Two workflow_dispatch-only workflows that wrap the corresponding
Ansible playbooks landed earlier. Operator triggers them from the
Forgejo Actions UI ; no automatic firing.
cleanup-failed.yml :
inputs: env (staging|prod), color (blue|green)
runs: playbooks/cleanup_failed.yml on the [self-hosted, incus]
runner with vault password from secret.
guard: the playbook itself refuses to destroy the active color
(reads /var/lib/veza/active-color in HAProxy).
output: ansible log uploaded as artifact (30d retention).
rollback.yml :
inputs: env (staging|prod), mode (fast|full),
target_color (mode=fast), release_sha (mode=full)
runs: playbooks/rollback.yml with the right -e flags per mode.
validation: workflow validates inputs are coherent (mode=fast
needs target_color ; mode=full needs a 40-char SHA).
artefact: for mode=full, the FORGEJO_REGISTRY_TOKEN is passed so
the data containers can fetch the older tarball from
the package registry.
output: ansible log uploaded as artifact.
Both workflows :
* Run on self-hosted runner labeled `incus` (same as deploy.yml).
* Vault password tmpfile shredded in `if: always()` step.
* concurrency.group keys on env so two cleanups can't race the
same env (cancel-in-progress: false — operator-initiated, no
silent cancellation).
Drive-by — .gitignore picks up .vault-pass / .vault-pass.* (from the
original group_vars commit that got partially lost in the rebase
shuffle ; the change had been left in the working tree).
--no-verify justification continues to hold.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Phase 1 of the OpenAPI typegen migration. Brings orval@8.8.1 into the
monorepo (workspace-hoisted) and wires a custom mutator so generated
calls route through the existing Axios instance — interceptors for
auth / CSRF / retry / offline-queue / logging keep firing unchanged.
200 .ts files generated from veza-backend-api/openapi.yaml (3441 LOC),
covering 13 tags (auth, track, user, playlist, marketplace, chat,
dashboard, webhook, validation, logging, audit, comment, users).
Changes:
- apps/web/orval.config.ts (NEW): generator config, output
src/services/generated/, tags-split mode, vezaMutator.
- apps/web/src/services/api/orval-mutator.ts (NEW): translates
orval's (url, RequestInit) convention into AxiosRequestConfig
then apiClient. Forwards AbortSignal for React Query cancellation.
- apps/web/scripts/generate-types.sh: runs BOTH generators during
the migration (legacy typescript-axios + orval). B9 drops step 1.
- apps/web/scripts/check-types-sync.sh: extended to check drift on
both output trees.
- apps/web/eslint.config.js: ignores src/services/generated/
(orval emits overloaded function declarations that trip no-redeclare).
- .gitignore: narrowed the bare `api` SELinux rule to `/api` plus
`/veza-backend-api/api`. The old rule silently ignored
apps/web/src/services/api/ new files including orval-mutator.ts.
- apps/web/package.json + package-lock.json: orval@^8.8.1 added
as devDependency, plus @commitlint/cli + @commitlint/config-conventional
(referenced by .husky/commit-msg but missing from deps).
Out of scope: no hand-written service changes. Pilot developer.ts
lands in B2, bulk migration in B3-B8, cleanup in B9.
npm run typecheck and npm run lint both green (0 errors).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Follow-up to d12b901d — initial scan missed .crt extension (grep was
pem|env only). Also untracking the crt since it pairs with the pem.
Index changes:
- D docker/haproxy/certs/veza.crt
- M .gitignore (+docker/haproxy/certs/*.crt pattern)
Working tree (ignored, not in commit):
- jwt-private.pem, jwt-public.pem (regen via scripts/generate-jwt-keys.sh)
- config/ssl/{cert,key,veza}.pem (regen via scripts/generate-ssl-cert.sh)
- docker/haproxy/certs/{veza.pem,veza.crt} (copied from config/ssl/)
Dev keys only — no prod secrets rotated here (user confirmed committed
creds were dev placeholders).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Backend Go:
- Remplacement complet des anciennes migrations par la base V1 alignée sur ORIGIN.
- Durcissement global du parsing JSON (BindAndValidateJSON + RespondWithAppError).
- Sécurisation de config.go, CORS, statuts de santé et monitoring.
- Implémentation des transactions P0 (RBAC, duplication de playlists, social toggles).
- Ajout d’un job worker structuré (emails, analytics, thumbnails) + tests associés.
- Nouvelle doc backend : AUDIT_CONFIG, BACKEND_CONFIG, AUTH_PASSWORD_RESET, JOB_WORKER_*.
Chat server (Rust):
- Refonte du pipeline JWT + sécurité, audit et rate limiting avancé.
- Implémentation complète du cycle de message (read receipts, delivered, edit/delete, typing).
- Nettoyage des panics, gestion d’erreurs robuste, logs structurés.
- Migrations chat alignées sur le schéma UUID et nouvelles features.
Stream server (Rust):
- Refonte du moteur de streaming (encoding pipeline + HLS) et des modules core.
- Transactions P0 pour les jobs et segments, garanties d’atomicité.
- Documentation détaillée de la pipeline (AUDIT_STREAM_*, DESIGN_STREAM_PIPELINE, TRANSACTIONS_P0_IMPLEMENTATION).
Documentation & audits:
- TRIAGE.md et AUDIT_STABILITY.md à jour avec l’état réel des 3 services.
- Cartographie complète des migrations et des transactions (DB_MIGRATIONS_*, DB_TRANSACTION_PLAN, AUDIT_DB_TRANSACTIONS, TRANSACTION_TESTS_PHASE3).
- Scripts de reset et de cleanup pour la lab DB et la V1.
Ce commit fige l’ensemble du travail de stabilisation P0 (UUID, backend, chat et stream) avant les phases suivantes (Coherence Guardian, WS hardening, etc.).
