4 commits

Author	SHA1	Message	Date
Erich Blume	0fe0eed35a	Fix Kingfisher container: make /tmp world-writable ... Container runs as user 65534 (nobody) but /tmp was owned by root. Set sticky bit + world-writable (1777) like a standard /tmp. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 06:53:34 -07:00
Erich Blume	c494b62713	Fix Kingfisher container: add /tmp directory ... Kingfisher needs a writable temp directory for git clones and scanning. Nix containers don't create /tmp by default. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 06:49:59 -07:00
Erich Blume	aa9cc709ec	Fix Kingfisher container: add bash and coreutils for CronJob shell ... Nix containers don't include a shell by default. The CronJob needs /bin/bash for the inline script that generates timestamped filenames. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-30 06:45:39 -07:00
Erich Blume	f9206bf10b	Build custom Kingfisher container from sporked deploy branch (#318) ... ## Summary - Add Dockerfile for Kingfisher built from source (sporked deploy branch) - Multi-stage: Rust build with Boost/vectorscan, debian-slim runtime - Switch CronJob from upstream `ghcr.io/mongodb/kingfisher` to `registry.ops.eblu.me/blumeops/kingfisher` - Add kingfisher to service-versions.yaml (version tracks upstream main SHA) - Document spork workflow in CLAUDE.md ## Test plan - [ ] Build container: `mise run container-build-and-release kingfisher 1d37d29` - [ ] Verify image on registry: `mise run container-list` - [ ] Update kustomization newTag - [ ] Sync ArgoCD kingfisher app from branch - [ ] Trigger manual CronJob and verify scan completes - [ ] Verify reports on sifaka Reviewed-on: #318	2026-03-30 06:34:49 -07:00