- Rename charts/hightower → charts/trebuchet
- Update Chart.yaml name field to 'trebuchet'
- Rename all helm template helpers from 'hightower.*' to 'trebuchet.*'
- Update all template files to reference trebuchet helpers
- Update values.yaml credentials secret names to use trebuchet prefix
- Update helm-release.yml workflow to:
- Monitor charts/trebuchet/** path instead of charts/hightower/**
- Reference correct chart path in lint and package steps
- Remove GitHub Pages publishing (incompatible with Gitea)
- Add informative logging about chart artifact location
This completes the rename from Hightower to Trebuchet branding. The helm
chart is now properly named and the CI workflow is compatible with Gitea.
Ref: FAR-132
Gitea prefers .gitea/ISSUE_TEMPLATE/ and .gitea/workflows/ over the
GitHub-convention .github/ equivalents. Moves all issue templates and
workflow files to the Gitea-native paths and updates CLAUDE.md references.
Cosign certificate identity paths in release/rollback workflows are
intentionally left unchanged — they reference the signing identity from
prior workflow runs and will need a separate update when the CI signing
infrastructure migrates.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Even on Gitea 1.26 the auto-token still hits the registry with 401
in this environment. Use the gitea-admin PAT stored as REGISTRY_TOKEN.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Gitea 1.26 (PR #36173) honors permissions.packages: write on the
auto-provided GITEA_TOKEN, so the PAT workaround is no longer needed.
You can delete the REGISTRY_TOKEN org secret.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
REGISTRY_TOKEN was created under the gitea-admin user, so the
docker/helm registry username must match. Using github.actor
would fail for any other workflow-triggering user.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The auto-provided GITEA_TOKEN doesn't grant write:package scope
in Gitea 1.25 even when permissions.packages: write is declared.
Switch registry logins to a dedicated PAT stored as REGISTRY_TOKEN.
Keep GITEA_TOKEN for semantic-release-gitea API calls.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Move workflows to .gitea/workflows and adapt for git.farh.net:
- Push container images to git.farh.net instead of GHCR/Docker Hub
- Publish Helm chart as OCI artifact (no gh-pages, Gitea lacks Pages)
- Replace cosign keyless signing with key-based (COSIGN_PRIVATE_KEY/PASSWORD/PUBLIC_KEY)
- Swap @semantic-release/github for semantic-release-gitea
- Drop gh CLI from rollback workflow
- Use GITEA_TOKEN for registry auth and release creation
- Add Artifact Hub annotations to Chart.yaml
- Run on ubuntu-latest
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>