kavi
/
kua-deploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Authoritative deploy orchestrator. Split out of coder-core 2026-05-21 to break the self-rebuild loop.
7 Commits 2 Branches 1 Tag 249 KiB
JavaScript 99.5%
Dockerfile 0.5%
Go to file
Kavi 6a583a8572 fix(deploy): SHA normalization + kua-vault wrap in verifyStatelessRecreated; retire webhook mandatory check; add /api/v1/apps/registry endpoint 
- verifyStatelessRecreated(): strip sha256: prefix before comparing image SHAs
  (same fix already applied to runtime-status in 2551af4, completeSelfRecreate
  in 06852c2; now consistent across all three verify paths)
- verifyStatelessRecreated(): add kua-vault wrap on compose images/ps calls
  (mirrors 2551af4 runtime-status fix; env interpolation was causing empty
  output for vault-injected apps, making the verify always fail with
  'no running container')
- start(): downgrade missing WEBHOOK_SECRET from fatal error to warning; the
  Forgejo webhook path is retired in favour of the admin API — handler stays
  but the startup guard no longer blocks kua-deploy from booting
- Add GET /api/v1/apps/registry so kua-mcp-core can fetch the full app list
  over HTTP without depending on a filesystem path inside its container

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-05-23 04:29:26 -04:00
Dockerfile feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
NOTES-image-digest-pinning.md feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
README.md feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
docker-compose.yml feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
kua.json feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
package-lock.json feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
package.json feat: initial commit — extracted from coder-core/services/kua-deploy 2026-05-21 18:04:45 -04:00
server.js fix(deploy): SHA normalization + kua-vault wrap in verifyStatelessRecreated; retire webhook mandatory check; add /api/v1/apps/registry endpoint 2026-05-23 04:29:26 -04:00

README.md

kua-deploy

Authoritative deploy orchestrator for the Kua infrastructure fleet. Receives release triggers (admin API and Forgejo webhooks), runs git-pull → migration gate → docker build → recreate → SHA-verify on managed apps.

Split out of coder-core/services/kua-deploy/ on 2026-05-21 to break the self-rebuild loop that ran every coder-core release through this service as a side-effect.

Layout

  • server.js — Fastify app exposing /api/v1/apps/:app/deploy, /progress, /runtime-status, /webhook/forgejo.
  • Dockerfile — node:22-alpine + docker-cli + ssh + git + kua-vault binary (mounted at runtime).
  • docker-compose.yml — single-service compose project. Joins kua-services + production_proxy networks.
  • kua.json — release-app manifest (mode: direct, server: bruno).
  • NOTES-image-digest-pinning.md — design notes for deferred prevention #4.

Registry

deploy-registry.json lives in coder-core/services/kua-deploy/deploy-registry.json and is bind-mounted in at /app/deploy-registry.json. This is a transitional arrangement; a future change can migrate the registry into this repo.

Deploying kua-deploy

Via release-app:

release-app kua-deploy

Which goes through kua-deploy's own admin POST /api/v1/apps/kua-deploy/deploy and uses the transient-container recreate pattern (Phase A) so the service can replace its own running container without false-success.

See also

  • services/kua-deploy/NOTES-image-digest-pinning.md in this repo
  • infra-docs/docs/04-operations/deploy-listener.md in coder-core (current-state callout + deploy_mode reference)