cameleer/cameleer-server
1
0
Fork 0
Code Issues 46 Pull Requests Actions Packages Projects Releases Wiki Activity

docs: reflect cameleer-runtime-loader image source moved to cameleer-saas

Browse Source 
Update CLAUDE.md and .claude/rules/cicd.md to point at the new
source-of-truth location (cameleer-saas/docker/runtime-loader/) and
flag LoaderHardeningIT as the cross-repo contract test instead of an
internal regression guard. The image's runtime contract (env vars,
mount path, exit codes) is unchanged.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-28 13:05:39 +02:00
parent 3334f0a1d2
commit a605d38750
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.claude/rules/cicd.md
View File

@@ -16,7 +16,7 @@ paths:
- Docker: multi-stage build (`Dockerfile`), `$BUILDPLATFORM` for native Maven on ARM64 runner, amd64 runtime. `docker-entrypoint.sh` imports `/certs/ca.pem` into JVM truststore before starting the app (supports custom CAs for OIDC discovery without `CAMELEER_SERVER_SECURITY_OIDCTLSSKIPVERIFY`).
- `REGISTRY_TOKEN` build arg required for `cameleer-common` dependency resolution
- Registry: `gitea.siegeln.net/cameleer/cameleer-server` (container images)
- `cameleer-runtime-loader` image (init container that fetches the deployable JAR before the runtime container starts) is built and pushed by the same `docker` job, but only when files under `cameleer-runtime-loader/` actually changed in the push. Detection runs in the `build` job (`Detect runtime-loader changes` step, diffs `${{ github.event.before }}..${{ github.sha }}`) and is exposed as the `loader_changed` job output. The loader build step uses `if: needs.build.outputs.loader_changed == 'true'`. Build job's checkout uses `fetch-depth: 0` so the diff has access to the prior commit.
- `cameleer-runtime-loader` image (init container that fetches the deployable JAR before the runtime container starts) is built and pushed by **cameleer-saas** CI (`docker/runtime-loader/` in that repo) — it lives alongside the other sidecar/infra images (runtime-base, postgres, clickhouse, traefik, logto). cameleer-server **consumes** the image via `DockerRuntimeOrchestrator` but does not build it. Cross-repo contract is regression-tested by `LoaderHardeningIT` here, which pulls the published `:latest` and asserts exit 0 under the orchestrator's hardening contract.
- K8s manifests in `deploy/` — Kustomize base + overlays (main/feature), shared infra (PostgreSQL, ClickHouse, Logto) as top-level manifests
- Deployment target: k3s at 192.168.50.86, namespace `cameleer` (main), `cam-<slug>` (feature branches)
- Feature branches: isolated namespace, PG schema; Traefik Ingress at `<slug>-api.cameleer.siegeln.net`