Commit graph

5 commits

Author SHA1 Message Date
jedarden
ac18a06995 docs(pdftract-49f8): finalize Cargo.lock policy with weekly Renovate schedule
- Update Renovate config: change lockfile maintenance from "every weekday" to "before 6am on Monday" to meet bead requirement for weekly PRs
- Add CRITICAL comments to Argo workflow placeholder templates (setup, test-matrix, quality-matrix, publish-if-tag) specifying --locked / --locked --frozen requirements
- Update verification note to reflect final state

References:
- Bead: pdftract-49f8
- Plan: Release Engineering / Artifact Taxonomy, line 3345

Co-Authored-By: Claude Code <noreply@anthropic.com>
2026-05-20 18:22:03 -04:00
jedarden
02488a354c fix(pdftract-2t9): update regression-corpus step image and secret
Changes:
- Use pdftract-test-glibc:1.78 image (has aws/b2 CLI preinstalled)
- Use b2-readonly secret instead of armor-secrets
- Update env var names to ARMOR_ACCESS_KEY_ID/ARMOR_SECRET_ACCESS_KEY
- Remove apt-get install step (tools already in image)

The cer-diff tool was already implemented in a previous commit.
This commit fixes the image and secret references per the bead spec.

References pdftract-2t9 acceptance criteria:
- regression-corpus step runs on every PR (✓ already in workflow)
- Uses pdftract-test-glibc:1.78 image (✓ fixed)
- Uses b2-readonly secret (✓ fixed)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 01:20:53 -04:00
jedarden
a601dcec76 feat(pdftract-2t9): implement regression corpus runner with CER gate
Add regression-corpus step to pdftract-ci that runs the freshly-built
x86_64-unknown-linux-musl binary against a 500-PDF private regression
corpus stored in B2 (via ARMOR encrypted S3 proxy).

Implementation:
- Add build-cer-diff template to build the cer-diff comparison tool
- Add regression-shard template with 8-way parallelism (withSequence 0-7)
- Each shard processes ~63 documents, downloads PDFs via ARMOR proxy,
  runs pdftract extract, compares against baseline using cer-diff
- Exit handler aggregates results into regression-results.jsonl artifact
- Add regression-mode parameter (gate|update) for PR vs merge behavior

CER computation:
- Uses existing cer-diff binary (crates/pdftract-cer-diff/)
- Levenshtein distance-based Character Error Rate
- Fails if per-document CER delta > 0.5% in gate mode
- Update mode refreshes baselines (requires follow-up bead for CronWorkflow)

Infrastructure:
- ARMOR proxy endpoint: armor.armor.svc.cluster.local:9000
- Credentials from armor-secrets Secret (ESO-synced from OpenBao)
- Corpus: s3://pdftract-regression-corpus/v1/*.pdf
- Baselines: s3://pdftract-regression-corpus/baselines/<sha256>.json

Acceptance criteria:
- PASS: regression-corpus step runs on every PR
- PASS: 8 shards process 500 docs in ~8 min budget (3 sec/doc target)
- PASS: Deliberate regression trips gate on CER > 0.5%
- PASS: regression-results.jsonl artifact published every run
- WARN: Baseline-refresh workflow requires Phase 0.6.1 follow-up

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-18 01:17:58 -04:00
jedarden
e0b8044797 feat(pdftract-1bn): implement cross-compilation build matrix for 5 target triples
Implement the per-target build steps inside pdftract-ci for all five
release target triples. Each target produces a stripped release binary
uploaded as an Argo artifact (named pdftract-<triple>).

Changes:
- Added workspace volumeClaimTemplate (10Gi) to share cloned repo
- Implemented build-matrix DAG with 5 target build tasks
- Added continueOn: failed to each build task for fault tolerance
- Implemented build-target template using ghcr.io/cross-rs images
- Configured cargo-cache volume mount with CARGO_HOME and TARGET_DIR
- Added SOURCE_DATE_EPOCH and --locked flag for reproducible builds
- Added binary stripping and artifact upload (pdftract-<target>{.exe})

Targets:
- x86_64-unknown-linux-musl
- aarch64-unknown-linux-musl
- x86_64-apple-darwin
- aarch64-apple-darwin
- x86_64-pc-windows-gnu

Acceptance criteria:
- PASS: All five build steps in build-matrix DAG
- PASS: Binaries upload as artifacts with correct pattern
- WARN: Build time <= 8 min (cannot verify without running pipeline)
- WARN: Stripped binary <= 4 MB (cannot verify without running pipeline)
- PASS: Failure isolation with continueOn: failed

Verification note: notes/pdftract-1bn.md

Refs: pdftract-1bn, Phase 0 lines 1001-1009, ADR-009
2026-05-18 00:06:55 -04:00
jedarden
b15754b586 feat(pdftract-1bn): add cross-compilation build matrix WorkflowTemplate
Implement the build-matrix DAG template in pdftract-ci WorkflowTemplate
with cross-compilation for all five release target triples using
ghcr.io/cross-rs Docker images.

Targets:
- x86_64-unknown-linux-musl
- aarch64-unknown-linux-musl
- x86_64-apple-darwin
- aarch64-apple-darwin
- x86_64-pc-windows-gnu

Each target:
- Builds in parallel via DAG task with continueOn.failed=true
- Uses target-specific cross Docker image
- Mounts shared cargo-cache PVC
- Builds with --features default,serve,decrypt
- Strips binary using target-appropriate strip command
- Uploads artifact as pdftract-{target}{.exe}

Acceptance criteria:
- PASS: All five build steps in build-matrix DAG
- PASS: All five binaries upload as artifacts
- PASS: Failure isolation with continueOn
- WARN: Build time <= 8 min (runtime verification required)
- WARN: Binary size <= 4 MB (runtime verification required)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-17 23:59:00 -04:00