33 lines
1.6 KiB
Markdown
33 lines
1.6 KiB
Markdown
# kua-deploy
|
|
|
|
Authoritative deploy orchestrator for the Kua infrastructure fleet. Receives release triggers (admin API and Forgejo webhooks), runs git-pull → migration gate → docker build → recreate → SHA-verify on managed apps.
|
|
|
|
Split out of `coder-core/services/kua-deploy/` on 2026-05-21 to break the self-rebuild loop that ran every coder-core release through this service as a side-effect.
|
|
|
|
## Layout
|
|
|
|
- `server.js` — Fastify app exposing `/api/v1/apps/:app/deploy`, `/progress`, `/runtime-status`, `/webhook/forgejo`.
|
|
- `Dockerfile` — node:22-alpine + docker-cli + ssh + git + kua-vault binary (mounted at runtime).
|
|
- `docker-compose.yml` — single-service compose project. Joins `kua-services` + `production_proxy` networks.
|
|
- `kua.json` — release-app manifest (`mode: direct`, `server: bruno`).
|
|
- `NOTES-image-digest-pinning.md` — design notes for deferred prevention #4.
|
|
|
|
## Registry
|
|
|
|
`deploy-registry.json` lives in `coder-core/services/kua-deploy/deploy-registry.json` and is bind-mounted in at `/app/deploy-registry.json`. This is a transitional arrangement; a future change can migrate the registry into this repo.
|
|
|
|
## Deploying kua-deploy
|
|
|
|
Via release-app:
|
|
|
|
```
|
|
release-app kua-deploy
|
|
```
|
|
|
|
Which goes through `kua-deploy`'s own admin POST `/api/v1/apps/kua-deploy/deploy` and uses the transient-container recreate pattern (Phase A) so the service can replace its own running container without false-success.
|
|
|
|
## See also
|
|
|
|
- `services/kua-deploy/NOTES-image-digest-pinning.md` in this repo
|
|
- `infra-docs/docs/04-operations/deploy-listener.md` in coder-core (current-state callout + deploy_mode reference)
|