stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
651b8e0fa3a1276d9f51430bbe1d19644ed5478f
git.stella-ops.org/ops/devops
History
master 651b8e0fa3 feat: Add new projects to solution and implement contract testing documentation 
- Added "StellaOps.Policy.Engine", "StellaOps.Cartographer", and "StellaOps.SbomService" projects to the StellaOps solution.
- Created AGENTS.md to outline the Contract Testing Guild Charter, detailing mission, scope, and definition of done.
- Established TASKS.md for the Contract Testing Task Board, outlining tasks for Sprint 62 and Sprint 63 related to mock servers and replay testing.
2025-10-27 07:57:55 +02:00
..
release
up
2025-10-24 09:15:37 +03:00
AGENTS.md
Resolve Concelier/Excititor merge conflicts
2025-10-20 14:19:25 +03:00
nuget-preview-packages.csv
feat: Implement NotifyPanelComponent with unit tests and mock API service
2025-10-25 19:11:38 +03:00
README.md
feat: Implement NotifyPanelComponent with unit tests and mock API service
2025-10-25 19:11:38 +03:00
sync-preview-nuget.sh
feat: Implement NotifyPanelComponent with unit tests and mock API service
2025-10-25 19:11:38 +03:00
TASKS.md
feat: Add new projects to solution and implement contract testing documentation
2025-10-27 07:57:55 +02:00

README.md

DevOps Release Automation

The release workflow builds and signs the StellaOps service containers, generates SBOM + provenance attestations, and emits a canonical release.yaml. The logic lives under ops/devops/release/ and is invoked by the new .gitea/workflows/release.yml pipeline.

Local dry run

./ops/devops/release/build_release.py \
  --version 2025.10.0-edge \
  --channel edge \
  --dry-run

Outputs land under out/release/. Use --no-push to run full builds without pushing to the registry.

Required tooling

  • Docker 25+ with Buildx
  • .NET 10 preview SDK (builds container stages and the SBOM generator)
  • Node.js 20 (Angular UI build)
  • Helm 3.16+
  • Cosign 2.2+

Supply signing material via environment variables:

  • COSIGN_KEY_REF e.g. file:./keys/cosign.key or azurekms://…
  • COSIGN_PASSWORD password protecting the above key

The workflow defaults to multi-arch (linux/amd64,linux/arm64), SBOM in CycloneDX, and SLSA provenance (https://slsa.dev/provenance/v1).

UI auth smoke (Playwright)

As part of DEVOPS-UI-13-006 the pipelines will execute the UI auth smoke tests (npm run test:e2e) after building the Angular bundle. See docs/ops/ui-auth-smoke.md for the job design, environment stubs, and offline runner considerations.

NuGet preview bootstrap

.NET 10 preview packages (Microsoft.Extensions.*, JwtBearer 10.0 RC, Sqlite 9 RC) ship from the public dotnet-public Azure DevOps feed. We mirror them into ./local-nuget so restores succeed inside Offline Kit.

  1. Run ./ops/devops/sync-preview-nuget.sh whenever you update the manifest.
  2. The script now understands the optional SourceBase column (V3 flat container) and writes packages alongside their SHA-256 checks.
  3. NuGet.config registers the mirror (local), dotnet-public, and nuget.org.

Detailed operator instructions live in docs/ops/nuget-preview-bootstrap.md.