archeious/quartermaster
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

docs: Session 3 — deploy pipeline live #36

Open
claude-code wants to merge 1 commit from docs/session-3 into main
pull from: docs/session-3
merge into: archeious:main
Conversation 0 Commits 1 Files changed 1 +50 -32
1 changed files with 50 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 546c0800cc - Show all commits

82
CLAUDE.md
View file

@ -47,19 +47,18 @@ then restart.
## Current Project State
* **Phase**: shipped MVP + posting ledger + template-entry edit +
platform-deploy prep (`/healthz`, structured JSON logs). Working
daily-use tool; first production deploy to home-ctr-onyx pending.
* **Phase**: live in production on home-ctr-onyx at
`https://quartermaster.unbiasedgeek.com/`. Every merge to `main`
rolls out automatically via `.forgejo/workflows/deploy.yml`.
* **Last worked on**: 2026-04-19
* **Last commit on main**: `1296258` — chore: silence jsonlogger
deprecation, fix LogQL example (#26, #27)
* **Last commit on main**: `ee6eaae` — fix(docker): enable uvicorn
proxy-headers so url_for works behind Traefik
* **Open PRs**: none
* **Open issues**: #28 Dockerfile, #29 compose.yml, #30 Forgejo
Actions deploy workflow (dependency-chained); #31 small cleanups
(non-blocking polish)
* **Open issues**: #23 MCP proposal; #31 small cleanups (non-blocking
polish); #26 and #27 are landed but weren't closed when their work
merged — safe to close.
* **Test count**: 148 / 148 passing
* **Migrations**: 5 applied; latest `cc60e7f73a1c` (no schema change
in #26 or #27)
* **Migrations**: 5 applied; latest `cc60e7f73a1c`
* **Blocking issues**: none
After pulling new work, always:
@ -75,6 +74,47 @@ the live DB.
Most recent 3 sessions (full history in the [wiki](https://forgejo.labbity.unbiasedgeek.com/archeious/quartermaster/wiki)).
### Session 3 — 2026-04-19
Deploy-pipeline arc: four PRs (#32 Dockerfile, #33 compose.yml,
#34 Forgejo Actions workflow, #35 post-deploy proxy-headers fix)
took Quartermaster from "deploy prep merged" to live on
`https://quartermaster.unbiasedgeek.com/`. All three dependency-chained
issues (#28/#29/#30) closed.
Key decision, locked mid-flight: the deploy workflow has **no SSH
step**. Initial draft used an SSH-from-runner-to-host pattern with
`DEPLOY_SSH_KEY` + `DEPLOY_KNOWN_HOSTS` secrets. Jeff pushed back —
the `homelab` runner lives on home-ctr-onyx itself with the host's
Docker socket mounted, so `docker compose pull && up -d` runs
directly against the same daemon that hosts production. Dropped
two secrets and the private-key risk surface. Remaining Actions
secrets: `REGISTRY_TOKEN` (archeious PAT, `read:package` +
`write:package`, minted via the Forgejo API using the admin
password exposed by `homelab-IaC/bin/load-ops-secrets`) and
`QUARTERMASTER_SMOKE_PASSWORD` (plaintext basic-auth for the
post-deploy `/healthz` probe).
Other design points: image tag parameterised via
`QUARTERMASTER_TAG` (workflow writes a per-deploy `.env`),
`COMPOSE_PROJECT_NAME=quartermaster` pinned so the runner's
ephemeral workspace path doesn't confuse compose, smoke step does
`curl -u admin:… https://quartermaster.unbiasedgeek.com/healthz`
to catch TLS + routing + basic-auth regressions in one probe.
One post-deploy bug: the first rolled image rendered unstyled
because uvicorn was started without `--proxy-headers`, so
Starlette ignored `X-Forwarded-Proto` from Traefik and `url_for()`
generated `http://<internal>/static/…` hrefs, which browsers
blocked as mixed content on the `https://` page. Reproduced
locally by curling the pre-fix image with Traefik-style headers;
added `--proxy-headers --forwarded-allow-ips='*'` to
`docker/entrypoint.sh` in #35. Safe to trust all forwarded IPs
because `compose.yml` publishes no host port — only Traefik on
`proxy-net` can reach port 8000.
Full retro: [Session3](https://forgejo.labbity.unbiasedgeek.com/archeious/quartermaster/wiki/Session3).
### Session 2 — 2026-04-19
Platform contract intake (#25) filled out and accepted; platform team
@ -105,25 +145,3 @@ Deploy-pipeline work queued as #28 (Dockerfile), #29 (compose.yml),
Full retro: [Session2](https://forgejo.labbity.unbiasedgeek.com/archeious/quartermaster/wiki/Session2).
### Session 1 — 2026-04-17
Greenfield to working ledger. 10 PRs merged in one sitting:
scaffold (#2) → monthly view with snapshot + deviation (#4) →
backups + CLAUDE.md safety rule (#6) → zero amount header (#8) →
gitignore wiki (#10) → section groups + sinking funds (#12) →
notes field (#14) → month lifecycle Planning / Active / Closed
(#16) → UI redesign in Barlow Condensed with logo (#18) →
posting transaction ledger (#20).
Key architectural decisions: snapshot-over-mirror for months;
Primary Debt Target is a pointer, not a pre-allocated amount;
nothing auto-sweeps — close requires applied zero at $0; `applied`
is derived from postings only, no column. UI went through three
mockups before settling on Barlow Condensed + cream paper +
burgundy accent sampled from the logo shield.
One incident: I wiped the live DB several times during early dev
churn before the backup script existed. The script + alembic hook
+ repo-level CLAUDE.md safety rule are the fix.
Full retro: [Session1](https://forgejo.labbity.unbiasedgeek.com/archeious/quartermaster/wiki/Session1).