8e4c88fd28
Step-1 gitea-mirror Job replaces the legacy one-shot create-empty-repo + git-push pattern with a single call to Gitea's native /repos/migrate API with mirror=true and mirror_interval=10m0s. Gitea now polls the upstream openova-io/openova repo on a 10-minute interval and replicates branches + tags into the local Sovereign Gitea automatically. Closes the "Sovereign drifts from upstream main forever after Day-2 cutover" bug — hit twice during the otech103 2026-05-04 overnight DoD session, requiring manual `git fetch` inside the Gitea pod for every chart rollout. Why /repos/migrate over the previous git push approach: - Gitea cannot convert a regular repo into a pull-mirror after creation (the mirror flag is set at create-time only). The migrate endpoint creates the repo AS a mirror in one shot. - The migrate endpoint accepts toggles for issues / pull-requests / wiki / labels / milestones / releases — we set them all to false so Gitea only replicates branches+tags, the only refs the Sovereign's Flux GitRepository needs. - Recurring sync is a Gitea-native capability; using it avoids a parallel CronJob (which would violate the "event-driven not cron" inviolable principle) or a long-poll sidecar (which would duplicate what Gitea already does). Idempotency: if the repo already exists from a prior cutover attempt, the script PATCHes mirror_interval to the desired value and POSTs to /mirror-sync to trigger an immediate refresh. Note that PATCH alone cannot convert a legacy non-mirror repo to a mirror — Sovereigns seeded by chart < 0.1.14 would need an operator-driven repo delete + re-migrate to retro-fit auto-sync, but new provisions take the migrate path automatically. Verification on the rendered ConfigMap: $ helm template smoke . # renders 16 docs cleanly $ bash tests/cutover-contract.sh # all 7 gates green $ sh -n <rendered-script> # POSIX shell syntax OK Chart bumped 0.1.13 → 0.1.14 (Chart.yaml + blueprint.yaml spec.version aligned per #817 invariant + slot 06a-bp-self-sovereign-cutover.yaml pin lockstep). Refs #870, #790. Co-authored-by: hatiyildiz <hatice.yildiz@openova.io> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
28 lines
1.1 KiB
YAML
28 lines
1.1 KiB
YAML
apiVersion: catalyst.openova.io/v1alpha1
|
|
kind: Blueprint
|
|
metadata:
|
|
name: bp-self-sovereign-cutover
|
|
labels:
|
|
catalyst.openova.io/section: pts-2-3-per-sovereign-supporting-services
|
|
spec:
|
|
version: 0.1.14
|
|
card:
|
|
title: self-sovereignty-cutover
|
|
summary: |
|
|
Post-handover Self-Sovereignty Cutover. After bp-gitea + bp-harbor
|
|
reach Ready, this Blueprint installs DORMANT on the new Sovereign.
|
|
The catalyst-api cutover endpoint (#792) stamps Jobs from the
|
|
eight PodSpec ConfigMaps shipped here and pivots EVERY upstream
|
|
reference (GitOps source, OCI HelmRepositories, container-registry
|
|
mirrors, catalyst-api repo env) to the local Sovereign — eliminating
|
|
runtime dependencies on github.com / ghcr.io / harbor.openova.io.
|
|
Trigger is operator-driven (admin-console button) or auto-fired
|
|
after the first successful operator login on the new Sovereign.
|
|
See ADR-0002 + issue #790 for the full tether map.
|
|
visibility: unlisted # mandatory infra, auto-installed by bootstrap kit
|
|
manifests:
|
|
chart: ./chart
|
|
depends:
|
|
- bp-gitea
|
|
- bp-harbor
|