From 4c32c0cd60b2e5cb8cc7cec3d1776669737790cf Mon Sep 17 00:00:00 2001 From: defiQUG Date: Tue, 12 May 2026 15:32:41 -0700 Subject: [PATCH] docs(gov-portals): Gitea-only forge policy; clarify GitHub as non-canonical Co-authored-by: Cursor --- .../GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md | 1 + ...OV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md | 28 +++++++++++++++++++ docs/MASTER_INDEX.md | 1 + 3 files changed, 30 insertions(+) create mode 100644 docs/04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md diff --git a/docs/04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md b/docs/04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md index 95b0220d..2a656911 100644 --- a/docs/04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md +++ b/docs/04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md @@ -4,6 +4,7 @@ This document ties together **Gitea repos**, the **gov-portals-monorepo** umbrel ## North star +- **Forge policy (Gitea-only):** `Gov_Web_Portals/*` repos and the monorepo use **only Gitea** as authoritative remote — no GitHub `origin` for those trees. **`d-bis/proxmox`** uses **`gitea`** as canonical for pushes; a GitHub remote may exist only as a **non-authoritative** mirror. See [GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md](./GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md). - **Authoritative application code** for each portal lives in its **Gitea repo** under `Gov_Web_Portals/` (DBIS, ICCC, OMNL, XOM), with **`main`** as the integration branch unless you have agreed otherwise. - **Integration / shared layout** lives in **`Gov_Web_Portals/gov-portals-monorepo`** (workspace + `packages/shared`). Portal repos use `workspace:*` for `@public-web-portals/shared`, so **CI that runs `pnpm install` in the portal repo alone is insufficient** unless you vendor shared — the recommended Actions flow clones the monorepo and **overlays** the pushed portal tree (see templates below). - **Live runtime** for the xom-dev stack is **LXC 7804** (`IP_GOV_PORTALS_DEV`, default `192.168.11.54`) with systemd units `gov-portal-DBIS` … `gov-portal-XOM` on ports **3001–3004**. Public hostnames are documented in [GOV_PORTALS_XOM_DEV_DEPLOYMENT.md](./GOV_PORTALS_XOM_DEV_DEPLOYMENT.md). diff --git a/docs/04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md b/docs/04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md new file mode 100644 index 00000000..f23d3c5f --- /dev/null +++ b/docs/04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md @@ -0,0 +1,28 @@ +# Gov portals and proxmox — directory, remotes, VMID, FQDN + +Operator-oriented map for the **Gov Web Portals** monorepo, its **Gitea portal repos**, and the **proxmox** orchestration repo used for Phoenix CD. + +## Source of truth: Gitea-only + +- **`Gov_Web_Portals/*`** (monorepo + DBIS / ICCC / OMNL / XOM): **Gitea is the only authoritative forge.** Do not add a `github.com` `origin` for these repos; CI clones and submodule URLs should use **`https://gitea.d-bis.org/...`** (with token auth where required). +- **`d-bis/proxmox`**: **Canonical remote is `gitea`** (`https://gitea.d-bis.org/d-bis/proxmox.git`). A **`github.com`** remote may still exist as an **optional mirror or archive**; it is **not** the operator source of truth for pushes, Phoenix deploy wiring, or submodule pins. Prefer **`git push gitea main`** / **`git push gitea master`** for changes that must land on the LAN automation path. + +| Project directory (typical) | Gitea repo | GitHub (non-canonical / optional) | VMID | FQDN (primary / dev) | +|------------------------------|------------|-------------------------------------|------|----------------------| +| `/home/intlc/projects/proxmox` | [`d-bis/proxmox`](https://gitea.d-bis.org/d-bis/proxmox) | Optional mirror: [`Order-of-Hospitallers/proxmox-cp`](https://github.com/Order-of-Hospitallers/proxmox-cp) — **do not use as SoT** | **—** (orchestration tree; targets many CTs/VMs) | **—** (no single app FQDN; forge: [`gitea.d-bis.org`](https://gitea.d-bis.org/d-bis/proxmox)) | +| `/srv/projects/proxmox` (Phoenix dev VM **5700**) | same as above | same | **5700** (Phoenix deploy API + Gitea runner host) | Dev / forge context: [`dev.d-bis.org`](https://dev.d-bis.org), [`gitea.d-bis.org`](https://gitea.d-bis.org); Phoenix deploy API is usually **LAN** `http://192.168.11.59:4001` (see [`DEV_VM_SSH_REMOTE_ACCESS.md`](DEV_VM_SSH_REMOTE_ACCESS.md)) | +| `/home/intlc/projects/gov-portals-monorepo` | [`Gov_Web_Portals/gov-portals-monorepo`](https://gitea.d-bis.org/Gov_Web_Portals/gov-portals-monorepo) — **set `origin` to this URL**; remove or rename extra remotes (e.g. `d-bis/gov-portals-monorepo`) if they confuse pushes | **—** (Gitea-only) | **7804** (LXC `gov-portals-dev` @ `192.168.11.54`) | **—** (monorepo has no single public hostname; portals below) | +| `…/gov-portals-monorepo/DBIS` | [`Gov_Web_Portals/DBIS`](https://gitea.d-bis.org/Gov_Web_Portals/DBIS) | **—** (Gitea-only) | **7804** | Public: [`https://d-bis.org/`](https://d-bis.org/) (and related `dbis-admin.d-bis.org`, `secure.d-bis.org` per [FQDN_EXPECTED_CONTENT.md](FQDN_EXPECTED_CONTENT.md)); dev: [`https://dbis.xom-dev.phoenix.sankofa.nexus/`](https://dbis.xom-dev.phoenix.sankofa.nexus/) | +| `…/gov-portals-monorepo/ICCC` | [`Gov_Web_Portals/ICCC`](https://gitea.d-bis.org/Gov_Web_Portals/ICCC) | **—** (Gitea-only) | **7804** | Dev: [`https://iccc.xom-dev.phoenix.sankofa.nexus/`](https://iccc.xom-dev.phoenix.sankofa.nexus/) | +| `…/gov-portals-monorepo/OMNL` | [`Gov_Web_Portals/OMNL`](https://gitea.d-bis.org/Gov_Web_Portals/OMNL) | **—** (Gitea-only) | **7804** | Dev: [`https://omnl.xom-dev.phoenix.sankofa.nexus/`](https://omnl.xom-dev.phoenix.sankofa.nexus/) | +| `…/gov-portals-monorepo/XOM` | [`Gov_Web_Portals/XOM`](https://gitea.d-bis.org/Gov_Web_Portals/XOM) | **—** (Gitea-only) | **7804** | Dev: [`https://xom.xom-dev.phoenix.sankofa.nexus/`](https://xom.xom-dev.phoenix.sankofa.nexus/) | + +## Notes + +- **VMID 7804** and xom-dev DNS/NPM are documented in [GOV_PORTALS_XOM_DEV_DEPLOYMENT.md](GOV_PORTALS_XOM_DEV_DEPLOYMENT.md). +- **DBIS** production vs **xom-dev** hostnames differ; Phoenix `deploy-targets.json` healthchecks use **`https://d-bis.org/.well-known/trust.json`** (DBIS) and **xom-dev** HTTPS roots for ICCC/OMNL/XOM. +- **Submodules** URLs are defined in the **`gov-portals-monorepo`** checkout (see that repo’s **`.gitmodules`** at repo root). + +## Doc index + +Listed in [MASTER_INDEX.md](../MASTER_INDEX.md) under configuration / Gov portals. diff --git a/docs/MASTER_INDEX.md b/docs/MASTER_INDEX.md index a1d9bde4..6869162e 100644 --- a/docs/MASTER_INDEX.md +++ b/docs/MASTER_INDEX.md @@ -30,6 +30,7 @@ | **Gitea TLS expiry check** | `bash scripts/verify/check-gitea-certificate-expiry.sh` — warns before `gitea.d-bis.org` cert expiry blocks HTTPS pushes | | **Gitea TLS expiry cron** | `bash scripts/maintenance/schedule-gitea-cert-check-cron.sh --install` — installs a daily warning check with `WARN_DAYS=30` | | **Gitea repo ↔ VM CI/CD matrix** | [04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md](04-configuration/GITEA_REPO_VM_CD_CI_MATRIX.md) — per-repo workflows, Phoenix deploy targets, templates under `config/gitea-workflow-templates/`; gov portals live paths: [GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md](04-configuration/GITEA_GOV_PORTALS_LIVE_SOURCE_OF_TRUTH.md) | +| **Gov portals: directory, Gitea/GitHub, VMID, FQDN** | [04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md](04-configuration/GOV_PORTALS_REPO_DIRECTORY_VM_FQDN_TABLE.md) — one table for proxmox, `gov-portals-monorepo`, and DBIS/ICCC/OMNL/XOM submodules | | **Gitea CD operator checklist** | [00-meta/GITEA_CD_OPERATOR_CHECKLIST.md](00-meta/GITEA_CD_OPERATOR_CHECKLIST.md) — secrets, Phoenix host sync, `report-gitea-cd-parity.sh` | | **TsunamiSwap DEX plan** | [00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md](00-meta/AAVE_CHAIN138_AND_MARIONETTE_TSUNAMISWAP_PLAN.md) — canonical TsunamiSwap VM `5010` plan, current DEX link, and publish checklist | | **Required / optional / recommended (full plan)** | [00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md](00-meta/COMPLETE_REQUIRED_OPTIONAL_RECOMMENDED_INDEX.md) |