From 208f76f9ccb7cf6486b378b4dc7376c63f7f2b07 Mon Sep 17 00:00:00 2001 From: vikingowl Date: Tue, 28 Apr 2026 17:11:35 +0200 Subject: [PATCH] =?UTF-8?q?docs(claude):=20refresh=20post-migration=20?= =?UTF-8?q?=E2=80=94=20somegit,=20Woodpecker,=20helm/marktvogt,=20Bun?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CLAUDE.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index d99c2d5..ffd3f82 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -10,7 +10,7 @@ All planning documents are in `planning/`. Read `17-roadmap.md` for the phased f ## Architecture -Monorepo at `gitlab.com/vikingowl/marktvogt.de`. Components are regular directories (not git submodules): +Monorepo at `somegit.dev/vikingowl/marktvogt.de`. Components are regular directories (not git submodules): - **`backend/`** — Go REST API + WebSocket (chat). PostgreSQL (+ PostGIS), Redis, S3 (self-hosted on itsh.dev). - **`web/`** — SvelteKit + Tailwind 4. SSR for SEO. Consumes the Go API. @@ -27,8 +27,8 @@ Monorepo at `gitlab.com/vikingowl/marktvogt.de`. Components are regular director | Auth | Custom (Go libs), E-Mail+PW / Magic Link / OAuth / 2FA | | Payments | Stripe Connect | | LLM | Google Gemini | -| CI/CD | GitLab CI (gitlab.com) — evaluation vs Woodpecker; sister project infinity-tales still on Woodpecker | -| Hosting | Kubernetes (itsh.dev) | +| CI/CD | Woodpecker (ci.somegit.dev) — `.gitlab-ci.yml` retained as fallback | +| Hosting | Kubernetes (itsh.dev), Helm chart at `helm/marktvogt/` | | Monitoring | Prometheus, Loki, Grafana, Sentry | ## Key Domain Concepts @@ -62,4 +62,12 @@ No MR/PR needed for this pattern — merge locally, push main directly. Project is in active development as of 2026-04-18. `backend/`, `web/`, and `app/` contain working code (Go API scaffolding + auth, SvelteKit pages, Flutter iOS/Android skeleton). Refer to `planning/17-roadmap.md` for feature sequencing and `planning/15-mvp.md` for current MVP scope. -Container registry is `registry.itsh.dev/vikingowl/marktvogt.de/{backend,web}` — a hosted Zot-backed registry that **requires attestations** on every pushed image. Builds must use buildx's `docker-container` driver (not the default `docker` driver). See `.gitlab-ci.yml` for the working pattern. +Container registry is `registry.itsh.dev/vikingowl/marktvogt.de/{backend,web}` — a hosted Zot-backed registry that **requires attestations** on every pushed image. CI builds via `woodpeckerci/plugin-docker-buildx` (handles attestations by default); see `.woodpecker/{backend,web}.yaml`. + +## Deployment + +Single Helm release `marktvogt` in namespace `tenant-2`, deployed from `helm/marktvogt/` (monolithic chart for both backend + web + Postgres + Dragonfly). CI deploys via `helm upgrade marktvogt --reuse-values --set-string .image.tag=...` (must use `--set-string` to avoid float coercion of all-digit SHAs). + +K8s Secrets are pre-created out-of-band by `scripts/k8s-secrets-sync.sh` reading from `.env.helm` (gitignored). CI no longer touches secret values. Web runs on the **Bun** runtime (`oven/bun:1-alpine`), backend on a CGO-disabled Go static binary. + +`kubectl exec` into pods is blocked by the cluster's `block-exec-non-gvisor` kyverno policy — use `kubectl port-forward svc/marktvogt-pg-rw 5432:5432` + `psql` for ad-hoc DB access. Tenant subdomains (e.g. `api.marktvogt.de`) must be explicitly added via the panel's "Eigene Domains" tab; subdomains aren't auto-allowed by `itsh.dev/allowed-hostnames`.