Add Mikado chain for k8s forgejo-runner upgrade (v6.3.1 → v12.x)

C2 change: three cards documenting the upgrade path, breaking changes, and prerequisites (workflow validation, config review). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 17:11:07 -08:00
2 changed files with 37 additions and 36 deletions
--- a/mise-tasks/service-review
+++ b/mise-tasks/service-review
@ -5,7 +5,7 @@
 # ///
 #MISE description="Review the most stale service for version freshness"
 #USAGE flag "--limit <limit>" default="15" help="Number of services to show in the table"
-#USAGE flag "--type <type>" help="Filter by service type (argocd, ansible, hybrid)"
+#USAGE flag "--type <type>" help="Filter by service type (argocd, ansible, nixos)"
 """Review the most stale service for version freshness.

 Reads ``docs/reference/services/service-versions.yaml`` and sorts services
@ -55,7 +55,7 @@ def parse_date(raw) -> date | None:

 def main(
    limit: Annotated[int, typer.Option(help="Number of services to show in the table")] = 15,
-    type: Annotated[str | None, typer.Option(help="Filter by service type (argocd, ansible, hybrid)")] = None,
+    type: Annotated[str | None, typer.Option(help="Filter by service type (argocd, ansible, nixos)")] = None,
 ) -> None:
    console = Console()
    today = date.today()
@ -166,14 +166,7 @@ def main(
    ]

    svc_type = top_svc.get("type", "")
-    if svc_type == "hybrid":
-        checklist_parts += [
-            "\n[bold]Custom Container (hybrid):[/bold]\n",
-            "• Check base image for updates\n",
-            "• Rebuild container if needed: mise run container-build-and-release\n",
-            "• Update ArgoCD manifest with new image tag\n",
-        ]
-    elif svc_type == "argocd":
+    if svc_type == "argocd":
        checklist_parts += [
            "\n[bold]ArgoCD Deployment:[/bold]\n",
            "• Update image tag or Helm chart version in argocd/manifests/\n",
@ -185,6 +178,13 @@ def main(
            f"• Check role vars for version pins: ansible/roles/{top_svc['name']}/\n",
            f"• Dry run: mise run provision-indri -- --tags {top_svc['name']} --check --diff\n",
        ]
+    elif svc_type == "nixos":
+        checklist_parts += [
+            "\n[bold]NixOS Deployment:[/bold]\n",
+            "• Version tracks nixpkgs via flake.lock\n",
+            "• Update: dagger call flake-update --src=. export --path=nixos/ringtail/flake.lock\n",
+            "• Deploy: mise run provision-ringtail\n",
+        ]

    checklist_parts += [
        "\n[bold]Health Check:[/bold]\n",
--- a/service-versions.yaml
+++ b/service-versions.yaml
@ -5,15 +5,13 @@
 #
 # Fields:
 #   name            - kebab-case service identifier
-#   type            - argocd | ansible | hybrid (custom container + ArgoCD)
+#   type            - argocd | ansible | nixos
 #   last-reviewed   - date (YYYY-MM-DD) or null
 #   current-version - deployed version string or null
 #   upstream-source - URL to upstream releases/changelog
 #   notes           - optional context

 services:
-  # --- ArgoCD plain manifests ---
-
  - name: prometheus
    type: argocd
    last-reviewed: 2026-02-16
@ -45,7 +43,7 @@ services:
    upstream-source: https://github.com/binwiederhier/ntfy/releases

  - name: homepage
-    type: hybrid
+    type: argocd
    last-reviewed: 2026-02-19
    current-version: "v1.10.1"
    upstream-source: https://github.com/gethomepage/homepage/releases
@ -82,8 +80,6 @@ services:
    current-version: "v1.94.2"
    upstream-source: https://github.com/tailscale/tailscale/releases

-  # --- ArgoCD Helm charts ---
-
  - name: grafana
    type: argocd
    last-reviewed: null
@ -119,8 +115,6 @@ services:
    upstream-source: https://github.com/1Password/connect/releases
    notes: Deployed via Helm chart

-  # --- ArgoCD infra ---
-
  - name: argocd
    type: argocd
    last-reviewed: null
@ -134,77 +128,84 @@ services:
    upstream-source: https://github.com/cloudnative-pg/cloudnative-pg/releases
    notes: CloudNativePG Cluster resource

-  # --- Hybrid (custom container + ArgoCD) ---
-
  - name: authentik
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "2025.10.1"
    upstream-source: https://github.com/goauthentik/authentik/releases

  - name: navidrome
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "v0.60.3"
    upstream-source: https://github.com/navidrome/navidrome/releases

  - name: miniflux
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "2.2.17"
    upstream-source: https://github.com/miniflux/v2/releases

  - name: teslamate
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "v2.2.0"
    upstream-source: https://github.com/teslamate-org/teslamate/releases

  - name: transmission
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "4.0.6-r4"
    upstream-source: https://github.com/transmission/transmission/releases

  - name: kiwix
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "3.8.1"
    upstream-source: https://github.com/kiwix/kiwix-tools/releases

  - name: devpi
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "6.19.1"
    upstream-source: https://github.com/devpi/devpi/releases

  - name: cv
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "1.0.3"
    upstream-source: null
    notes: Personal static site, no upstream

  - name: docs
-    type: hybrid
+    type: argocd
    last-reviewed: null
    current-version: "1.28.2"
    upstream-source: https://github.com/jackyzha0/quartz/releases
    notes: Quartz static site generator; container version tracks nginx base

  - name: forgejo-runner
-    type: hybrid
-    last-reviewed: null
-    current-version: "0.19.11"
+    type: argocd
+    last-reviewed: 2026-02-22
+    current-version: "6.3.1"
    upstream-source: https://code.forgejo.org/forgejo/runner/releases
+    notes: >-
+      Runner daemon version. Job execution container (containers/forgejo-runner)
+      tracks Dagger at v0.19.11.

-  # --- Ansible native ---
+  - name: nix-container-builder
+    type: nixos
+    last-reviewed: 2026-02-22
+    current-version: "12.6.4"
+    upstream-source: https://code.forgejo.org/forgejo/runner/releases
+    notes: Forgejo runner on ringtail via nixpkgs; version tracks flake.lock

  - name: forgejo
    type: ansible
-    last-reviewed: null
-    current-version: null
+    last-reviewed: 2026-02-22
+    current-version: "14.0.2"
    upstream-source: https://codeberg.org/forgejo/forgejo/releases
+    notes: Installed via Homebrew on indri; plan to migrate to source build

  - name: alloy
    type: ansible
@ -244,4 +245,4 @@ services:
    last-reviewed: null
    current-version: null
    upstream-source: null
-    notes: Custom systemd service, no upstream
+    notes: Custom service, no upstream