Fix CI pipeline and k8s manifests per service onboarding SOP #3

New issue

Closed

opened 2026-03-13 19:45:30 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented

2026-03-13 19:45:30 +00:00

Owner

Lineage

plan-2026-03-08-tryout-prep → Phase 6a (SvelteKit scaffold + Postgres + Tailscale funnel)

Repo

forgejo_admin/westside-app

User Story

As a platform operator
I want the CI pipeline and k8s manifests to follow the service onboarding SOP
So that builds succeed and ArgoCD Image Updater works correctly

Context

The initial scaffold used plugins/docker instead of kaniko, curly-brace tag syntax that conflicts with Woodpecker, missing kustomization.yaml, namespace in manifests, and no imagePullSecrets. These all violate SERVICE_ONBOARDING.md conventions and prevent successful deployment.

File Targets

Files to modify:

.woodpecker.yaml — fix plugin, tags, events, path exclude
k8s/deployment.yaml — remove namespace, add imagePullSecrets, merge Service
k8s/kustomization.yaml — create for ArgoCD Image Updater

Files to remove:

k8s/service.yaml — merged into deployment.yaml
k8s/ingress.yaml — terraform manages funnel

Acceptance Criteria

Woodpecker pipeline runs and builds image
Image pushed to Harbor with commit SHA tag
ArgoCD can sync the kustomize source

Test Expectations

Pipeline succeeds on push to main
Run command: trigger Woodpecker pipeline

Constraints

Must follow SERVICE_ONBOARDING.md exactly
Use kaniko plugin, not plugins/docker
Tags must use $CI_COMMIT_SHA without curly braces

Checklist

PR opened
Build succeeds
No unrelated changes

plan-2026-03-08-tryout-prep — Phase 6a
service-onboarding-sop

### Lineage `plan-2026-03-08-tryout-prep` → Phase 6a (SvelteKit scaffold + Postgres + Tailscale funnel) ### Repo `forgejo_admin/westside-app` ### User Story As a platform operator I want the CI pipeline and k8s manifests to follow the service onboarding SOP So that builds succeed and ArgoCD Image Updater works correctly ### Context The initial scaffold used plugins/docker instead of kaniko, curly-brace tag syntax that conflicts with Woodpecker, missing kustomization.yaml, namespace in manifests, and no imagePullSecrets. These all violate SERVICE_ONBOARDING.md conventions and prevent successful deployment. ### File Targets Files to modify: - `.woodpecker.yaml` — fix plugin, tags, events, path exclude - `k8s/deployment.yaml` — remove namespace, add imagePullSecrets, merge Service - `k8s/kustomization.yaml` — create for ArgoCD Image Updater Files to remove: - `k8s/service.yaml` — merged into deployment.yaml - `k8s/ingress.yaml` — terraform manages funnel ### Acceptance Criteria - [ ] Woodpecker pipeline runs and builds image - [ ] Image pushed to Harbor with commit SHA tag - [ ] ArgoCD can sync the kustomize source ### Test Expectations - [ ] Pipeline succeeds on push to main - Run command: trigger Woodpecker pipeline ### Constraints - Must follow SERVICE_ONBOARDING.md exactly - Use kaniko plugin, not plugins/docker - Tags must use $CI_COMMIT_SHA without curly braces ### Checklist - [ ] PR opened - [ ] Build succeeds - [ ] No unrelated changes ### Related - `plan-2026-03-08-tryout-prep` — Phase 6a - `service-onboarding-sop`