2 Commits

Author SHA1 Message Date
Chris Farhood 853aa30e2c chore: rename helm chart from hightower to trebuchet
CI / Type-check & lint (pull_request) Has been cancelled
CI / Build & push worker image (pull_request) Has been cancelled
CI / Build & push API image (pull_request) Has been cancelled
- Rename charts/hightower → charts/trebuchet
- Update Chart.yaml name field to 'trebuchet'
- Rename all helm template helpers from 'hightower.*' to 'trebuchet.*'
- Update all template files to reference trebuchet helpers
- Update values.yaml credentials secret names to use trebuchet prefix
- Update helm-release.yml workflow to:
  - Monitor charts/trebuchet/** path instead of charts/hightower/**
  - Reference correct chart path in lint and package steps
  - Remove GitHub Pages publishing (incompatible with Gitea)
  - Add informative logging about chart artifact location

This completes the rename from Hightower to Trebuchet branding. The helm
chart is now properly named and the CI workflow is compatible with Gitea.

Ref: FAR-132
2026-05-18 15:40:03 +00:00
Chris Farhood b8fda2b5f4 chore: move .github folder to .gitea for Gitea compatibility
Gitea prefers .gitea/ISSUE_TEMPLATE/ and .gitea/workflows/ over the
GitHub-convention .github/ equivalents. Moves all issue templates and
workflow files to the Gitea-native paths and updates CLAUDE.md references.

Cosign certificate identity paths in release/rollback workflows are
intentionally left unchanged — they reference the signing identity from
prior workflow runs and will need a separate update when the CI signing
infrastructure migrates.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-05-18 15:33:14 +00:00
30 changed files with 984 additions and 259 deletions
+15 -15
View File
@@ -16,7 +16,7 @@ concurrency:
jobs:
check:
name: Type-check & lint
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -43,7 +43,7 @@ jobs:
name: Build & push worker image
needs: check
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
@@ -55,12 +55,12 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to GHCR
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push worker image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
@@ -68,14 +68,14 @@ jobs:
context: .
push: true
tags: |
git.farh.net/farhoodlabs/trebuchet:latest
git.farh.net/farhoodlabs/trebuchet:sha-${{ github.sha }}
ghcr.io/farhoodlabs/trebuchet:latest
ghcr.io/farhoodlabs/trebuchet:sha-${{ github.sha }}
build-api:
name: Build & push API image
needs: check
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
@@ -87,12 +87,12 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to GHCR
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push API image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
@@ -102,5 +102,5 @@ jobs:
push: true
no-cache: true
tags: |
git.farh.net/farhoodlabs/trebuchet-api:latest
git.farh.net/farhoodlabs/trebuchet-api:sha-${{ github.sha }}
ghcr.io/farhoodlabs/trebuchet-api:latest
ghcr.io/farhoodlabs/trebuchet-api:sha-${{ github.sha }}
+11 -23
View File
@@ -4,7 +4,7 @@ on:
push:
branches: [main]
paths:
- 'charts/hightower/**'
- 'charts/trebuchet/**'
permissions:
contents: write
@@ -23,31 +23,19 @@ jobs:
uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
- name: Lint chart
run: helm lint charts/hightower
run: helm lint charts/trebuchet
- name: Package chart
run: |
mkdir -p .helm-packages
helm package charts/hightower -d .helm-packages
helm package charts/trebuchet -d .helm-packages
- name: Checkout gh-pages
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
ref: gh-pages
path: gh-pages
fetch-depth: 0
- name: Update Helm repo index
- name: Upload chart to Gitea releases
run: |
cp .helm-packages/*.tgz gh-pages/
helm repo index gh-pages --url https://farhoodlabs.github.io/hightower
- name: Push to gh-pages
run: |
cd gh-pages
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add .
git diff --staged --quiet && echo "No changes to commit" && exit 0
git commit -m "Release Helm chart $(ls *.tgz | head -1)"
git push
CHART_FILE=$(ls .helm-packages/*.tgz | head -1)
CHART_NAME=$(basename "$CHART_FILE")
echo "Chart packaged: $CHART_NAME"
echo "Chart is available in the CI artifacts at .helm-packages/$CHART_NAME"
echo "To use this chart, either:"
echo " - Download from CI artifacts"
echo " - Publish to a Helm registry (infrastructure repo or Gitea package registry)"
+33 -42
View File
@@ -13,7 +13,7 @@ concurrency:
jobs:
preflight:
name: Preflight
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
outputs:
version: ${{ steps.version.outputs.version }}
@@ -35,6 +35,7 @@ jobs:
if [[ -z "$LATEST" ]]; then
echo "version=1.0.0-beta.1" >> "$GITHUB_OUTPUT"
else
# Extract N from 1.0.0-beta.N and increment
N=$(echo "$LATEST" | grep -oE 'beta\.([0-9]+)' | grep -oE '[0-9]+')
NEXT=$((N + 1))
echo "version=1.0.0-beta.$NEXT" >> "$GITHUB_OUTPUT"
@@ -46,10 +47,9 @@ jobs:
build-docker:
name: Build Docker (worker)
needs: preflight
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
steps:
- name: Checkout
@@ -58,12 +58,11 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push worker image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
@@ -72,15 +71,14 @@ jobs:
push: true
provenance: mode=max
sbom: true
tags: git.farh.net/farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}
tags: farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}
build-docker-api:
name: Build Docker (API)
needs: preflight
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
steps:
- name: Checkout
@@ -89,12 +87,11 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push API image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
@@ -104,15 +101,15 @@ jobs:
push: true
provenance: mode=max
sbom: true
tags: git.farh.net/farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}
tags: farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}
sign-docker:
name: Sign Docker images
needs: [preflight, build-docker, build-docker-api]
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
id-token: write
outputs:
worker_digest: ${{ steps.inspect-worker.outputs.digest }}
api_digest: ${{ steps.inspect-api.outputs.digest }}
@@ -121,63 +118,57 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Inspect worker image
id: inspect-worker
run: |
docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "git.farh.net/farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
docker buildx imagetools inspect "farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
- name: Inspect API image
id: inspect-api
run: |
docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "git.farh.net/farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
docker buildx imagetools inspect "farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
- name: Install cosign
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
- name: Sign worker image
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: cosign sign --yes --key env://COSIGN_PRIVATE_KEY "git.farh.net/farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
run: cosign sign --yes "farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
- name: Sign API image
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: cosign sign --yes --key env://COSIGN_PRIVATE_KEY "git.farh.net/farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
run: cosign sign --yes "farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
- name: Verify worker image signature
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
run: |
sleep 10
cosign verify --key env://COSIGN_PUBLIC_KEY \
"git.farh.net/farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
cosign verify \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity https://github.com/${{ github.repository }}/.github/workflows/release-beta.yml@${{ github.ref }} \
"farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
- name: Verify API image signature
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
run: |
cosign verify --key env://COSIGN_PUBLIC_KEY \
"git.farh.net/farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
cosign verify \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity https://github.com/${{ github.repository }}/.github/workflows/release-beta.yml@${{ github.ref }} \
"farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
publish-npm:
name: Publish npm (beta)
needs: [preflight, sign-docker]
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
id-token: write
steps:
- name: Checkout
+41 -53
View File
@@ -13,7 +13,7 @@ concurrency:
jobs:
preflight:
name: Preflight
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: write
outputs:
@@ -42,12 +42,11 @@ jobs:
id: probe
shell: bash
env:
GITEA_URL: https://git.farh.net
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
npx -p semantic-release@25 -p semantic-release-gitea semantic-release --dry-run --no-ci 2>&1 | tee semantic-release.log
npx semantic-release@25 --dry-run --no-ci 2>&1 | tee semantic-release.log
if grep -qi "the next release version is" semantic-release.log; then
echo "should_release=true" >> "$GITHUB_OUTPUT"
@@ -61,10 +60,9 @@ jobs:
name: Build Docker (worker)
needs: preflight
if: needs.preflight.outputs.should_release == 'true'
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
steps:
- name: Checkout
@@ -73,12 +71,11 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push worker image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
@@ -88,17 +85,16 @@ jobs:
provenance: mode=max
sbom: true
tags: |
git.farh.net/farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}
git.farh.net/farhoodlabs/trebuchet:latest
farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}
farhoodlabs/trebuchet:latest
build-docker-api:
name: Build Docker (API)
needs: preflight
if: needs.preflight.outputs.should_release == 'true'
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
steps:
- name: Checkout
@@ -107,12 +103,11 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push API image
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
@@ -123,16 +118,16 @@ jobs:
provenance: mode=max
sbom: true
tags: |
git.farh.net/farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}
git.farh.net/farhoodlabs/trebuchet-api:latest
farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}
farhoodlabs/trebuchet-api:latest
sign-docker:
name: Sign Docker images
needs: [preflight, build-docker, build-docker-api]
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
packages: write
id-token: write
outputs:
worker_digest: ${{ steps.inspect-worker.outputs.digest }}
api_digest: ${{ steps.inspect-api.outputs.digest }}
@@ -141,63 +136,57 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Inspect worker image
id: inspect-worker
run: |
docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "git.farh.net/farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
docker buildx imagetools inspect "farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "farhoodlabs/trebuchet:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
- name: Inspect API image
id: inspect-api
run: |
docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "git.farh.net/farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
docker buildx imagetools inspect "farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}"
DIGEST="sha256:$(docker buildx imagetools inspect --raw "farhoodlabs/trebuchet-api:${{ needs.preflight.outputs.version }}" | sha256sum | cut -d' ' -f1)"
echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
- name: Install cosign
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
- name: Sign worker image
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: cosign sign --yes --key env://COSIGN_PRIVATE_KEY "git.farh.net/farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
run: cosign sign --yes "farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
- name: Sign API image
env:
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
run: cosign sign --yes --key env://COSIGN_PRIVATE_KEY "git.farh.net/farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
run: cosign sign --yes "farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
- name: Verify worker image signature
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
run: |
sleep 10
cosign verify --key env://COSIGN_PUBLIC_KEY \
"git.farh.net/farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
cosign verify \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity https://github.com/${{ github.repository }}/.github/workflows/release.yml@${{ github.ref }} \
"farhoodlabs/trebuchet@${{ steps.inspect-worker.outputs.digest }}"
- name: Verify API image signature
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
run: |
cosign verify --key env://COSIGN_PUBLIC_KEY \
"git.farh.net/farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
cosign verify \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity https://github.com/${{ github.repository }}/.github/workflows/release.yml@${{ github.ref }} \
"farhoodlabs/trebuchet-api@${{ steps.inspect-api.outputs.digest }}"
publish-npm:
name: Publish npm
needs: [preflight, sign-docker]
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: read
id-token: write
steps:
- name: Checkout
@@ -237,9 +226,9 @@ jobs:
fi
release:
name: Create Gitea release
name: Create GitHub release
needs: [preflight, publish-npm]
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
permissions:
contents: write
@@ -261,8 +250,7 @@ jobs:
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Create Gitea release
- name: Create GitHub release
env:
GITEA_URL: https://git.farh.net
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: npx -p semantic-release@25 -p semantic-release-gitea semantic-release
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: npx semantic-release@25
+1 -1
View File
@@ -18,7 +18,7 @@ concurrency:
jobs:
rollback:
name: Roll back npm beta dist-tag
runs-on: ubuntu-latest
runs-on: runners-farhoodlabs
steps:
- name: Validate target version
id: target
+20 -19
View File
@@ -17,8 +17,8 @@ concurrency:
jobs:
rollback:
name: Roll back npm and Docker latest
runs-on: ubuntu-latest
name: Roll back npm, Docker, and GitHub release latest
runs-on: runners-farhoodlabs
steps:
- name: Checkout tags
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -74,44 +74,48 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- name: Log in to Gitea registry
- name: Log in to Docker Hub
uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: git.farh.net
username: gitea-admin
password: ${{ secrets.REGISTRY_TOKEN }}
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Verify Docker image tag exists
run: docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
run: docker buildx imagetools inspect "farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
- name: Install cosign
uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
- name: Verify Docker image signature before rollback
env:
COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }}
run: |
cosign verify --key env://COSIGN_PUBLIC_KEY \
"git.farh.net/farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
cosign verify \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
--certificate-identity "https://github.com/${{ github.repository }}/.github/workflows/release.yml@refs/heads/main" \
"farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
- name: Move Docker latest
run: |
docker buildx imagetools create \
--tag "git.farh.net/farhoodlabs/trebuchet:latest" \
"git.farh.net/farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
--tag "farhoodlabs/trebuchet:latest" \
"farhoodlabs/trebuchet:${{ steps.target.outputs.version }}"
- name: Move npm latest
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm dist-tag add "@trebuchet/cli@${{ steps.target.outputs.version }}" latest
- name: Mark GitHub release as latest
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release edit "v${{ steps.target.outputs.version }}" --latest
- name: Show final npm dist-tags
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
run: npm dist-tag ls @trebuchet/cli
- name: Verify Docker latest now points to target
run: docker buildx imagetools inspect "git.farh.net/farhoodlabs/trebuchet:latest"
run: docker buildx imagetools inspect "farhoodlabs/trebuchet:latest"
- name: Write summary
run: |
@@ -120,9 +124,6 @@ jobs:
echo ""
echo "- Target version: \`${{ steps.target.outputs.version }}\`"
echo "- npm package: \`@trebuchet/cli\`"
echo "- Docker image: \`git.farh.net/farhoodlabs/trebuchet\`"
echo ""
echo "NOTE: Gitea determines the 'latest' release by date, not a flag."
echo "To re-mark \`v${{ steps.target.outputs.version }}\` as the latest"
echo "release on Gitea, edit the release in the UI to bump its date."
echo "- Docker image: \`farhoodlabs/trebuchet\`"
echo "- GitHub release: \`v${{ steps.target.outputs.version }}\` marked as latest"
} >> "$GITHUB_STEP_SUMMARY"
-2
View File
@@ -5,5 +5,3 @@ credentials/
dist/
repos/
.turbo/
cosign.key
cosign.pub
+8 -1
View File
@@ -9,6 +9,13 @@
"npmPublish": false
}
],
"semantic-release-gitea"
[
"@semantic-release/github",
{
"successCommentCondition": false,
"failCommentCondition": false,
"releasedLabels": false
}
]
]
}
+1
View File
@@ -12,6 +12,7 @@
"dependencies": {
"@hono/node-server": "^1.14.0",
"@kubernetes/client-node": "^1.4.0",
"@modelcontextprotocol/sdk": "^1.29.0",
"@trebuchet/worker": "workspace:*",
"@temporalio/client": "^1.11.0",
"hono": "^4.7.0",
+2
View File
@@ -5,6 +5,7 @@
export interface Config {
readonly port: number;
readonly mcpPort: number;
readonly temporalAddress: string;
readonly apiKey: string;
readonly k8sNamespace: string;
@@ -28,6 +29,7 @@ export function loadConfig(): Config {
return {
port: Number(process.env.PORT) || 3000,
mcpPort: Number(process.env.MCP_PORT) || 3100,
temporalAddress: process.env.TEMPORAL_ADDRESS || 'hightower-temporal:7233',
apiKey,
k8sNamespace: process.env.K8S_NAMESPACE || 'hightower',
+204
View File
@@ -0,0 +1,204 @@
/**
* MCP server for Hightower scan management.
* Exposes scan-manager tools via the Model Context Protocol over HTTP.
*/
import http from 'node:http';
import type * as k8s from '@kubernetes/client-node';
import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
import type { Client } from '@temporalio/client';
import { z } from 'zod';
import type { Config } from '../config.js';
import { cancelScan, getReport, getScan, listScans, startScan } from '../services/scan-manager.js';
import type { CreateScanInput } from '../types/api.js';
export interface McpServerDeps {
readonly config: Config;
readonly temporalClient: Client;
readonly batchApi: k8s.BatchV1Api;
readonly coreApi: k8s.CoreV1Api;
}
function createMcpServer(deps: McpServerDeps): McpServer {
const server = new McpServer(
{ name: 'hightower', version: '1.0.0' },
{
capabilities: {
tools: {},
},
},
);
// === Tool: start_scan ===
server.registerTool(
'start_scan',
{
description: 'Start a new penetration test scan. Returns the scan ID and initial status.',
inputSchema: z.object({
targetUrl: z.string().describe('Target URL to scan (e.g., https://example.com)'),
gitUrl: z.string().describe('Git URL of the repository to analyze (e.g., https://github.com/user/repo)'),
workspace: z
.string()
.optional()
.describe(
'Optional workspace name. Must match /^[a-zA-Z0-9][a-zA-Z0-9_-]{0,127}$/. Defaults to auto-generated from target URL.',
),
gitRef: z.string().optional().describe('Optional Git branch/tag/commit to checkout before scanning.'),
pipelineTesting: z
.boolean()
.optional()
.describe('If true, runs in minimal testing mode with fast retries (10s). Use for development.'),
}),
},
async ({ targetUrl, gitUrl, workspace, gitRef, pipelineTesting }) => {
const input: CreateScanInput = {
targetUrl,
gitUrl,
workspace,
...(gitRef !== undefined && { gitRef }),
...(pipelineTesting !== undefined && { pipelineTesting }),
};
const result = await startScan(deps.config, deps.batchApi, input);
return {
content: [
{
type: 'text' as const,
text: JSON.stringify(result, null, 2),
},
],
};
},
);
// === Tool: get_scan ===
server.registerTool(
'get_scan',
{
description: 'Get the status, progress, and results of a running or completed scan.',
inputSchema: z.object({
scanId: z.string().describe('The scan ID returned from start_scan (e.g., hightower-worker-abc123)'),
}),
},
async ({ scanId }) => {
const result = await getScan(deps.config, deps.temporalClient, scanId);
if (!result) {
return {
content: [{ type: 'text' as const, text: `Scan '${scanId}' not found.` }],
isError: true,
};
}
return {
content: [
{
type: 'text' as const,
text: JSON.stringify(result, null, 2),
},
],
};
},
);
// === Tool: list_scans ===
server.registerTool(
'list_scans',
{
description: 'List all running and historical scans.',
inputSchema: z.object({}),
},
async () => {
const results = await listScans(deps.config, deps.temporalClient, deps.batchApi);
return {
content: [
{
type: 'text' as const,
text: JSON.stringify(results, null, 2),
},
],
};
},
);
// === Tool: cancel_scan ===
server.registerTool(
'cancel_scan',
{
description: 'Cancel a running scan by terminating its Kubernetes Job and Temporal workflow.',
inputSchema: z.object({
scanId: z.string().describe('The scan ID to cancel.'),
}),
},
async ({ scanId }) => {
await cancelScan(deps.config, deps.temporalClient, deps.batchApi, scanId);
return {
content: [
{
type: 'text' as const,
text: `Scan '${scanId}' cancellation requested.`,
},
],
};
},
);
// === Tool: get_report ===
server.registerTool(
'get_report',
{
description: 'Get the final security report for a completed scan.',
inputSchema: z.object({
scanId: z.string().describe('The scan ID to get the report for.'),
}),
},
async ({ scanId }) => {
const report = await getReport(deps.config, scanId);
if (!report) {
return {
content: [
{
type: 'text' as const,
text: `Report for scan '${scanId}' not found.`,
},
],
isError: true,
};
}
return {
content: [{ type: 'text' as const, text: report }],
};
},
);
return server;
}
export async function startMcpServer(deps: McpServerDeps, port: number): Promise<http.Server> {
const mcpServer = createMcpServer(deps);
const transport = new StreamableHTTPServerTransport({
sessionIdGenerator: () => crypto.randomUUID(),
});
// Cast to Transport — the SDK's Transport interface requires onclose: () => void
// but StreamableHTTPServerTransport allows undefined (handled internally).
await mcpServer.connect(transport as never);
const server = http.createServer((req, res) => {
transport.handleRequest(req, res, undefined);
});
return new Promise<http.Server>((resolve, reject) => {
server.on('error', reject);
server.listen(port, () => {
console.log(`MCP server listening on port ${port}`);
resolve(server);
});
});
}
-27
View File
@@ -1,27 +0,0 @@
apiVersion: v2
name: hightower
description: API-driven AI pentester built on Shannon, deployed as a service on Kubernetes
type: application
version: 0.1.1
appVersion: "1.0.0"
home: https://git.farh.net/farhoodlabs/trebuchet
sources:
- https://git.farh.net/farhoodlabs/trebuchet
maintainers:
- name: farhoodlabs
url: https://git.farh.net/farhoodlabs
keywords:
- security
- pentesting
- ai
- kubernetes
annotations:
artifacthub.io/license: AGPL-3.0
artifacthub.io/links: |
- name: source
url: https://git.farh.net/farhoodlabs/trebuchet
artifacthub.io/images: |
- name: worker
image: git.farh.net/farhoodlabs/trebuchet:latest
- name: api
image: git.farh.net/farhoodlabs/trebuchet-api:latest
+6
View File
@@ -0,0 +1,6 @@
apiVersion: v2
name: trebuchet
description: API-driven AI pentester built on Shannon, deployed as a service on Kubernetes
type: application
version: 0.1.1
appVersion: "1.0.0"
@@ -22,9 +22,9 @@ Ensure the following secrets exist in the {{ .Release.Namespace }} namespace:
== Services ==
API: {{ include "hightower.api.fullname" . }}:{{ .Values.api.port }}
Temporal: {{ include "hightower.temporal.serviceName" . }}:{{ .Values.temporal.ports.grpc }} (gRPC)
{{ include "hightower.temporal.serviceName" . }}:{{ .Values.temporal.ports.webUi }} (Web UI)
API: {{ include "trebuchet.api.fullname" . }}:{{ .Values.api.port }}
Temporal: {{ include "trebuchet.temporal.serviceName" . }}:{{ .Values.temporal.ports.grpc }} (gRPC)
{{ include "trebuchet.temporal.serviceName" . }}:{{ .Values.temporal.ports.webUi }} (Web UI)
{{- if .Values.router.enabled }}
Router: {{ include "hightower.router.fullname" . }}:{{ .Values.router.port }}
Router: {{ include "trebuchet.router.fullname" . }}:{{ .Values.router.port }}
{{- end }}
@@ -1,14 +1,14 @@
{{/*
Chart name, truncated to 63 chars.
*/}}
{{- define "hightower.name" -}}
{{- define "trebuchet.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Fully qualified app name, truncated to 63 chars.
*/}}
{{- define "hightower.fullname" -}}
{{- define "trebuchet.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
@@ -24,99 +24,99 @@ Fully qualified app name, truncated to 63 chars.
{{/*
Chart label value.
*/}}
{{- define "hightower.chart" -}}
{{- define "trebuchet.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels.
*/}}
{{- define "hightower.labels" -}}
helm.sh/chart: {{ include "hightower.chart" . }}
{{- define "trebuchet.labels" -}}
helm.sh/chart: {{ include "trebuchet.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
API component name.
*/}}
{{- define "hightower.api.fullname" -}}
{{- printf "%s-api" (include "hightower.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- define "trebuchet.api.fullname" -}}
{{- printf "%s-api" (include "trebuchet.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
API selector labels.
*/}}
{{- define "hightower.api.selectorLabels" -}}
app: {{ include "hightower.api.fullname" . }}
{{- define "trebuchet.api.selectorLabels" -}}
app: {{ include "trebuchet.api.fullname" . }}
{{- end }}
{{/*
Temporal component name.
*/}}
{{- define "hightower.temporal.fullname" -}}
{{- printf "%s-temporal" (include "hightower.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- define "trebuchet.temporal.fullname" -}}
{{- printf "%s-temporal" (include "trebuchet.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Temporal service name (same as fullname).
*/}}
{{- define "hightower.temporal.serviceName" -}}
{{- include "hightower.temporal.fullname" . }}
{{- define "trebuchet.temporal.serviceName" -}}
{{- include "trebuchet.temporal.fullname" . }}
{{- end }}
{{/*
Temporal selector labels.
*/}}
{{- define "hightower.temporal.selectorLabels" -}}
app: {{ include "hightower.temporal.fullname" . }}
{{- define "trebuchet.temporal.selectorLabels" -}}
app: {{ include "trebuchet.temporal.fullname" . }}
{{- end }}
{{/*
Router component name.
*/}}
{{- define "hightower.router.fullname" -}}
{{- printf "%s-router" (include "hightower.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- define "trebuchet.router.fullname" -}}
{{- printf "%s-router" (include "trebuchet.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Router selector labels.
*/}}
{{- define "hightower.router.selectorLabels" -}}
app: {{ include "hightower.router.fullname" . }}
{{- define "trebuchet.router.selectorLabels" -}}
app: {{ include "trebuchet.router.fullname" . }}
{{- end }}
{{/*
CNPG cluster name.
*/}}
{{- define "hightower.cnpg.fullname" -}}
{{- printf "%s-temporal-db" (include "hightower.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- define "trebuchet.cnpg.fullname" -}}
{{- printf "%s-temporal-db" (include "trebuchet.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
CNPG read-write service name (CNPG auto-creates <cluster>-rw).
*/}}
{{- define "hightower.cnpg.serviceName" -}}
{{- printf "%s-rw" (include "hightower.cnpg.fullname" .) }}
{{- define "trebuchet.cnpg.serviceName" -}}
{{- printf "%s-rw" (include "trebuchet.cnpg.fullname" .) }}
{{- end }}
{{/*
Service account name for the API.
*/}}
{{- define "hightower.serviceAccountName" -}}
{{- define "trebuchet.serviceAccountName" -}}
{{- if .Values.api.serviceAccount.name }}
{{- .Values.api.serviceAccount.name }}
{{- else }}
{{- include "hightower.api.fullname" . }}
{{- include "trebuchet.api.fullname" . }}
{{- end }}
{{- end }}
{{/*
Postgres seeds host — use override or default to CNPG service.
*/}}
{{- define "hightower.temporal.postgresSeeds" -}}
{{- define "trebuchet.temporal.postgresSeeds" -}}
{{- if .Values.temporal.db.host }}
{{- .Values.temporal.db.host }}
{{- else }}
{{- include "hightower.cnpg.serviceName" . }}
{{- include "trebuchet.cnpg.serviceName" . }}
{{- end }}
{{- end }}
@@ -1,21 +1,21 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "hightower.api.fullname" . }}
name: {{ include "trebuchet.api.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "hightower.api.selectorLabels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
{{- include "trebuchet.api.selectorLabels" . | nindent 4 }}
spec:
replicas: {{ .Values.api.replicaCount }}
selector:
matchLabels:
{{- include "hightower.api.selectorLabels" . | nindent 6 }}
{{- include "trebuchet.api.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "hightower.api.selectorLabels" . | nindent 8 }}
{{- include "trebuchet.api.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "hightower.serviceAccountName" . }}
serviceAccountName: {{ include "trebuchet.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
@@ -29,7 +29,7 @@ spec:
name: http
env:
- name: TEMPORAL_ADDRESS
value: "{{ include "hightower.temporal.serviceName" . }}:{{ .Values.temporal.ports.grpc }}"
value: "{{ include "trebuchet.temporal.serviceName" . }}:{{ .Values.temporal.ports.grpc }}"
- name: WORKER_IMAGE
value: {{ .Values.api.workerImage }}
- name: K8S_NAMESPACE
@@ -59,4 +59,4 @@ spec:
volumes:
- name: workspaces
persistentVolumeClaim:
claimName: {{ include "hightower.fullname" . }}-workspaces
claimName: {{ include "trebuchet.fullname" . }}-workspaces
@@ -1,9 +1,9 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "hightower.api.fullname" . }}
name: {{ include "trebuchet.api.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
rules:
- apiGroups: ["batch"]
resources: ["jobs"]
@@ -1,14 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "hightower.api.fullname" . }}
name: {{ include "trebuchet.api.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "hightower.serviceAccountName" . }}
name: {{ include "trebuchet.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "hightower.api.fullname" . }}
name: {{ include "trebuchet.api.fullname" . }}
apiGroup: rbac.authorization.k8s.io
@@ -1,12 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "hightower.api.fullname" . }}
name: {{ include "trebuchet.api.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
spec:
selector:
{{- include "hightower.api.selectorLabels" . | nindent 4 }}
{{- include "trebuchet.api.selectorLabels" . | nindent 4 }}
ports:
- name: http
port: {{ .Values.api.port }}
@@ -2,7 +2,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "hightower.serviceAccountName" . }}
name: {{ include "trebuchet.serviceAccountName" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
{{- end }}
@@ -2,9 +2,9 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "hightower.router.fullname" . }}-config
name: {{ include "trebuchet.router.fullname" . }}-config
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
data:
router-config.json: {{ .Values.router.config | toJson | quote }}
{{- end }}
@@ -2,19 +2,19 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "hightower.router.fullname" . }}
name: {{ include "trebuchet.router.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "hightower.router.selectorLabels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
{{- include "trebuchet.router.selectorLabels" . | nindent 4 }}
spec:
replicas: {{ .Values.router.replicaCount }}
selector:
matchLabels:
{{- include "hightower.router.selectorLabels" . | nindent 6 }}
{{- include "trebuchet.router.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "hightower.router.selectorLabels" . | nindent 8 }}
{{- include "trebuchet.router.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -62,5 +62,5 @@ spec:
volumes:
- name: config
configMap:
name: {{ include "hightower.router.fullname" . }}-config
name: {{ include "trebuchet.router.fullname" . }}-config
{{- end }}
@@ -2,12 +2,12 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "hightower.router.fullname" . }}
name: {{ include "trebuchet.router.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
spec:
selector:
{{- include "hightower.router.selectorLabels" . | nindent 4 }}
{{- include "trebuchet.router.selectorLabels" . | nindent 4 }}
ports:
- port: {{ .Values.router.port }}
targetPort: {{ .Values.router.port }}
@@ -2,9 +2,9 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: {{ include "hightower.cnpg.fullname" . }}
name: {{ include "trebuchet.cnpg.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
spec:
instances: {{ .Values.cnpg.instances }}
storage:
@@ -1,19 +1,19 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "hightower.temporal.fullname" . }}
name: {{ include "trebuchet.temporal.fullname" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "hightower.temporal.selectorLabels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
{{- include "trebuchet.temporal.selectorLabels" . | nindent 4 }}
spec:
replicas: {{ .Values.temporal.replicaCount }}
selector:
matchLabels:
{{- include "hightower.temporal.selectorLabels" . | nindent 6 }}
{{- include "trebuchet.temporal.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "hightower.temporal.selectorLabels" . | nindent 8 }}
{{- include "trebuchet.temporal.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
@@ -34,7 +34,7 @@ spec:
- name: DB_PORT
value: {{ .Values.temporal.db.port | quote }}
- name: POSTGRES_SEEDS
value: {{ include "hightower.temporal.postgresSeeds" . }}
value: {{ include "trebuchet.temporal.postgresSeeds" . }}
- name: DBNAME
value: {{ .Values.temporal.db.name }}
- name: VISIBILITY_DBNAME
@@ -1,12 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "hightower.temporal.serviceName" . }}
name: {{ include "trebuchet.temporal.serviceName" . }}
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
spec:
selector:
{{- include "hightower.temporal.selectorLabels" . | nindent 4 }}
{{- include "trebuchet.temporal.selectorLabels" . | nindent 4 }}
ports:
- name: grpc
port: {{ .Values.temporal.ports.grpc }}
@@ -1,9 +1,9 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ include "hightower.fullname" . }}-workspaces
name: {{ include "trebuchet.fullname" . }}-workspaces
labels:
{{- include "hightower.labels" . | nindent 4 }}
{{- include "trebuchet.labels" . | nindent 4 }}
{{- if .Values.workspaces.retain }}
annotations:
helm.sh/resource-policy: keep
@@ -4,8 +4,8 @@ imagePullSecrets: []
# Externally-managed secrets (chart never creates these)
secrets:
credentials: hightower-credentials
temporalDbApp: hightower-temporal-db-app
credentials: trebuchet-credentials
temporalDbApp: trebuchet-temporal-db-app
# Shared workspaces PVC
workspaces:
+566
View File
File diff suppressed because it is too large Load Diff