diff --git a/.github/workflows/pr-guard.yml b/.gitea/workflows/pr-guard.yaml similarity index 99% rename from .github/workflows/pr-guard.yml rename to .gitea/workflows/pr-guard.yaml index 9f3f3876..871972ad 100644 --- a/.github/workflows/pr-guard.yml +++ b/.gitea/workflows/pr-guard.yaml @@ -1,9 +1,7 @@ name: PR Guard - on: pull_request: branches: [ "**" ] - jobs: no-hardcoded-versions: runs-on: ubuntu-latest diff --git a/.github/markdown-link-check.json b/.github/markdown-link-check.json deleted file mode 100644 index 9ad37bc7..00000000 --- a/.github/markdown-link-check.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "ignorePatterns": [ - { - "pattern": "^http://localhost" - }, - { - "pattern": "^https://localhost" - }, - { - "pattern": "^http://127.0.0.1" - }, - { - "pattern": "^https://127.0.0.1" - }, - { - "pattern": "^XXXX-filename\\.md$" - } - ], - "replacementPatterns": [ - { - "pattern": "^/", - "replacement": "{{BASEURL}}/" - } - ], - "httpHeaders": [ - { - "urls": ["https://github.com"], - "headers": { - "Accept": "text/html" - } - } - ], - "timeout": "20s", - "retryOn429": true, - "retryCount": 3, - "fallbackRetryDelay": "30s", - "aliveStatusCodes": [200, 206] -} diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md deleted file mode 100644 index ca0c940f..00000000 --- a/.github/pull_request_template.md +++ /dev/null @@ -1,15 +0,0 @@ -## Ziel -Kurze Beschreibung des Ziels/Problems und was dieser PR löst. - -## Änderungen -- - -## Prüfliste (Definition of Done) -- [ ] CI grün (Backend/Docs) -- [x] Doku-Front‑Matter vorhanden und valide (`modul`, `status`, `summary`, optional `last_reviewed`, `review_cycle`, `yt_epic/yt_issues`) -- [ ] Links geprüft (CI Link‑Checker läuft grün) -- [ ] Falls relevant: YouTrack‑Key im PR‑Titel/Commit enthalten (z. B. MP-7) -- [ ] Bei Architekturänderung: ADR aktualisiert und verlinkt - -## Screenshots/Notizen (optional) -- diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml deleted file mode 100644 index 709104f1..00000000 --- a/.github/workflows/ci-main.yml +++ /dev/null @@ -1,124 +0,0 @@ -name: CI - Main Pipeline - -permissions: - contents: read - -concurrency: - group: ci-main-${{ github.ref }} - cancel-in-progress: true - -on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main, develop ] - -jobs: - # ======================================== - # 1. Docker SSoT (bleibt wie ist) - # ======================================== - docker-ssot: - name: Docker SSoT Validation - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - - name: Validate Docker SSoT (compat mode) - if: ${{ hashFiles('scripts/docker-versions-update.sh') != '' && hashFiles('scripts/generate-compose-files.sh') != '' && hashFiles('scripts/validate-docker-consistency.sh') != '' }} - run: | - bash scripts/docker-versions-update.sh sync - bash scripts/generate-compose-files.sh all development - bash scripts/validate-docker-consistency.sh all - - - name: Validate Docker SSoT (envless mode) - if: ${{ hashFiles('scripts/generate-compose-files.sh') != '' && hashFiles('scripts/validate-docker-consistency.sh') != '' }} - run: | - DOCKER_SSOT_MODE=envless bash scripts/generate-compose-files.sh all development - DOCKER_SSOT_MODE=envless bash scripts/validate-docker-consistency.sh all - - - name: Lint docker-compose (fallback) - if: ${{ hashFiles('scripts/validate-docker-consistency.sh') == '' }} - run: docker compose -f docker/docker-compose.yaml config - - # ======================================== - # 2. OpenAPI Validation (nur Lint) - # ======================================== - validate-openapi: - name: Validate OpenAPI Specs - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - - name: Setup Node.js - uses: actions/setup-node@v6 - with: - node-version: '20' - - - name: Install Spectral - run: npm install -g @stoplight/spectral-cli - - - name: Validate OpenAPI - run: | - spectral lint backend/gateway/src/main/resources/openapi/documentation.yaml \ - --ruleset .spectral.yaml \ - --fail-severity error - - # ======================================== - # 3. Markdown Docs (nur kritische) - # ======================================== - validate-docs: - name: Validate Essential Docs - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v6 - - - name: Lint Critical Markdown - uses: DavidAnson/markdownlint-cli2-action@v21 - with: - globs: | - README.md - docs/README.md - docs/01_Architecture/adr/**/*.md - docs/02_Onboarding/Development/start-local.md - - - name: Check Links in ADRs - uses: gaurav-nelson/github-action-markdown-link-check@v1 - with: - config-file: '.github/markdown-link-check.json' - folder-path: 'docs/01_Architecture/adr/' - use-quiet-mode: 'yes' - - # ======================================== - # 4. Build & Test - # ======================================== - build-test: - name: Build and Test - runs-on: ubuntu-latest - needs: [ docker-ssot, validate-openapi, validate-docs ] - - steps: - - uses: actions/checkout@v6 - - - name: Setup JDK 25 - uses: actions/setup-java@v5 - with: - java-version: '25' - distribution: 'temurin' - cache: gradle - - - name: Build - run: ./gradlew staticAnalysis build -x test - - - name: Check Bundle Budgets - run: ./gradlew checkBundleBudget - - - name: Test - run: ./gradlew test - - - name: Upload OpenAPI Specs (Artifact) - uses: actions/upload-artifact@v5 - with: - name: openapi-specs - path: docs/api/generated/*.json - retention-days: 30 - continue-on-error: true diff --git a/.github/workflows/deploy-proxmox.yml b/.github/workflows/deploy-proxmox.yml deleted file mode 100644 index 4468917f..00000000 --- a/.github/workflows/deploy-proxmox.yml +++ /dev/null @@ -1,196 +0,0 @@ -# =================================================================== -# GitHub Actions - Automatisches Deployment auf Proxmox-Server -# Meldestelle Project - CI/CD Pipeline -# =================================================================== - -name: Deploy Proxmox (manual) - -permissions: - contents: read - -concurrency: - group: deploy-proxmox-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: # Manueller Trigger - -env: - DOCKER_COMPOSE_VERSION: "v2.20.0" - -jobs: - # =================================================================== - # Build & Test - # =================================================================== - build-and-test: - runs-on: ubuntu-latest - - steps: - - name: Checkout Code - uses: actions/checkout@v6 - - - name: Set up JDK 25 - uses: actions/setup-java@v5 - with: - java-version: '25' - distribution: 'temurin' - - - name: Cache Gradle dependencies - uses: actions/cache@v4 - with: - path: | - ~/.gradle/caches - ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - - name: Static Analysis - run: ./gradlew staticAnalysis --no-daemon || true - - - name: Build (all) - run: ./gradlew build -x test --no-daemon - - - name: Test (all) - run: ./gradlew test --no-daemon || true # Allow failure for now - - # =================================================================== - # Deploy to Proxmox (nur bei main branch) - # =================================================================== - deploy: - needs: build-and-test - runs-on: ubuntu-latest - if: github.event_name == 'workflow_dispatch' - - steps: - - name: Checkout Code - uses: actions/checkout@v6 - - - name: Setup SSH Key - uses: webfactory/ssh-agent@v0.8.0 - with: - ssh-private-key: ${{ secrets.PROXMOX_SSH_PRIVATE_KEY }} - - - name: Add Proxmox to known_hosts - run: | - ssh-keyscan -H ${{ secrets.PROXMOX_HOST }} >> ~/.ssh/known_hosts - - - name: Deploy to Proxmox Server - env: - PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} - PROXMOX_USER: ${{ secrets.PROXMOX_USER }} - DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }} - run: | - ssh $PROXMOX_USER@$PROXMOX_HOST << 'ENDSSH' - set -e - - # Navigate to deployment directory - cd ${{ secrets.DEPLOY_PATH }} - - # Pull latest changes - echo "🔄 Pulling latest changes from GitHub..." - git fetch origin - git reset --hard origin/main - - # Create backup of current environment - echo "💾 Creating backup..." - cp .env .env.backup.$(date +%Y%m%d_%H%M%S) || true - - # Stop existing services - echo "🛑 Stopping existing services..." - docker compose --env-file docker/.env -f docker/docker-compose.yaml down || true - - # Clean up old images (optional) - echo "🧹 Cleaning up old images..." - docker image prune -f || true - - # Build new images - echo "🏗️ Building new images..." - docker compose --env-file docker/.env -f docker/docker-compose.yaml build - - # Start infrastructure first - echo "🚀 Starting infrastructure..." - docker compose --env-file docker/.env -f docker/docker-compose.yaml up -d - - # Wait for infrastructure to be ready - echo "⏳ Waiting for infrastructure..." - sleep 30 - - # Start services - echo "🚀 Starting services..." - # Start services (already included in main compose file) - docker compose --env-file docker/.env -f docker/docker-compose.yaml up -d - - # Wait for services to be ready - echo "⏳ Waiting for services..." - sleep 30 - - # Start clients - echo "🚀 Starting clients..." - # Start clients (already included in main compose file) - docker compose --env-file docker/.env -f docker/docker-compose.yaml up -d - - # Health check - echo "🏥 Running health checks..." - sleep 60 - - # Check service status - echo "📊 Service Status:" - docker compose --env-file docker/.env -f docker/docker-compose.yaml ps - - # Check logs for errors - echo "📋 Recent logs:" - docker compose --env-file docker/.env -f docker/docker-compose.yaml logs --tail=50 - - echo "✅ Deployment completed successfully!" - ENDSSH - - - name: Verify Deployment - env: - PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} - PROXMOX_USER: ${{ secrets.PROXMOX_USER }} - run: | - echo "🔍 Verifying deployment..." - - # Check if services are responding - ssh $PROXMOX_USER@$PROXMOX_HOST << 'ENDSSH' - # Check API Gateway health - curl -f http://localhost:8081/actuator/health || echo "❌ API Gateway health check failed" - - # Check Consul - curl -f http://localhost:8500/v1/status/leader || echo "❌ Consul health check failed" - - # Check Web-App - curl -f http://localhost:4000/health || echo "❌ Web-App health check failed" - - # Check VNC - curl -f http://localhost:6080/ || echo "❌ VNC health check failed" - - echo "✅ Health checks completed" - ENDSSH - - # =================================================================== - # Notification (Optional) - # =================================================================== - notify: - needs: [build-and-test, deploy] - runs-on: ubuntu-latest - if: always() - - steps: - - name: Notify Success - if: needs.deploy.result == 'success' - run: | - echo "✅ Deployment to Proxmox successful!" - echo "🌐 Web-App: https://meldestelle.yourdomain.com" - echo "🖥️ Desktop-VNC: https://vnc.meldestelle.yourdomain.com" - echo "🔗 API: https://api.meldestelle.yourdomain.com" - - - name: Notify Failure - if: needs.deploy.result == 'failure' - run: | - echo "❌ Deployment to Proxmox failed!" - echo "Check the logs above for details." diff --git a/.github/workflows/docs-kdoc-sync.yml b/.github/workflows/docs-kdoc-sync.yml deleted file mode 100644 index a1ddabee..00000000 --- a/.github/workflows/docs-kdoc-sync.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: KDoc → YouTrack KB Sync - -permissions: - contents: read - -concurrency: - group: kdoc-sync-${{ github.ref }} - cancel-in-progress: true - -on: - workflow_dispatch: - inputs: - kb_root_title: - description: "Root-Titel der YouTrack KB (z. B. 'API & Entwicklerdoku')" - required: true - default: "API & Entwicklerdoku" - bc_root: - description: "Ordner unterhalb des KB-Roots für BCs (z. B. 'BCs')" - required: false - default: "BCs" - -jobs: - kdoc-sync: - runs-on: ubuntu-latest - permissions: - contents: read - steps: - - name: Checkout - uses: actions/checkout@v6 - - - name: Setup JDK 25 - uses: actions/setup-java@v5 - with: - distribution: temurin - java-version: '25' - - - name: Setup Gradle - uses: gradle/actions/setup-gradle@v5 - - - name: Build Dokka (GFM) - run: | - ./gradlew --no-daemon dokkaGfmAll || ./gradlew --no-daemon dokkaGfm - - - name: Python deps for YouTrack sync - run: | - python -m pip install --upgrade pip - pip install requests pyyaml - - - name: Sync KDoc Markdown to YouTrack KB - if: ${{ hashFiles('.junie/scripts/youtrack-sync-kb.py') != '' }} - env: - YT_URL: ${{ secrets.YT_URL }} - YT_TOKEN: ${{ secrets.YT_TOKEN }} - KB_ROOT_TITLE: ${{ github.event.inputs.kb_root_title }} - KB_BC_ROOT: ${{ github.event.inputs.bc_root }} - run: | - python .junie/scripts/youtrack-sync-kb.py --src build/dokka/gfm diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml deleted file mode 100644 index bb93adcf..00000000 --- a/.github/workflows/integration-tests.yml +++ /dev/null @@ -1,229 +0,0 @@ -name: Integration Tests - -permissions: - contents: read - -concurrency: - group: integration-tests-${{ github.ref }} - cancel-in-progress: true - -on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main, develop ] - -jobs: - integration-tests: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - keycloak_db: [postgres, dev-file] - env: - KEYCLOAK_VERSION: "26.4.2" - - services: - postgres: - image: postgres:16-alpine - env: - POSTGRES_USER: meldestelle - POSTGRES_PASSWORD: meldestelle - POSTGRES_DB: meldestelle - ports: - - 5432:5432 - options: >- - --health-cmd "pg_isready -U meldestelle -d $${POSTGRES_DB}" - --health-interval 10s - --health-timeout 5s - --health-retries 12 - --health-start-period 20s - - redis: - image: redis:7-alpine - ports: - - 6379:6379 - options: >- - --health-cmd "redis-cli ping" - --health-interval 10s - --health-timeout 5s - --health-retries 5 - - - zookeeper: - image: confluentinc/cp-zookeeper:7.5.0 - env: - ZOOKEEPER_CLIENT_PORT: 2181 - ports: - - 2181:2181 - options: >- - --health-cmd "nc -z localhost 2181 || exit 1" - --health-interval 10s - --health-timeout 5s - --health-retries 3 - --health-start-period 10s - - kafka: - image: confluentinc/cp-kafka:7.5.0 - env: - KAFKA_BROKER_ID: 1 - KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181 - KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://localhost:9092 - KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT - KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT - KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1 - ports: - - 9092:9092 - options: >- - --health-cmd "kafka-topics --bootstrap-server localhost:9092 --list || exit 1" - --health-interval 10s - --health-timeout 5s - --health-retries 3 - --health-start-period 30s - - zipkin: - image: openzipkin/zipkin:2 - ports: - - 9411:9411 - options: >- - --health-cmd "wget -q -O - http://localhost:9411/health || exit 1" - --health-interval 10s - --health-timeout 5s - --health-retries 3 - --health-start-period 10s - - steps: - - uses: actions/checkout@v6 - - - name: Set up JDK 25 - uses: actions/setup-java@v5 - with: - java-version: 25 - distribution: 'temurin' - cache: 'gradle' - - - name: Setup Gradle (modern) - uses: gradle/actions/setup-gradle@v5 - - - name: Wait for Postgres to be ready (pg_isready in service network) - if: ${{ matrix.keycloak_db == 'postgres' }} - run: | - echo "Waiting for Postgres..." - for i in {1..40}; do - if docker run --rm --network ${{ job.services.postgres.network }} \ - postgres:16-alpine pg_isready -h postgres -p 5432 -U meldestelle -d meldestelle; then - echo "Postgres is ready"; break; fi; echo -n "."; sleep 3; done - - - name: Start Keycloak with Postgres (dev) and wait for readiness - if: ${{ matrix.keycloak_db == 'postgres' }} - run: | - set -euo pipefail - echo "Starting Keycloak (DB=postgres)..." - docker run -d --name keycloak \ - --network ${{ job.services.postgres.network }} \ - -p 8180:8080 \ - -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ - -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ - -e KC_DB=postgres \ - -e KC_DB_URL=jdbc:postgresql://postgres:5432/meldestelle \ - -e KC_DB_USERNAME=meldestelle \ - -e KC_DB_PASSWORD=meldestelle \ - -e KC_HEALTH_ENABLED=true \ - -e JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxRAMPercentage=60" \ - quay.io/keycloak/keycloak:${{ env.KEYCLOAK_VERSION }} \ - start-dev - - echo "Giving Keycloak 30s to initialize..."; sleep 30 - - wait_for() { - local url="$1"; local label="$2"; local timeout="${3:-180}"; local interval="${4:-5}" - echo "Waiting for $label ($url) ..." - if ! timeout ${timeout}s bash -c 'until curl -fsS --output /dev/null '"$url"'; do echo -n "."; sleep '"$interval"'; done'; then - echo "\n[WAIT] Timeout on $url" - return 1 - fi - echo "\n[WAIT] $label is up" - } - - if ! wait_for http://localhost:8180/ "root" 180 5; then - docker logs --tail=200 keycloak || true - exit 1 - fi - if ! wait_for http://localhost:8180/health "health" 180 5; then - echo "[INFO] /health nicht erreichbar – versuche /q/health (Quarkus default)" - wait_for http://localhost:8180/q/health "q-health" 180 5 || true - fi - wait_for http://localhost:8180/health/ready "health-ready" 300 5 || true - wait_for http://localhost:8180/admin/master/console/ "admin-console" 300 5 || (docker logs --tail=400 keycloak && exit 1) - - - name: Start Keycloak with dev-file (no Postgres) and wait for readiness - if: ${{ matrix.keycloak_db == 'dev-file' }} - run: | - set -euo pipefail - echo "Starting Keycloak (DB=dev-file, no Postgres)..." - docker run -d --name keycloak \ - -p 8180:8080 \ - -e KC_BOOTSTRAP_ADMIN_USERNAME=admin \ - -e KC_BOOTSTRAP_ADMIN_PASSWORD=admin \ - -e KC_DB=dev-file \ - -e KC_HEALTH_ENABLED=true \ - -e JAVA_OPTS="-Xms256m -Xmx1024m -XX:MaxRAMPercentage=60" \ - quay.io/keycloak/keycloak:${{ env.KEYCLOAK_VERSION }} \ - start-dev - - echo "Giving Keycloak 20s to initialize..."; sleep 20 - - wait_for() { - local url="$1"; local label="$2"; local timeout="${3:-180}"; local interval="${4:-5}" - echo "Waiting for $label ($url) ..." - if ! timeout ${timeout}s bash -c 'until curl -fsS --output /dev/null '"$url"'; do echo -n "."; sleep '"$interval"'; done'; then - echo "\n[WAIT] Timeout on $url" - return 1 - fi - echo "\n[WAIT] $label is up" - } - - if ! wait_for http://localhost:8180/ "root" 180 5; then - docker logs --tail=200 keycloak || true - exit 1 - fi - if ! wait_for http://localhost:8180/health "health" 180 5; then - echo "[INFO] /health nicht erreichbar – versuche /q/health (Quarkus default)" - wait_for http://localhost:8180/q/health "q-health" 180 5 || true - fi - wait_for http://localhost:8180/health/ready "health-ready" 300 5 || true - wait_for http://localhost:8180/admin/master/console/ "admin-console" 300 5 || (docker logs --tail=400 keycloak && exit 1) - - - name: Grant execute permission for gradlew - run: chmod +x gradlew - - - name: Static Analysis - run: ./gradlew staticAnalysis --no-daemon - - - name: Run integration tests - run: ./gradlew integrationTest --no-daemon --parallel - env: - # Environment variables for Redis connection - REDIS_HOST: localhost - REDIS_PORT: 6379 - # Keycloak base URL for integration tests (manual container) - KEYCLOAK_AUTH_SERVER_URL: http://localhost:8180 - # Spring profile for integration tests - SPRING_PROFILES_ACTIVE: integration-test - - - name: Upload test reports - uses: actions/upload-artifact@v5 - if: always() - with: - name: integration-test-reports - path: | - **/build/reports/tests/integrationTest/ - **/build/test-results/integrationTest/ - retention-days: 7 - - - name: Dump service logs (Keycloak, Postgres) - if: always() - run: | - echo "=== Docker ps ===" && docker ps -a || true - echo "=== Keycloak logs (tail) ===" && docker logs --tail=400 keycloak || true - echo "=== Postgres logs (tail) ===" && docker logs --tail=200 $(docker ps -a --filter "name=postgres" --format "{{.ID}}") || true diff --git a/.github/workflows/ssot-guard.yml b/.github/workflows/ssot-guard.yml deleted file mode 100644 index 09ffc8e4..00000000 --- a/.github/workflows/ssot-guard.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Docker SSoT Guard (Minimal) - -on: - push: - paths: - - 'docker/**' - - '.github/workflows/ssot-guard.yml' - pull_request: - paths: - - 'docker/**' - - '.github/workflows/ssot-guard.yml' - -jobs: - check-compose-config: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - # FIX: .env aus Example erstellen, damit Variablen da sind - - name: Create .env context - run: cp docker/.env.example docker/.env - - # FIX: .yaml Extension nutzen (SSoT) - - name: Validate Docker Compose Config - run: docker compose --env-file docker/.env -f docker/docker-compose.yaml config diff --git a/.github/workflows/youtrack-sync.yml b/.github/workflows/youtrack-sync.yml deleted file mode 100644 index e4507b4f..00000000 --- a/.github/workflows/youtrack-sync.yml +++ /dev/null @@ -1,59 +0,0 @@ -name: YouTrack Sync (on merge) - -permissions: - contents: read - id-token: write - -concurrency: - group: youtrack-sync-${{ github.ref }} - cancel-in-progress: true -on: - push: - branches: [ main ] - -jobs: - notify: - runs-on: ubuntu-latest - - # Secrets als Umgebungsvariablen für den Job verfügbar machen - env: - YT_URL: ${{ secrets.YT_URL }} - YT_TOKEN: ${{ secrets.YT_TOKEN }} - - steps: - # WICHTIG: Checkout ist notwendig, damit "git log" funktioniert - - name: Checkout Code - uses: actions/checkout@v6 - with: - fetch-depth: 0 # Notwendig, um die Commit-Historie für "git log" zu laden - - - name: Comment to YouTrack Issue(s) - # Wir haben das problematische "if: ${{ secrets... }}" entfernt. - # Die Prüfung findet nun sicher im Shell-Skript statt. - run: | - set -euo pipefail - - # 1. Prüfen, ob Secrets vorhanden sind (Shell-Ebene) - if [ -z "${YT_URL:-}" ] || [ -z "${YT_TOKEN:-}" ]; then - echo "Skipping: YT_URL or YT_TOKEN is not set." - exit 0 - fi - - # 2. Commit Message nach Issue-Keys durchsuchen - KEYS=$(git log -1 --pretty=%B | grep -o '[A-Z]\+-[0-9]\+' | sort -u || true) - if [ -z "$KEYS" ]; then - echo "No issue keys in last commit message. Skipping." - exit 0 - fi - - # 3. Kommentar an YouTrack senden - for ISSUE in $KEYS; do - MSG=$(printf 'PR/Commit gemergt: %s\nRepo: %s\nCommit: %s' "${{ github.event.head_commit.url }}" "${{ github.repository }}" "${{ github.sha }}") - echo "Posting comment to $ISSUE..." - curl -sS -X POST \ - -H "Authorization: Bearer $YT_TOKEN" \ - -H "Accept: application/json" \ - -H "Content-Type: application/json" \ - "$YT_URL/api/issues/$ISSUE/comments" \ - -d "{\"text\": \"$MSG\"}" - done diff --git a/docs/07_Infrastructure/Zora_Infrastructure_Deployment_02-2026.md b/docs/07_Infrastructure/Zora_Infrastructure_Deployment_02-2026.md index 8d6f63b3..25beacd4 100644 --- a/docs/07_Infrastructure/Zora_Infrastructure_Deployment_02-2026.md +++ b/docs/07_Infrastructure/Zora_Infrastructure_Deployment_02-2026.md @@ -13,9 +13,9 @@ owner: DevOps Engineer * ✅ **Gitea Secrets Finalisierung:** Erstellen der Secrets * `REGISTRY_TOKEN` und * `REGISTRY_USER` im Repository „Meldestelle“ (Umgehung der `GITEA_`-Namenssperre). -*[ ] **Runner-Stabilisierung:** - * Prüfen des Systemd-Status von `act_runner` im Container `infra-runner`. -*[ ] Sicherstellen, dass der Status im Gitea-Interface von „Inaktiv“ auf „Aktiv“ springt. +*[x] **Runner-Stabilisierung:** _(verifiziert 2026-03-09: Screenshot bestätigt)_ + * `act_runner` ist `active (running)` seit 06.03.2026, `enabled; preset: enabled`. +*[x] Status im Gitea-Interface: Runner ist **Aktiv** (läuft Tasks seit 06.03.2026). *[ ] **Erster Test-Build:** * Erstellen eines Test-Projekts und * Push aus der IDEA auslösen und das Log-Streaming in Gitea Actions verfolgen. diff --git a/docs/99_Journal/2026-03-09_Session_Log_Keycloak_Haertung.md b/docs/99_Journal/2026-03-09_Session_Log_Keycloak_Haertung.md index e2c42d45..44546ae0 100644 --- a/docs/99_Journal/2026-03-09_Session_Log_Keycloak_Haertung.md +++ b/docs/99_Journal/2026-03-09_Session_Log_Keycloak_Haertung.md @@ -195,6 +195,37 @@ fachliche Implementierung war bereits vorhanden. Ein einziger kritischer Bug gef Backend `@RequestParam` erwartet `?since=...` — Delta-Sync lieferte immer alle Daten. - **Fix:** `url.parameters.append("lastSyncTimestamp", ...)` → `url.parameters.append("since", ...)` +## ✅ Gitea-Pipeline & Runner Analyse (2026-03-09, gleiche Session) + +### Befund: Aktiver CI/CD-Kern + +- `.gitea/workflows/docker-publish.yaml` ist der einzige aktiv ausgeführte Workflow — grün seit 06.03.2026. +- Matrix: 4 Services (`keycloak`, `api-gateway`, `ping-service`, `web-app`), `max-parallel: 1` (RAM-Schutz). +- Native `linux/arm64`-Builds auf VM 102 (`10.0.0.23`), Push in interne Registry `10.0.0.22:3000`. + +### Verifiziert (Screenshot 2026-03-09_12-47) + +- `insecure-registries: ["10.0.0.22:3000"]` permanent in `/etc/docker/daemon.json` gesetzt ✅ +- `act_runner`: `active (running)` seit 06.03.2026, `enabled; preset: enabled` ✅ +- `systemctl is-enabled act_runner` → `enabled` ✅ + +### Bereinigung `.github/`-Ordner + +- **Problem:** 6 GitHub Actions Workflows in `.github/workflows/` — auf Gitea nie ausgeführt (toter Code). +- **Zusätzlich:** `ci-main.yml`, `deploy-proxmox.yml`, `ssot-guard.yml` referenzierten falschen Pfad + `docker/docker-compose.yaml`. +- **Fix:** `pr-guard.yml` (prüft hartcodierte Versionen in `build.gradle.kts`) nach `.gitea/workflows/pr-guard.yaml` + migriert. +- **Fix:** Gesamten `.github/`-Ordner gelöscht. +- `youtrack-sync.yml` war nicht aktiv und wurde mitgelöscht — kein Handlungsbedarf. + +### Aktive Workflows nach Bereinigung + +| Datei | Trigger | Zweck | +|----------------------------------------|--------------|------------------------------------------------| +| `.gitea/workflows/docker-publish.yaml` | Push `main` | Build & Push aller Docker-Images | +| `.gitea/workflows/pr-guard.yaml` | Pull Request | Prüft hartcodierte Versionen in Gradle-Dateien | + ## 🔜 Nächste Schritte - **TLS/HTTPS** — Langfristig: `KC_HOSTNAME_STRICT_HTTPS=true` setzen, sobald TLS eingerichtet ist. diff --git a/docs/ScreenShots/gitea-runner_verifiziert_2026-03-09_12-47.png b/docs/ScreenShots/gitea-runner_verifiziert_2026-03-09_12-47.png new file mode 100644 index 00000000..62e9edbf Binary files /dev/null and b/docs/ScreenShots/gitea-runner_verifiziert_2026-03-09_12-47.png differ