diff --git a/.claude/projects/-Users-Repositories-farhoodliquor-shannon/memory/MEMORY.md b/.claude/projects/-Users-Repositories-farhoodliquor-shannon/memory/MEMORY.md new file mode 100644 index 0000000..41d480f --- /dev/null +++ b/.claude/projects/-Users-Repositories-farhoodliquor-shannon/memory/MEMORY.md @@ -0,0 +1,3 @@ +# Memory Index + +- [reference_arc_runners.md](reference_arc_runners.md) — ARC self-hosted runners in farhoodliquor K8s cluster (`runners-farhoodliquor`) diff --git a/.claude/projects/-Users-Repositories-farhoodliquor-shannon/memory/reference_arc_runners.md b/.claude/projects/-Users-Repositories-farhoodliquor-shannon/memory/reference_arc_runners.md new file mode 100644 index 0000000..3c5674e --- /dev/null +++ b/.claude/projects/-Users-Repositories-farhoodliquor-shannon/memory/reference_arc_runners.md @@ -0,0 +1,9 @@ +--- +name: ARC self-hosted runners +description: farhoodliquor org has ARC runner scale set named "runners-farhoodliquor" in their K8s cluster for GitHub Actions CI/CD +type: reference +--- + +The farhoodliquor GitHub org has Actions Runner Controller (ARC) deployed in their K8s cluster with a runner scale set named `runners-farhoodliquor`. The ARC configuration lives in a separate repo (not in shannon). Shannon CI workflows should target these self-hosted runners instead of GitHub-hosted runners to avoid free-tier runner minute limits. + +**How to apply:** When modifying `.github/workflows/` files, use `runs-on: runners-farhoodliquor` instead of `runs-on: ubuntu-latest`. diff --git a/apps/api/infra/base/deployment.yaml b/apps/api/infra/base/deployment.yaml index 5612036..2b6cc74 100644 --- a/apps/api/infra/base/deployment.yaml +++ b/apps/api/infra/base/deployment.yaml @@ -1,24 +1,24 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: shannon-api + name: hightower-api namespace: shannon labels: - app: shannon-api + app: hightower-api spec: replicas: 1 selector: matchLabels: - app: shannon-api + app: hightower-api template: metadata: labels: - app: shannon-api + app: hightower-api spec: - serviceAccountName: shannon-api + serviceAccountName: hightower-api containers: - name: api - image: ghcr.io/farhoodliquor/shannon-api:latest + image: ghcr.io/farhoodliquor/hightower-api:latest ports: - containerPort: 3000 name: http @@ -31,7 +31,7 @@ spec: value: shannon envFrom: - secretRef: - name: shannon-credentials + name: hightower-credentials volumeMounts: - name: workspaces mountPath: /app/workspaces @@ -56,4 +56,4 @@ spec: volumes: - name: workspaces persistentVolumeClaim: - claimName: shannon-workspaces + claimName: hightower-workspaces diff --git a/apps/api/infra/base/rbac.yaml b/apps/api/infra/base/rbac.yaml index 05330f2..1f0e5d8 100644 --- a/apps/api/infra/base/rbac.yaml +++ b/apps/api/infra/base/rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: shannon-api + name: hightower-api namespace: shannon rules: - apiGroups: ["batch"] @@ -17,13 +17,13 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: shannon-api + name: hightower-api namespace: shannon subjects: - kind: ServiceAccount - name: shannon-api + name: hightower-api namespace: shannon roleRef: kind: Role - name: shannon-api + name: hightower-api apiGroup: rbac.authorization.k8s.io diff --git a/apps/api/infra/base/service.yaml b/apps/api/infra/base/service.yaml index bec4d79..3dece2e 100644 --- a/apps/api/infra/base/service.yaml +++ b/apps/api/infra/base/service.yaml @@ -1,11 +1,11 @@ apiVersion: v1 kind: Service metadata: - name: shannon-api + name: hightower-api namespace: shannon spec: selector: - app: shannon-api + app: hightower-api ports: - name: http port: 3000 diff --git a/apps/api/infra/base/serviceaccount.yaml b/apps/api/infra/base/serviceaccount.yaml index 07d0dc2..40e6173 100644 --- a/apps/api/infra/base/serviceaccount.yaml +++ b/apps/api/infra/base/serviceaccount.yaml @@ -1,5 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: shannon-api + name: hightower-api namespace: shannon diff --git a/apps/api/infra/overlays/dev/kustomization.yaml b/apps/api/infra/overlays/dev/kustomization.yaml index 0ffc74f..5f9a5ee 100644 --- a/apps/api/infra/overlays/dev/kustomization.yaml +++ b/apps/api/infra/overlays/dev/kustomization.yaml @@ -7,7 +7,7 @@ patches: apiVersion: apps/v1 kind: Deployment metadata: - name: shannon-api + name: hightower-api spec: template: spec: diff --git a/apps/api/src/config.ts b/apps/api/src/config.ts index e730354..ebd45b7 100644 --- a/apps/api/src/config.ts +++ b/apps/api/src/config.ts @@ -33,6 +33,6 @@ export function loadConfig(): Config { k8sNamespace: process.env.K8S_NAMESPACE || 'shannon', workerImage, workspacesDir: process.env.WORKSPACES_DIR || '/app/workspaces', - credentialsSecretName: process.env.CREDENTIALS_SECRET_NAME || 'shannon-credentials', + credentialsSecretName: process.env.CREDENTIALS_SECRET_NAME || 'hightower-credentials', }; } diff --git a/apps/api/src/services/job-builder.ts b/apps/api/src/services/job-builder.ts index 38b71d5..a6d03d4 100644 --- a/apps/api/src/services/job-builder.ts +++ b/apps/api/src/services/job-builder.ts @@ -21,7 +21,7 @@ export interface JobParams { readonly pipelineTesting?: boolean; } -const WORKER_LABEL = 'shannon-worker'; +const WORKER_LABEL = 'hightower-worker'; const REPO_MOUNT_PATH = '/repo'; export function buildJobSpec(params: JobParams): k8s.V1Job { @@ -36,7 +36,7 @@ export function buildJobSpec(params: JobParams): k8s.V1Job { // 2. Build volumes and mounts const volumes: k8s.V1Volume[] = [ - { name: 'workspaces', persistentVolumeClaim: { claimName: 'shannon-workspaces' } }, + { name: 'workspaces', persistentVolumeClaim: { claimName: 'hightower-workspaces' } }, { name: 'shm', emptyDir: { medium: 'Memory', sizeLimit: '2Gi' } }, ]; diff --git a/apps/api/src/services/job-manager.ts b/apps/api/src/services/job-manager.ts index 470841f..ec22915 100644 --- a/apps/api/src/services/job-manager.ts +++ b/apps/api/src/services/job-manager.ts @@ -4,7 +4,7 @@ import type * as k8s from '@kubernetes/client-node'; -const WORKER_LABEL = 'shannon-worker'; +const WORKER_LABEL = 'hightower-worker'; export async function createJob(batchApi: k8s.BatchV1Api, namespace: string, job: k8s.V1Job): Promise { await batchApi.createNamespacedJob({ namespace, body: job }); diff --git a/apps/api/src/services/scan-manager.ts b/apps/api/src/services/scan-manager.ts index 504cd76..c09ff3b 100644 --- a/apps/api/src/services/scan-manager.ts +++ b/apps/api/src/services/scan-manager.ts @@ -26,10 +26,10 @@ export async function startScan( ): Promise { const suffix = randomSuffix(); const taskQueue = `api-${suffix}`; - const jobName = `shannon-worker-${suffix}`; + const jobName = `hightower-worker-${suffix}`; const workspace = - input.workspace ?? `${new URL(input.targetUrl).hostname.replace(/[^a-zA-Z0-9-]/g, '-')}_shannon-${Date.now()}`; + input.workspace ?? `${new URL(input.targetUrl).hostname.replace(/[^a-zA-Z0-9-]/g, '-')}_hightower-${Date.now()}`; const job = buildJobSpec({ jobName, diff --git a/apps/cli/infra/k8s/router.yaml b/apps/cli/infra/k8s/router.yaml index 4a0e7b5..38251d9 100644 --- a/apps/cli/infra/k8s/router.yaml +++ b/apps/cli/infra/k8s/router.yaml @@ -31,7 +31,7 @@ spec: - containerPort: 3456 envFrom: - secretRef: - name: shannon-credentials + name: hightower-credentials env: - name: HOST value: "0.0.0.0" diff --git a/apps/cli/infra/k8s/workspaces-pvc.yaml b/apps/cli/infra/k8s/workspaces-pvc.yaml index e9fca9d..31b57cf 100644 --- a/apps/cli/infra/k8s/workspaces-pvc.yaml +++ b/apps/cli/infra/k8s/workspaces-pvc.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: shannon-workspaces + name: hightower-workspaces namespace: shannon spec: accessModes: diff --git a/apps/cli/src/k8s.ts b/apps/cli/src/k8s.ts index cc4fdc1..cb64792 100644 --- a/apps/cli/src/k8s.ts +++ b/apps/cli/src/k8s.ts @@ -20,7 +20,7 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url)); const NAMESPACE = 'shannon'; const NPX_IMAGE_REPO = 'keygraph/shannon'; const DEV_IMAGE = 'shannon-worker'; -const WORKER_LABEL = 'shannon-worker'; +const WORKER_LABEL = 'hightower-worker'; const K8S_MANIFESTS_DIR = path.resolve(__dirname, '..', 'infra', 'k8s'); // === K8s Client Setup === @@ -150,7 +150,7 @@ export class K8sOrchestrator implements Orchestrator { const volumes: k8s.V1Volume[] = [ { name: 'workspaces', - persistentVolumeClaim: { claimName: 'shannon-workspaces' }, + persistentVolumeClaim: { claimName: 'hightower-workspaces' }, }, { name: 'shm', @@ -230,7 +230,7 @@ export class K8sOrchestrator implements Orchestrator { command, args, env, - envFrom: [{ secretRef: { name: 'shannon-credentials' } }], + envFrom: [{ secretRef: { name: 'hightower-credentials' } }], volumeMounts, resources: { requests: { memory: '2Gi' }, @@ -314,7 +314,7 @@ export class K8sOrchestrator implements Orchestrator { volumeMounts.push({ name: volName, mountPath: dst }); volumes.push({ name: volName, - persistentVolumeClaim: { claimName: 'shannon-workspaces' }, + persistentVolumeClaim: { claimName: 'hightower-workspaces' }, }); } } @@ -397,7 +397,7 @@ export class K8sOrchestrator implements Orchestrator { apiVersion: 'v1', kind: 'Secret', metadata: { - name: 'shannon-credentials', + name: 'hightower-credentials', namespace: NAMESPACE, }, stringData, @@ -405,7 +405,7 @@ export class K8sOrchestrator implements Orchestrator { try { await this.coreApi.replaceNamespacedSecret({ - name: 'shannon-credentials', + name: 'hightower-credentials', namespace: NAMESPACE, body: secret, });