mocode-software/meldestelle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup: remove unused GitHub Actions workflows and migrate PR Guard to Gitea

Browse Source 
Deleted unused `.github` workflows and configurations, including obsolete CI/CD pipelines and PR templates, which were no longer executed after the migration to Gitea. Migrated the `PR Guard` workflow for hardcoded version checks to `.gitea/workflows/pr-guard.yaml`. Verified functional workflows in Gitea (e.g., Docker publish). Documented changes and rationale in session logs.

Signed-off-by: Stefan Mogeritsch <stefan.mo.co@gmail.com>
This commit is contained in:
Stefan Mogeritsch 2026-03-09 13:03:57 +01:00
parent 23e08403f1
commit 4ae11e6668
12 changed files with 34 additions and 748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/workflows/pr-guard.yml → .gitea/workflows/pr-guard.yaml
View File

@ -1,9 +1,7 @@
name: PR Guard
on:
pull_request:
branches: [ "**" ]
jobs:
no-hardcoded-versions:
runs-on: ubuntu-latest

38
.github/markdown-link-check.json vendored
View File

@ -1,38 +0,0 @@
{
"ignorePatterns": [
{
"pattern": "^http://localhost"
},
{
"pattern": "^https://localhost"
},
{
"pattern": "^http://127.0.0.1"
},
{
"pattern": "^https://127.0.0.1"
},
{
"pattern": "^XXXX-filename\\.md$"
}
],
"replacementPatterns": [
{
"pattern": "^/",
"replacement": "{{BASEURL}}/"
}
],
"httpHeaders": [
{
"urls": ["https://github.com"],
"headers": {
"Accept": "text/html"
}
}
],
"timeout": "20s",
"retryOn429": true,
"retryCount": 3,
"fallbackRetryDelay": "30s",
"aliveStatusCodes": [200, 206]
}

15
.github/pull_request_template.md vendored
View File

@ -1,15 +0,0 @@
## Ziel
Kurze Beschreibung des Ziels/Problems und was dieser PR löst.
## Änderungen
-
## Prüfliste (Definition of Done)
- [ ] CI grün (Backend/Docs)
- [x] Doku-FrontMatter vorhanden und valide (`modul`, `status`, `summary`, optional `last_reviewed`, `review_cycle`, `yt_epic/yt_issues`)
- [ ] Links geprüft (CI LinkChecker läuft grün)
- [ ] Falls relevant: YouTrackKey im PRTitel/Commit enthalten (z. B. MP-7)
- [ ] Bei Architekturänderung: ADR aktualisiert und verlinkt
## Screenshots/Notizen (optional)
-

124
.github/workflows/ci-main.yml vendored
View File

@ -1,124 +0,0 @@
name: CI - Main Pipeline
permissions:
contents: read
concurrency:
group: ci-main-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
# ========================================
# 1. Docker SSoT (bleibt wie ist)
# ========================================
docker-ssot:
name: Docker SSoT Validation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Validate Docker SSoT (compat mode)
if: ${{ hashFiles('scripts/docker-versions-update.sh') != '' && hashFiles('scripts/generate-compose-files.sh') != '' && hashFiles('scripts/validate-docker-consistency.sh') != '' }}
run: |
bash scripts/docker-versions-update.sh sync
bash scripts/generate-compose-files.sh all development
bash scripts/validate-docker-consistency.sh all
- name: Validate Docker SSoT (envless mode)
if: ${{ hashFiles('scripts/generate-compose-files.sh') != '' && hashFiles('scripts/validate-docker-consistency.sh') != '' }}
run: |
DOCKER_SSOT_MODE=envless bash scripts/generate-compose-files.sh all development
DOCKER_SSOT_MODE=envless bash scripts/validate-docker-consistency.sh all
- name: Lint docker-compose (fallback)
if: ${{ hashFiles('scripts/validate-docker-consistency.sh') == '' }}
run: docker compose -f docker/docker-compose.yaml config
# ========================================
# 2. OpenAPI Validation (nur Lint)
# ========================================
validate-openapi:
name: Validate OpenAPI Specs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
- name: Install Spectral
run: npm install -g @stoplight/spectral-cli
- name: Validate OpenAPI
run: |
spectral lint backend/gateway/src/main/resources/openapi/documentation.yaml \
--ruleset .spectral.yaml \
--fail-severity error
# ========================================
# 3. Markdown Docs (nur kritische)
# ========================================
validate-docs:
name: Validate Essential Docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Lint Critical Markdown
uses: DavidAnson/markdownlint-cli2-action@v21
with:
globs: |
README.md
docs/README.md
docs/01_Architecture/adr/**/*.md
docs/02_Onboarding/Development/start-local.md
- name: Check Links in ADRs
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
config-file: '.github/markdown-link-check.json'
folder-path: 'docs/01_Architecture/adr/'
use-quiet-mode: 'yes'
# ========================================
# 4. Build & Test
# ========================================
build-test:
name: Build and Test
runs-on: ubuntu-latest
needs: [ docker-ssot, validate-openapi, validate-docs ]
steps:
- uses: actions/checkout@v6
- name: Setup JDK 25
uses: actions/setup-java@v5
with:
java-version: '25'
distribution: 'temurin'
cache: gradle
- name: Build
run: ./gradlew staticAnalysis build -x test
- name: Check Bundle Budgets
run: ./gradlew checkBundleBudget
- name: Test
run: ./gradlew test
- name: Upload OpenAPI Specs (Artifact)
uses: actions/upload-artifact@v5
with:
name: openapi-specs
path: docs/api/generated/*.json
retention-days: 30
continue-on-error: true

196
.github/workflows/deploy-proxmox.yml vendored
View File

@ -1,196 +0,0 @@
# ===================================================================
# GitHub Actions - Automatisches Deployment auf Proxmox-Server
# Meldestelle Project - CI/CD Pipeline
# ===================================================================
name: Deploy Proxmox (manual)
permissions:
contents: read
concurrency:
group: deploy-proxmox-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch: # Manueller Trigger
env:
DOCKER_COMPOSE_VERSION: "v2.20.0"
jobs:
# ===================================================================
# Build & Test
# ===================================================================
build-and-test:
runs-on: ubuntu-latest
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Set up JDK 25
uses: actions/setup-java@v5
with:
java-version: '25'
distribution: 'temurin'
- name: Cache Gradle dependencies
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Static Analysis
run: ./gradlew staticAnalysis --no-daemon || true
- name: Build (all)
run: ./gradlew build -x test --no-daemon
- name: Test (all)
run: ./gradlew test --no-daemon || true # Allow failure for now
# ===================================================================
# Deploy to Proxmox (nur bei main branch)
# ===================================================================
deploy:
needs: build-and-test
runs-on: ubuntu-latest
if: github.event_name == 'workflow_dispatch'
steps:
- name: Checkout Code
uses: actions/checkout@v6
- name: Setup SSH Key
uses: webfactory/ssh-agent@v0.8.0
with:
ssh-private-key: ${{ secrets.PROXMOX_SSH_PRIVATE_KEY }}
- name: Add Proxmox to known_hosts
run: |
ssh-keyscan -H ${{ secrets.PROXMOX_HOST }} >> ~/.ssh/known_hosts
- name: Deploy to Proxmox Server
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
run: |
ssh $PROXMOX_USER@$PROXMOX_HOST << 'ENDSSH'
set -e
# Navigate to deployment directory
cd ${{ secrets.DEPLOY_PATH }}
# Pull latest changes
echo "🔄 Pulling latest changes from GitHub..."
git fetch origin
git reset --hard origin/main
# Create backup of current environment
echo "💾 Creating backup..."
cp .env .env.backup.$(date +%Y%m%d_%H%M%S) || true
# Stop existing services
echo "🛑 Stopping existing services..."
docker compose --env-file docker/.env -f docker/docker-compose.yaml down || true
# Clean up old images (optional)
echo "🧹 Cleaning up old images..."
docker image prune -f || true
# Build new images
echo "🏗️ Building new images..."
docker compose --env-file docker/.env -f docker/docker-compose.yaml build
# Start infrastructure first
echo "🚀 Starting infrastructure..."
docker compose --env-file docker/.env -f docker/docker-compose.yaml up -d
# Wait for infrastructure to be ready
echo "⏳ Waiting for infrastructure..."
sleep 30
# Start services
echo "🚀 Starting services..."
# Start services (already included in main compose file)
docker compose --env-file docker/.env -f docker/docker-compose.yaml up -d
# Wait for services to be ready
echo "⏳ Waiting for services..."
sleep 30
# Start clients
echo "🚀 Starting clients..."
# Start clients (already included in main compose file)
docker compose --env-file docker/.env -f docker/docker-compose.yaml up -d
# Health check
echo "🏥 Running health checks..."
sleep 60
# Check service status
echo "📊 Service Status:"
docker compose --env-file docker/.env -f docker/docker-compose.yaml ps
# Check logs for errors
echo "📋 Recent logs:"
docker compose --env-file docker/.env -f docker/docker-compose.yaml logs --tail=50
echo "✅ Deployment completed successfully!"
ENDSSH
- name: Verify Deployment
env:
PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }}
PROXMOX_USER: ${{ secrets.PROXMOX_USER }}
run: |
echo "🔍 Verifying deployment..."
# Check if services are responding
ssh $PROXMOX_USER@$PROXMOX_HOST << 'ENDSSH'
# Check API Gateway health
curl -f http://localhost:8081/actuator/health || echo "❌ API Gateway health check failed"
# Check Consul
curl -f http://localhost:8500/v1/status/leader || echo "❌ Consul health check failed"
# Check Web-App
curl -f http://localhost:4000/health || echo "❌ Web-App health check failed"
# Check VNC
curl -f http://localhost:6080/ || echo "❌ VNC health check failed"
echo "✅ Health checks completed"
ENDSSH
# ===================================================================
# Notification (Optional)
# ===================================================================
notify:
needs: [build-and-test, deploy]
runs-on: ubuntu-latest
if: always()
steps:
- name: Notify Success
if: needs.deploy.result == 'success'
run: |
echo "✅ Deployment to Proxmox successful!"
echo "🌐 Web-App: https://meldestelle.yourdomain.com"
echo "🖥️ Desktop-VNC: https://vnc.meldestelle.yourdomain.com"
echo "🔗 API: https://api.meldestelle.yourdomain.com"
- name: Notify Failure
if: needs.deploy.result == 'failure'
run: |
echo "❌ Deployment to Proxmox failed!"
echo "Check the logs above for details."

57
.github/workflows/docs-kdoc-sync.yml vendored
View File

@ -1,57 +0,0 @@
name: KDoc → YouTrack KB Sync
permissions:
contents: read
concurrency:
group: kdoc-sync-${{ github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
inputs:
kb_root_title:
description: "Root-Titel der YouTrack KB (z. B. 'API & Entwicklerdoku')"
required: true
default: "API & Entwicklerdoku"
bc_root:
description: "Ordner unterhalb des KB-Roots für BCs (z. B. 'BCs')"
required: false
default: "BCs"
jobs:
kdoc-sync:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Setup JDK 25
uses: actions/setup-java@v5
with:
distribution: temurin
java-version: '25'
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v5
- name: Build Dokka (GFM)
run: |
./gradlew --no-daemon dokkaGfmAll || ./gradlew --no-daemon dokkaGfm
- name: Python deps for YouTrack sync
run: |
python -m pip install --upgrade pip
pip install requests pyyaml
- name: Sync KDoc Markdown to YouTrack KB
if: ${{ hashFiles('.junie/scripts/youtrack-sync-kb.py') != '' }}
env:
YT_URL: ${{ secrets.YT_URL }}
YT_TOKEN: ${{ secrets.YT_TOKEN }}
KB_ROOT_TITLE: ${{ github.event.inputs.kb_root_title }}
KB_BC_ROOT: ${{ github.event.inputs.bc_root }}
run: |
python .junie/scripts/youtrack-sync-kb.py --src build/dokka/gfm

229
.github/workflows/integration-tests.yml vendored
View File

@ -1,229 +0,0 @@
name: Integration Tests
permissions:
contents: read
concurrency:
group: integration-tests-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]
jobs:
integration-tests:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
keycloak_db: [postgres, dev-file]
env:
KEYCLOAK_VERSION: "26.4.2"
services:
postgres:
image: postgres:16-alpine
env:
POSTGRES_USER: meldestelle
POSTGRES_PASSWORD: meldestelle
POSTGRES_DB: meldestelle
ports:
- 5432:5432
options: >-
--health-cmd "pg_isready -U meldestelle -d $${POSTGRES_DB}"
--health-interval 10s
--health-timeout 5s
--health-retries 12
--health-start-period 20s
redis:
image: redis:7-alpine
ports:
- 6379:6379
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
zookeeper:
image: confluentinc/cp-zookeeper:7.5.0
env:
ZOOKEEPER_CLIENT_PORT: 2181
ports:
- 2181:2181
options: >-
--health-cmd "nc -z localhost 2181 || exit 1"
--health-interval 10s
--health-timeout 5s
--health-retries 3
--health-start-period 10s
kafka:
image: confluentinc/cp-kafka:7.5.0
env:
KAFKA_BROKER_ID: 1
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
ports:
- 9092:9092
options: >-
--health-cmd "kafka-topics --bootstrap-server localhost:9092 --list || exit 1"
--health-interval 10s
--health-timeout 5s
--health-retries 3
--health-start-period 30s
zipkin:
image: openzipkin/zipkin:2
ports:
- 9411:9411
options: >-
--health-cmd "wget -q -O - http://localhost:9411/health || exit 1"
--health-interval 10s
--health-timeout 5s
--health-retries 3
--health-start-period 10s
steps:
- uses: actions/checkout@v6
- name: Set up JDK 25
uses: actions/setup-java@v5
with:
java-version: 25
distribution: 'temurin'
cache: 'gradle'
- name: Setup Gradle (modern)
uses: gradle/actions/setup-gradle@v5
- name: Wait for Postgres to be ready (pg_isready in service network)
if: ${{ matrix.keycloak_db == 'postgres' }}
run: |
echo "Waiting for Postgres..."
for i in {1..40}; do
if docker run --rm --network ${{ job.services.postgres.network }} \
postgres:16-alpine pg_isready -h postgres -p 5432 -U meldestelle -d meldestelle; then
echo "Postgres is ready"; break; fi; echo -n "."; sleep 3; done
- name: Start Keycloak with Postgres (dev) and wait for readiness
if: ${{ matrix.keycloak_db == 'postgres' }}
run: |
set -euo pipefail
echo "Starting Keycloak (DB=postgres)..."
docker run -d --name keycloak \
--network ${{ job.services.postgres.network }} \
-p 8180:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-e KC_DB=postgres \
-e KC_DB_URL=jdbc:postgresql://postgres:5432/meldestelle \
-e KC_DB_USERNAME=meldestelle \
-e KC_DB_PASSWORD=meldestelle \
-e KC_HEALTH_ENABLED=true \
-e JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxRAMPercentage=60" \
quay.io/keycloak/keycloak:${{ env.KEYCLOAK_VERSION }} \
start-dev
echo "Giving Keycloak 30s to initialize..."; sleep 30
wait_for() {
local url="$1"; local label="$2"; local timeout="${3:-180}"; local interval="${4:-5}"
echo "Waiting for $label ($url) ..."
if ! timeout ${timeout}s bash -c 'until curl -fsS --output /dev/null '"$url"'; do echo -n "."; sleep '"$interval"'; done'; then
echo "\n[WAIT] Timeout on $url"
return 1
fi
echo "\n[WAIT] $label is up"
}
if ! wait_for http://localhost:8180/ "root" 180 5; then
docker logs --tail=200 keycloak || true
exit 1
fi
if ! wait_for http://localhost:8180/health "health" 180 5; then
echo "[INFO] /health nicht erreichbar versuche /q/health (Quarkus default)"
wait_for http://localhost:8180/q/health "q-health" 180 5 || true
fi
wait_for http://localhost:8180/health/ready "health-ready" 300 5 || true
wait_for http://localhost:8180/admin/master/console/ "admin-console" 300 5 || (docker logs --tail=400 keycloak && exit 1)
- name: Start Keycloak with dev-file (no Postgres) and wait for readiness
if: ${{ matrix.keycloak_db == 'dev-file' }}
run: |
set -euo pipefail
echo "Starting Keycloak (DB=dev-file, no Postgres)..."
docker run -d --name keycloak \
-p 8180:8080 \
-e KC_BOOTSTRAP_ADMIN_USERNAME=admin \
-e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \
-e KC_DB=dev-file \
-e KC_HEALTH_ENABLED=true \
-e JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxRAMPercentage=60" \
quay.io/keycloak/keycloak:${{ env.KEYCLOAK_VERSION }} \
start-dev
echo "Giving Keycloak 20s to initialize..."; sleep 20
wait_for() {
local url="$1"; local label="$2"; local timeout="${3:-180}"; local interval="${4:-5}"
echo "Waiting for $label ($url) ..."
if ! timeout ${timeout}s bash -c 'until curl -fsS --output /dev/null '"$url"'; do echo -n "."; sleep '"$interval"'; done'; then
echo "\n[WAIT] Timeout on $url"
return 1
fi
echo "\n[WAIT] $label is up"
}
if ! wait_for http://localhost:8180/ "root" 180 5; then
docker logs --tail=200 keycloak || true
exit 1
fi
if ! wait_for http://localhost:8180/health "health" 180 5; then
echo "[INFO] /health nicht erreichbar versuche /q/health (Quarkus default)"
wait_for http://localhost:8180/q/health "q-health" 180 5 || true
fi
wait_for http://localhost:8180/health/ready "health-ready" 300 5 || true
wait_for http://localhost:8180/admin/master/console/ "admin-console" 300 5 || (docker logs --tail=400 keycloak && exit 1)
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Static Analysis
run: ./gradlew staticAnalysis --no-daemon
- name: Run integration tests
run: ./gradlew integrationTest --no-daemon --parallel
env:
# Environment variables for Redis connection
REDIS_HOST: localhost
REDIS_PORT: 6379
# Keycloak base URL for integration tests (manual container)
KEYCLOAK_AUTH_SERVER_URL: http://localhost:8180
# Spring profile for integration tests
SPRING_PROFILES_ACTIVE: integration-test
- name: Upload test reports
uses: actions/upload-artifact@v5
if: always()
with:
name: integration-test-reports
path: |
**/build/reports/tests/integrationTest/
**/build/test-results/integrationTest/
retention-days: 7
- name: Dump service logs (Keycloak, Postgres)
if: always()
run: |
echo "=== Docker ps ===" && docker ps -a || true
echo "=== Keycloak logs (tail) ===" && docker logs --tail=400 keycloak || true
echo "=== Postgres logs (tail) ===" && docker logs --tail=200 $(docker ps -a --filter "name=postgres" --format "{{.ID}}") || true

25
.github/workflows/ssot-guard.yml vendored
View File

@ -1,25 +0,0 @@
name: Docker SSoT Guard (Minimal)
on:
push:
paths:
- 'docker/**'
- '.github/workflows/ssot-guard.yml'
pull_request:
paths:
- 'docker/**'
- '.github/workflows/ssot-guard.yml'
jobs:
check-compose-config:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# FIX: .env aus Example erstellen, damit Variablen da sind
- name: Create .env context
run: cp docker/.env.example docker/.env
# FIX: .yaml Extension nutzen (SSoT)
- name: Validate Docker Compose Config
run: docker compose --env-file docker/.env -f docker/docker-compose.yaml config

59
.github/workflows/youtrack-sync.yml vendored
View File

@ -1,59 +0,0 @@
name: YouTrack Sync (on merge)
permissions:
contents: read
id-token: write
concurrency:
group: youtrack-sync-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [ main ]
jobs:
notify:
runs-on: ubuntu-latest
# Secrets als Umgebungsvariablen für den Job verfügbar machen
env:
YT_URL: ${{ secrets.YT_URL }}
YT_TOKEN: ${{ secrets.YT_TOKEN }}
steps:
# WICHTIG: Checkout ist notwendig, damit "git log" funktioniert
- name: Checkout Code
uses: actions/checkout@v6
with:
fetch-depth: 0 # Notwendig, um die Commit-Historie für "git log" zu laden
- name: Comment to YouTrack Issue(s)
# Wir haben das problematische "if: ${{ secrets... }}" entfernt.
# Die Prüfung findet nun sicher im Shell-Skript statt.
run: |
set -euo pipefail
# 1. Prüfen, ob Secrets vorhanden sind (Shell-Ebene)
if [ -z "${YT_URL:-}" ] || [ -z "${YT_TOKEN:-}" ]; then
echo "Skipping: YT_URL or YT_TOKEN is not set."
exit 0
fi
# 2. Commit Message nach Issue-Keys durchsuchen
KEYS=$(git log -1 --pretty=%B | grep -o '[A-Z]\+-[0-9]\+' | sort -u || true)
if [ -z "$KEYS" ]; then
echo "No issue keys in last commit message. Skipping."
exit 0
fi
# 3. Kommentar an YouTrack senden
for ISSUE in $KEYS; do
MSG=$(printf 'PR/Commit gemergt: %s\nRepo: %s\nCommit: %s' "${{ github.event.head_commit.url }}" "${{ github.repository }}" "${{ github.sha }}")
echo "Posting comment to $ISSUE..."
curl -sS -X POST \
-H "Authorization: Bearer $YT_TOKEN" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"$YT_URL/api/issues/$ISSUE/comments" \
-d "{\"text\": \"$MSG\"}"
done

6
docs/07_Infrastructure/Zora_Infrastructure_Deployment_02-2026.md
View File

@ -13,9 +13,9 @@ owner: DevOps Engineer
* ✅ **Gitea Secrets Finalisierung:** Erstellen der Secrets
* `REGISTRY_TOKEN` und
* `REGISTRY_USER` im Repository „Meldestelle“ (Umgehung der `GITEA_`-Namenssperre).
*[ ] **Runner-Stabilisierung:**
* Prüfen des Systemd-Status von `act_runner` im Container `infra-runner`.
*[ ] Sicherstellen, dass der Status im Gitea-Interface von „Inaktiv“ auf „Aktiv“ springt.
*[x] **Runner-Stabilisierung:** _(verifiziert 2026-03-09: Screenshot bestätigt)_
* `act_runner` ist `active (running)` seit 06.03.2026, `enabled; preset: enabled`.
*[x] Status im Gitea-Interface: Runner ist **Aktiv** (läuft Tasks seit 06.03.2026).
*[ ] **Erster Test-Build:**
* Erstellen eines Test-Projekts und
* Push aus der IDEA auslösen und das Log-Streaming in Gitea Actions verfolgen.

31
docs/99_Journal/2026-03-09_Session_Log_Keycloak_Haertung.md
View File

@ -195,6 +195,37 @@ fachliche Implementierung war bereits vorhanden. Ein einziger kritischer Bug gef
Backend `@RequestParam` erwartet `?since=...` — Delta-Sync lieferte immer alle Daten.
- **Fix:** `url.parameters.append("lastSyncTimestamp", ...)``url.parameters.append("since", ...)`
## ✅ Gitea-Pipeline & Runner Analyse (2026-03-09, gleiche Session)
### Befund: Aktiver CI/CD-Kern
- `.gitea/workflows/docker-publish.yaml` ist der einzige aktiv ausgeführte Workflow — grün seit 06.03.2026.
- Matrix: 4 Services (`keycloak`, `api-gateway`, `ping-service`, `web-app`), `max-parallel: 1` (RAM-Schutz).
- Native `linux/arm64`-Builds auf VM 102 (`10.0.0.23`), Push in interne Registry `10.0.0.22:3000`.
### Verifiziert (Screenshot 2026-03-09_12-47)
- `insecure-registries: ["10.0.0.22:3000"]` permanent in `/etc/docker/daemon.json` gesetzt ✅
- `act_runner`: `active (running)` seit 06.03.2026, `enabled; preset: enabled`
- `systemctl is-enabled act_runner``enabled`
### Bereinigung `.github/`-Ordner
- **Problem:** 6 GitHub Actions Workflows in `.github/workflows/` — auf Gitea nie ausgeführt (toter Code).
- **Zusätzlich:** `ci-main.yml`, `deploy-proxmox.yml`, `ssot-guard.yml` referenzierten falschen Pfad
`docker/docker-compose.yaml`.
- **Fix:** `pr-guard.yml` (prüft hartcodierte Versionen in `build.gradle.kts`) nach `.gitea/workflows/pr-guard.yaml`
migriert.
- **Fix:** Gesamten `.github/`-Ordner gelöscht.
- `youtrack-sync.yml` war nicht aktiv und wurde mitgelöscht — kein Handlungsbedarf.
### Aktive Workflows nach Bereinigung
| Datei | Trigger | Zweck |
|----------------------------------------|--------------|------------------------------------------------|
| `.gitea/workflows/docker-publish.yaml` | Push `main` | Build & Push aller Docker-Images |
| `.gitea/workflows/pr-guard.yaml` | Pull Request | Prüft hartcodierte Versionen in Gradle-Dateien |
## 🔜 Nächste Schritte
- **TLS/HTTPS** — Langfristig: `KC_HOSTNAME_STRICT_HTTPS=true` setzen, sobald TLS eingerichtet ist.

BIN
docs/ScreenShots/gitea-runner_verifiziert_2026-03-09_12-47.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 119 KiB