jedarden/miroir
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

P8: Finalize CI/CD templates, prod ArgoCD app, and CHANGELOG for v0.1.0

Browse source 
- miroir-ci: use cargo fmt --all, add pre-release detection for GitHub releases
- miroir-ci-smoke: fix secret ref to github-token
- miroir-release: rewrite github-release step with gh CLI, build binaries in
  release step, add pre-release flag and resource limits
- miroir-release-ready: fix serviceAccountName to argo-workflow
- miroir-application.yaml: switch prod to Redis backend, 4 Meilisearch replicas
- redis.rs: remove unused conn() helper
- CHANGELOG: date 0.1.0 release, add missing release/prod entries

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
jedarden 2026-04-19 15:09:14 -04:00
parent dcab90d2c9
commit ffe1d63d58
9 changed files with 109 additions and 59 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
.beads/issues.jsonl
View file

File diff suppressed because one or more lines are too long

2
.needle-predispatch-sha
View file

@ -1 +1 @@
8498d85e587edc35d15cae28d6d10c064c8ab324
dcab90d2c99b99025a82c410deb10a2fd3db83ad

7
CHANGELOG.md
View file

@ -13,7 +13,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
### Fixed
### Security
## [0.1.0] - TBD
## [0.1.0] - 2026-04-19
### Added
- Initial release.
@ -22,6 +22,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/).
- `values.schema.json` rejects incompatible configs: SQLite with HA, HPA without Redis, local rate limits in multi-replica, scoped key rotation >= max age.
- Argo WorkflowTemplate `miroir-ci`: checkout → lint → test → musl build → Kaniko push (tag-gated) → GitHub release (tag-gated).
- Argo WorkflowTemplate `miroir-ci-smoke`: quick lint+test on push.
- ArgoCD Application `miroir-dev-ardenone-cluster` deployed to ardenone-cluster.
- Argo WorkflowTemplate `miroir-release`: release-ready gate → Kaniko build → Helm chart publish → GitHub release with binaries.
- Argo WorkflowTemplate `miroir-release-ready`: PR validation gate checking version consistency.
- ArgoCD Application `miroir-dev-ardenone-cluster` (1 replica, SQLite, dev defaults).
- ArgoCD Application `miroir-ardenone-cluster` (2 replicas, Redis, Meilisearch HA).
- `scripts/bump-version.sh` for coordinated Cargo.toml + Chart.yaml version bumps.
- `scripts/release-ready-check.sh` validates version consistency across Cargo.toml, Chart.yaml, CHANGELOG.md.

4
crates/miroir-core/src/task_store/redis.rs
View file

@ -62,10 +62,6 @@ impl RedisPool {
.map_err(|e| MiroirError::Redis(e.to_string()))
}
/// Get a connection from the pool.
async fn conn(&self) -> tokio::sync::MutexGuard<'_, ConnectionManager> {
self.manager.lock().await
}
/// Block on an async future using the dedicated runtime.
/// If we're already inside a tokio runtime (e.g., in tests), spawn a thread

2
k8s/argo-workflows/miroir-ci-smoke.yaml
View file

@ -43,7 +43,7 @@ spec:
- name: GH_TOKEN
valueFrom:
secretKeyRef:
name: github-webhook-secret
name: github-token
key: token
resources:
requests:

9
k8s/argo-workflows/miroir-ci.yaml
View file

@ -95,7 +95,7 @@ spec:
apt-get update -qq && apt-get install -y -qq pkg-config libssl-dev >/dev/null 2>&1
cd /workspace/src
export CARGO_TARGET_DIR=/workspace/target-lint
cargo fmt --check
cargo fmt --all -- --check
cargo clippy --all-targets -- -D warnings
volumeMounts:
- name: workspace
@ -250,10 +250,17 @@ spec:
exit 0
fi
# Pre-release detection: tags like vX.Y.Z-rc.N, vX.Y.Z-beta.1, etc.
PRERELEASE_FLAG=""
if echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+[-+]'; then
PRERELEASE_FLAG="--prerelease"
fi
gh release create "${TAG}" \
--repo jedarden/miroir \
--title "miroir ${TAG}" \
--notes "${NOTES}" \
${PRERELEASE_FLAG} \
--target "{{workflow.parameters.revision}}" \
/workspace/dist/miroir-proxy-linux-amd64 \
/workspace/dist/miroir-proxy-linux-amd64.sha256 \

2
k8s/argo-workflows/miroir-release-ready.yaml
View file

@ -15,7 +15,7 @@ metadata:
workflows.argoproj.io/description: "PR gate: ensure version fields are consistent"
spec:
entrypoint: check
serviceAccountName: argo-runner
serviceAccountName: argo-workflow
arguments:
parameters:
- name: sha

92
k8s/argo-workflows/miroir-release.yaml
View file

@ -146,7 +146,7 @@ spec:
apk add --no-cache git
# Clone and checkout the release tag
git clone https://github.com/jedarden/miroir.git /src
git clone https://x-access-token:${GITHUB_TOKEN}@github.com/jedarden/miroir.git /src
cd /src
git checkout "$TAG"
@ -192,38 +192,78 @@ spec:
inputs:
parameters:
- name: tag
script:
image: alpine:latest
command: [sh]
source: |
set -e
apk add --no-cache curl git
container:
image: ghcr.io/cli/cli:2.49.0
command: [sh, -c]
args:
- |
set -e
TAG="{{inputs.parameters.tag}}"
VER="${TAG#v}"
TAG="{{inputs.parameters.tag}}"
VERSION="${TAG#v}"
IS_PRERELEASE=$(echo "$VERSION" | grep -qE '^[0-9]+\.[0-9]+\.[0-9]+$' && echo false || echo true)
git clone --depth 1 --branch "$TAG" https://github.com/jedarden/miroir.git /src
cd /src
git clone --depth 1 --branch "$TAG" https://github.com/jedarden/miroir.git /src
cd /src
# Extract release notes from CHANGELOG.md
NOTES=$(awk -v ver="$VER" '
found && /^## \[/ { exit }
$0 ~ ("^## \\[" ver "\\]") { found=1; next }
found { print }
' CHANGELOG.md)
# Extract release notes from CHANGELOG.md using plan §7 awk script
NOTES=$(awk "/^## \[${VERSION}\]/{found=1; next} found && /^## /{exit} found{print}" CHANGELOG.md)
if [ -z "$NOTES" ]; then
NOTES="Release ${TAG}"
fi
if [ -z "$NOTES" ]; then
NOTES="See CHANGELOG.md for details."
fi
# Skip if release already exists
if gh release view "${TAG}" --repo jedarden/miroir >/dev/null 2>&1; then
echo "Release ${TAG} already exists, skipping."
exit 0
fi
# Create GitHub release via API
curl -sf -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: application/json" \
https://api.github.com/repos/jedarden/miroir/releases \
-d "$(printf '{"tag_name":"%s","name":"miroir %s","body":%s,"prerelease":%s,"draft":false}' \
"$TAG" "$TAG" "$(echo "$NOTES" | python3 -c 'import json,sys; print(json.dumps(sys.stdin.read()))')" \
"$IS_PRERELEASE")"
# Pre-release detection
PRERELEASE_FLAG=""
if echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+[-+]'; then
PRERELEASE_FLAG="--prerelease"
fi
# Build binaries for release assets
apk add --no-cache musl-dev gcc 2>/dev/null || true
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
. "$HOME/.cargo/env"
rustup target add x86_64-unknown-linux-musl
cargo build --release --target x86_64-unknown-linux-musl -p miroir-proxy -p miroir-ctl
strip -s target/x86_64-unknown-linux-musl/release/miroir-proxy
strip -s target/x86_64-unknown-linux-musl/release/miroir-ctl
cp target/x86_64-unknown-linux-musl/release/miroir-proxy miroir-proxy-linux-amd64
cp target/x86_64-unknown-linux-musl/release/miroir-ctl miroir-ctl-linux-amd64
sha256sum miroir-proxy-linux-amd64 > miroir-proxy-linux-amd64.sha256
sha256sum miroir-ctl-linux-amd64 > miroir-ctl-linux-amd64.sha256
gh release create "${TAG}" \
--repo jedarden/miroir \
--title "miroir ${TAG}" \
--notes "${NOTES}" \
${PRERELEASE_FLAG} \
--target "$TAG" \
miroir-proxy-linux-amd64 \
miroir-proxy-linux-amd64.sha256 \
miroir-ctl-linux-amd64 \
miroir-ctl-linux-amd64.sha256
echo "Release ${TAG} created successfully."
env:
- name: GITHUB_TOKEN
- name: GH_TOKEN
valueFrom:
secretKeyRef:
name: github-token
key: token
resources:
requests:
cpu: 2000m
memory: 4Gi
limits:
cpu: 4000m
memory: 8Gi

8
k8s/argocd/miroir-application.yaml
View file

@ -41,11 +41,11 @@ spec:
cpu: 250m
memory: 512Mi
taskStore:
backend: sqlite
path: /data/miroir-tasks.db
backend: redis
url: redis://miroir-redis.miroir.svc.cluster.local:6379
meilisearch:
enabled: true
replicas: 2
replicas: 4
nodesPerGroup: 2
persistence:
enabled: true
@ -58,7 +58,7 @@ spec:
cpu: 250m
memory: 512Mi
redis:
enabled: false
enabled: true
serviceMonitor:
enabled: true
interval: 30s