The loader is infra glue (per-replica init container that fetches the
tenant JAR from a signed URL) — same shape as runtime-base, postgres,
clickhouse, traefik, logto images already living in cameleer-saas. Move
the source + CI build there so all sidecar/infra image builds are in
one place; cameleer-server's CI is back to building only what it owns
(server, server-ui).
Coordination: cameleer-saas@ac8d628 added the build step and copied the
source verbatim. Published tag path is unchanged
(gitea.siegeln.net/cameleer/cameleer-runtime-loader:latest), so running
tenant servers continue pulling the same image without disruption.
This commit:
- Deletes cameleer-runtime-loader/ (Dockerfile, entrypoint.sh, README).
- Removes the conditional "Build and push runtime-loader" step and its
upstream "Detect runtime-loader changes" detection from .gitea/workflows/ci.yml.
Drops the fetch-depth: 0 + outputs.loader_changed plumbing that only
existed for the change-detection path.
- Drops cameleer-runtime-loader from the in-job and cleanup-branch image
cleanup loops — saas owns the registry lifecycle now.
- Rewrites LoaderHardeningIT to pull the published :latest from the
registry (via Testcontainers GenericContainer) instead of building
from a local Dockerfile. The IT now functions as a cross-repo contract
test: cameleer-server's hardening expectations vs. the saas-published
artifact. Local devs need `docker login gitea.siegeln.net`; CI runners
are pre-authenticated.
- Updates .claude/rules/docker-orchestration.md to point at the new
source-of-truth location and reframe LoaderHardeningIT as the
cross-repo contract test.
The image's runtime contract (ARTIFACT_URL, ARTIFACT_EXPECTED_SIZE,
/app/jars/app.jar mount, exit code semantics) is unchanged. Future
contract changes need coordinated commits across both repos.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3334f0a1d2