented - [ ] Killed pipelines (#100, #99, #98) understood — were they superseded or broken? - [ ] ArgoCD sync verified for pal-e-app deployment - [ ] Pages render correctly in browser (manual spot-check) - [ ] Pipeline verified - [ ] Deployment confirmed - [ ] Features validated ### Related - `project-pal-e-platform`

forgejo_admin commented

2026-03-28 12:12:38 +00:00

Author

Owner

Investigation complete. Root cause: cross-namespace networking broken (woodpecker → forgejo).

Forgejo pod is healthy, service is running, NetworkPolicy correctly lists woodpecker namespace. But actual connectivity from woodpecker namespace to forgejo service returns "connection refused" — not timeout.

This suggests kube-proxy iptables rules or CNI routing is broken for cross-namespace traffic. Correlates with recent terraform refactoring (commit 992faf3) and NetworkPolicy modifications (commit 6f80d16, March 27).

Potential fixes (need manual investigation on archbox):

Restart kube-proxy: kubectl rollout restart ds/kube-proxy -n kube-system
Restart CoreDNS: kubectl rollout restart deployment/coredns -n kube-system
Force re-apply NetworkPolicies
Inspect iptables rules on node

This is likely the same root cause as pal-e-deployments k8s API unreachable — both are cross-namespace connectivity failures.

**Investigation complete.** Root cause: cross-namespace networking broken (woodpecker → forgejo). Forgejo pod is healthy, service is running, NetworkPolicy correctly lists woodpecker namespace. But actual connectivity from woodpecker namespace to forgejo service returns "connection refused" — not timeout. This suggests kube-proxy iptables rules or CNI routing is broken for cross-namespace traffic. Correlates with recent terraform refactoring (commit `992faf3`) and NetworkPolicy modifications (commit `6f80d16`, March 27). **Potential fixes (need manual investigation on archbox):** 1. Restart kube-proxy: `kubectl rollout restart ds/kube-proxy -n kube-system` 2. Restart CoreDNS: `kubectl rollout restart deployment/coredns -n kube-system` 3. Force re-apply NetworkPolicies 4. Inspect iptables rules on node **This is likely the same root cause as pal-e-deployments k8s API unreachable — both are cross-namespace connectivity failures.**

forgejo_admin commented

2026-03-28 12:18:32 +00:00

Author

Owner

Scope Review: NEEDS_REFINEMENT

Review note: review-513-2026-03-27
Ticket conflates infrastructure diagnosis (cross-namespace networking) with frontend validation (4 merged PRs). Root cause is platform-level, not pal-e-app.

[DECOMPOSE] Split into 2 tickets: (1) platform networking fix in pal-e-platform (consolidate with board items #411, #512, #515), (2) pal-e-app frontend validation post-fix
[BODY] Missing ### Repo, ### Context, ### Checklist sections
[BODY] ACs 5-7 are redundant with ACs 1-4 -- remove
[LABEL] Add scope:blocked until networking is resolved
[SCOPE] Clarify: does this ticket own the networking fix, or only validation after fix?

Recommend decomposition via template-board or two focused issues.

## Scope Review: NEEDS_REFINEMENT Review note: `review-513-2026-03-27` Ticket conflates infrastructure diagnosis (cross-namespace networking) with frontend validation (4 merged PRs). Root cause is platform-level, not pal-e-app. - **[DECOMPOSE]** Split into 2 tickets: (1) platform networking fix in pal-e-platform (consolidate with board items #411, #512, #515), (2) pal-e-app frontend validation post-fix - **[BODY]** Missing `### Repo`, `### Context`, `### Checklist` sections - **[BODY]** ACs 5-7 are redundant with ACs 1-4 -- remove - **[LABEL]** Add `scope:blocked` until networking is resolved - **[SCOPE]** Clarify: does this ticket own the networking fix, or only validation after fix? Recommend decomposition via template-board or two focused issues.