diff --git a/CLAUDE.md b/CLAUDE.md index d99c2d5..ffd3f82 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -10,7 +10,7 @@ All planning documents are in `planning/`. Read `17-roadmap.md` for the phased f ## Architecture -Monorepo at `gitlab.com/vikingowl/marktvogt.de`. Components are regular directories (not git submodules): +Monorepo at `somegit.dev/vikingowl/marktvogt.de`. Components are regular directories (not git submodules): - **`backend/`** — Go REST API + WebSocket (chat). PostgreSQL (+ PostGIS), Redis, S3 (self-hosted on itsh.dev). - **`web/`** — SvelteKit + Tailwind 4. SSR for SEO. Consumes the Go API. @@ -27,8 +27,8 @@ Monorepo at `gitlab.com/vikingowl/marktvogt.de`. Components are regular director | Auth | Custom (Go libs), E-Mail+PW / Magic Link / OAuth / 2FA | | Payments | Stripe Connect | | LLM | Google Gemini | -| CI/CD | GitLab CI (gitlab.com) — evaluation vs Woodpecker; sister project infinity-tales still on Woodpecker | -| Hosting | Kubernetes (itsh.dev) | +| CI/CD | Woodpecker (ci.somegit.dev) — `.gitlab-ci.yml` retained as fallback | +| Hosting | Kubernetes (itsh.dev), Helm chart at `helm/marktvogt/` | | Monitoring | Prometheus, Loki, Grafana, Sentry | ## Key Domain Concepts @@ -62,4 +62,12 @@ No MR/PR needed for this pattern — merge locally, push main directly. Project is in active development as of 2026-04-18. `backend/`, `web/`, and `app/` contain working code (Go API scaffolding + auth, SvelteKit pages, Flutter iOS/Android skeleton). Refer to `planning/17-roadmap.md` for feature sequencing and `planning/15-mvp.md` for current MVP scope. -Container registry is `registry.itsh.dev/vikingowl/marktvogt.de/{backend,web}` — a hosted Zot-backed registry that **requires attestations** on every pushed image. Builds must use buildx's `docker-container` driver (not the default `docker` driver). See `.gitlab-ci.yml` for the working pattern. +Container registry is `registry.itsh.dev/vikingowl/marktvogt.de/{backend,web}` — a hosted Zot-backed registry that **requires attestations** on every pushed image. CI builds via `woodpeckerci/plugin-docker-buildx` (handles attestations by default); see `.woodpecker/{backend,web}.yaml`. + +## Deployment + +Single Helm release `marktvogt` in namespace `tenant-2`, deployed from `helm/marktvogt/` (monolithic chart for both backend + web + Postgres + Dragonfly). CI deploys via `helm upgrade marktvogt --reuse-values --set-string .image.tag=...` (must use `--set-string` to avoid float coercion of all-digit SHAs). + +K8s Secrets are pre-created out-of-band by `scripts/k8s-secrets-sync.sh` reading from `.env.helm` (gitignored). CI no longer touches secret values. Web runs on the **Bun** runtime (`oven/bun:1-alpine`), backend on a CGO-disabled Go static binary. + +`kubectl exec` into pods is blocked by the cluster's `block-exec-non-gvisor` kyverno policy — use `kubectl port-forward svc/marktvogt-pg-rw 5432:5432` + `psql` for ad-hoc DB access. Tenant subdomains (e.g. `api.marktvogt.de`) must be explicitly added via the panel's "Eigene Domains" tab; subdomains aren't auto-allowed by `itsh.dev/allowed-hostnames`.