diff --git a/CLAUDE.md b/CLAUDE.md index bca7592..f13354d 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -8,7 +8,7 @@ This is the GroomBook **agent skills repository** — it contains skill definiti ## Skills Overview -- **coding-standards** — Engineering quality bar: priority (correctness > clarity > maintainability > performance > elegance), PR discipline, test requirements, no-hardcoded-values rules, CalVer versioning, `ghcr.io` container registry policy. +- **coding-standards** — Engineering quality bar: priority (correctness > clarity > maintainability > performance > elegance), PR discipline, test requirements, no-hardcoded-values rules, CalVer versioning, `git.farh.net` container registry policy. - **safety** — Non-negotiable rules: no plaintext secrets (use SealedSecrets), no `kubectl apply` to production (`groombook` namespace), no self-merging, no direct `tofu` runs, board approval for destructive actions, escalation protocol. - **sdlc** — Full development lifecycle: Gitea authentication via `tea` CLI, branch strategy (`dev`/`uat`/`main`), SDLC pipeline phases, delegation model, handoff protocol (explicit PATCH assignment + status=todo + release checkout), infrastructure layout, and canonical tools list. diff --git a/skills/coding-standards/SKILL.md b/skills/coding-standards/SKILL.md index 49447cf..4191f00 100644 --- a/skills/coding-standards/SKILL.md +++ b/skills/coding-standards/SKILL.md @@ -55,7 +55,7 @@ All releases use CalVer (`YYYY.MMDD.PATCH`, e.g. `2026.0504.0`). No SemVer, no c ## Container images -Push to `ghcr.io` only. Never Docker Hub for first-party images. +Push to `git.farh.net` only. Never Docker Hub for first-party images. ## When uncertain diff --git a/skills/sdlc/SKILL.md b/skills/sdlc/SKILL.md index 8996c2f..af7dcfe 100644 --- a/skills/sdlc/SKILL.md +++ b/skills/sdlc/SKILL.md @@ -134,7 +134,7 @@ Leave `modelProfile` unset for anything requiring judgment, reasoning, or QA rev * **Dev:** namespace `groombook-dev`, FQDN `dev.groombook.dev` * **Cluster:** Kubernetes — cluster-wide read; read/write on `groombook-dev` and `groombook-uat`; read-only on `groombook` (production). * **Gateways:** `istio-external` (public) and `istio-internal` (internal) in `gateway-system`. -* **Container registry:** `ghcr.io/groombook/` only. +* **Container registry:** `git.farh.net/groombook/` only. ## Authentication @@ -148,7 +148,7 @@ Leave `modelProfile` unset for anything requiring judgment, reasoning, or QA rev **Stage 1 — CI (runs in each application repo):** - Triggered automatically on every merge to `main` - Builds and tags the Docker image: CalVer (`YYYY.MM.DD[.N]`), `latest`, and `sha-` -- Pushes tagged images to `ghcr.io/groombook/` +- Pushes tagged images to `git.farh.net/groombook/` - Creates a CalVer git tag in the source repo **Stage 2 — GitOps (Flux, managed externally):** @@ -183,7 +183,7 @@ These are the only acceptable choices — alternatives are policy violations: * **Cache / pub-sub:** DragonflyDB Operator — no Redis. * **Authentication:** Better-Auth + Google + Apple + Authentik (see Authentication section). Never build custom auth. * **Dependency updates:** Mend Renovate. **Dependabot is not used and will not be used.** Do not configure it. -* **Container registry:** `ghcr.io/groombook/` — no Docker Hub for first-party images. +* **Container registry:** `git.farh.net/groombook/` — no Docker Hub for first-party images. * **Browser automation:** the `playwright` MCP server (`http://playwright:8931/mcp`). Target dev only — never test production. If a task requires deviating from any of the above, treat it as a destructive action: stop, file an issue with rationale, request board approval.