blumeops

Author	SHA1	Message	Date
Erich Blume	4c547745bf	Upgrade Grafana 12.3.3 → 12.4.2 Patches 7 CVEs including CVE-2026-27880 (unauthenticated OOM DoS, CVSS 7.5). No config changes needed — alerting pending period behavior change is a net improvement for our NoData/Error rules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-02 11:21:26 -07:00
Erich Blume	613f05dfde	Add consistent OCI labels to all container Dockerfiles All checks were successful Build Container (Nix) / build (miniflux) (push) Successful in 2s Details Build Container (Nix) / build (navidrome) (push) Successful in 2s Details Build Container / build (devpi) (push) Successful in 41s Details Build Container (Nix) / build (nettest) (push) Successful in 15s Details Build Container / build (grafana-sidecar) (push) Successful in 1m27s Details Build Container / build (grafana) (push) Successful in 3m23s Details Build Container (Nix) / build (ntfy) (push) Successful in 3m19s Details Build Container (Nix) / build (prometheus) (push) Successful in 1s Details Build Container (Nix) / build (quartz) (push) Successful in 1s Details Build Container (Nix) / build (runner-job-image) (push) Successful in 1s Details Build Container (Nix) / build (teslamate) (push) Successful in 2s Details Build Container (Nix) / build (transmission) (push) Successful in 2s Details Build Container (Nix) / build (transmission-exporter) (push) Successful in 1s Details Build Container (Nix) / build (unpoller) (push) Successful in 1s Details Build Container / build (kiwix-serve) (push) Successful in 1m17s Details Build Container / build (kubectl) (push) Successful in 41s Details Build Container / build (homepage) (push) Successful in 8m21s Details Build Container / build (mealie) (push) Successful in 1m1s Details Build Container / build (loki) (push) Successful in 8m21s Details Build Container / build (miniflux) (push) Successful in 2m24s Details Build Container / build (nettest) (push) Successful in 14s Details Build Container / build (ntfy) (push) Successful in 8m33s Details Build Container / build (prometheus) (push) Successful in 37s Details Build Container / build (quartz) (push) Successful in 19s Details Build Container / build (navidrome) (push) Successful in 10m36s Details Build Container / build (runner-job-image) (push) Successful in 3m18s Details Build Container / build (transmission) (push) Successful in 20s Details Build Container / build (transmission-exporter) (push) Successful in 21s Details Build Container / build (unpoller) (push) Successful in 11s Details Build Container / build (teslamate) (push) Successful in 4m42s Details Every container now carries title, description, version, source, and vendor labels per the OCI image spec. Version is derived from the existing CONTAINER_APP_VERSION ARG at build time. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-18 20:42:00 -07:00
Erich Blume	d05d2fbaff	C2: Upgrade Grafana to 12.x with Nix container and Kustomize (#260 ) All checks were successful Build Container (Nix) / detect (push) Successful in 2s Details Build Container / detect (push) Successful in 1s Details Build Container (Nix) / build (grafana) (push) Successful in 2s Details Build Container / build (grafana) (push) Successful in 7s Details ## Summary Mikado chain to upgrade Grafana from 11.4.0 (Helm chart) to 12.x with: - Home-built Nix container image (`forge.ops.eblu.me/eblume/grafana`) - Kustomize manifests replacing the Helm chart - Single-source ArgoCD app ## Chain Goal: `upgrade-grafana` Leaves: `build-grafana-container`, `kustomize-grafana-deployment` Track with: `mise run docs-mikado upgrade-grafana` ## Test plan - [ ] Container builds successfully via Nix - [ ] Container pushed to registry - [ ] Kustomize manifests produce equivalent resources to current Helm - [ ] Pod runs, UI loads, OIDC works, datasources healthy - [ ] `mise run services-check` passes Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/260	2026-02-23 18:07:18 -08:00

3 commits