C1: deploy shower v1.1.0 (phases + guest memories) #354

Merged

eblume merged 5 commits from shower-v1.1.0 into main 2026-05-11 20:08:05 -07:00

Conversation 0 Commits 5 Files changed 4 +47 -13

eblume commented 2026-05-11 18:36:01 -07:00

Owner

Copy link

Summary

Deploys adelaide-baby-shower-app v1.1.0 to ringtail k3s.

App changes (since v1.0.2)

• Four-phase ShowerState replaces the boolean locked flag — pre_event → party → prizes_locked → event_locked — with a backfill migration that maps locked=True → pre_event, locked=False → party.
• Guest memories: append-only photos + comments panel where guests can leave notes for the baby. Adds GuestPhoto + GuestComment models with file-extension validators and a max-size validator; new shower.imaging module for thumbnail generation.
• Admin + QR polish: configurable host link, fixed "View Site" URL, guest-facing QR copy improvements, contest tweaks.

Three Django migrations run automatically in the entrypoint against the SQLite PV:

• 0009_shower_phase
• 0010_guest_memories
• 0011_book_description

No ConfigMap / env-var changes. The deploy uses strategy: Recreate with a single replica, so the old pod releases the data PVC before the new one mounts it and runs migrations.

Container build changes

The v1.1.0 tag exposed a latent issue with the Forgejo PyPI install path:

• The recent commit 2d38418e closed the forge package leak at the Fly edge by blocking /api/packages/* publicly.
• Forgejo's PyPI simple index returns absolute file URLs hardcoded to its public ROOT_URL (forge.eblu.me), so pip-installing from the tailnet index URL still tries to download from forge.eblu.me → 403.
• Previous shower builds escaped this because their FOD outputs were already in the nix store; bumping to a new version forced a fresh pip run that hit the block.

Fix mirrors what we already do for the sdist: both wheel and sdist are pulled via direct fetchurl against forge.ops.eblu.me, then the wheel is copied to TMPDIR under its clean filename (nix store path's hash prefix breaks pip's wheel-filename parser) and handed to pip as a local path. The forge --extra-index-url is no longer needed.

FOD outputHash pinned to sha256-kTNOswobtkgyQmmqbQM8XO4vvaGg57nCuuZGbNXb0NM= from run 547. Image: registry.ops.eblu.me/blumeops/shower:v1.1.0-444ff91-nix.

Adjacent finding (already handled)

The ringtail gitea-runner-nix_container_builder systemd unit was left inactive after the recent provision-ringtail (matches the known sshd-restart-hangs-mux lesson — the rebuild changed the unit's PATH closure + config.yaml, systemd stopped it, then the playbook hung before the activation could restart it). Manually started; the existing memory lesson_provision_ringtail_ssh_hang.md was extended to mention the runner as the canary service to check after provisions.

Test plan

• argocd app diff shower --revision shower-v1.1.0 — review the manifest change
• argocd app set shower --revision shower-v1.1.0 && argocd app sync shower
• kubectl --context=k3s-ringtail logs -n shower deploy/shower — confirm migrations 0009/0010/0011 applied, no errors
• Hit https://shower.ops.eblu.me/ (tailnet) — splash page renders, phase indicator visible
• Hit https://shower.ops.eblu.me/host/ — host console loads, phase dropdown shows the four states
• Hit https://shower.eblu.me/ (public via Fly) — splash page still served
• After merge: argocd app set shower --revision main && argocd app sync shower

## Summary Deploys `adelaide-baby-shower-app` **v1.1.0** to ringtail k3s. ### App changes (since v1.0.2) - **Four-phase `ShowerState`** replaces the boolean `locked` flag — `pre_event` → `party` → `prizes_locked` → `event_locked` — with a backfill migration that maps `locked=True → pre_event`, `locked=False → party`. - **Guest memories**: append-only photos + comments panel where guests can leave notes for the baby. Adds `GuestPhoto` + `GuestComment` models with file-extension validators and a max-size validator; new `shower.imaging` module for thumbnail generation. - **Admin + QR polish**: configurable host link, fixed "View Site" URL, guest-facing QR copy improvements, contest tweaks. Three Django migrations run automatically in the entrypoint against the SQLite PV: - `0009_shower_phase` - `0010_guest_memories` - `0011_book_description` No ConfigMap / env-var changes. The deploy uses `strategy: Recreate` with a single replica, so the old pod releases the data PVC before the new one mounts it and runs migrations. ### Container build changes The v1.1.0 tag exposed a latent issue with the Forgejo PyPI install path: - The recent commit [2d38418e](https://forge.eblu.me/eblume/blumeops/commit/2d38418e) closed the forge package leak at the Fly edge by blocking `/api/packages/*` publicly. - Forgejo's PyPI simple index returns absolute file URLs hardcoded to its public `ROOT_URL` (`forge.eblu.me`), so pip-installing from the tailnet index URL still tries to download from `forge.eblu.me` → 403. - Previous shower builds escaped this because their FOD outputs were already in the nix store; bumping to a new version forced a fresh pip run that hit the block. Fix mirrors what we already do for the sdist: both wheel and sdist are pulled via direct `fetchurl` against `forge.ops.eblu.me`, then the wheel is copied to TMPDIR under its clean filename (nix store path's hash prefix breaks pip's wheel-filename parser) and handed to pip as a local path. The forge `--extra-index-url` is no longer needed. FOD outputHash pinned to `sha256-kTNOswobtkgyQmmqbQM8XO4vvaGg57nCuuZGbNXb0NM=` from run 547. Image: `registry.ops.eblu.me/blumeops/shower:v1.1.0-444ff91-nix`. ### Adjacent finding (already handled) The ringtail `gitea-runner-nix_container_builder` systemd unit was left `inactive` after the recent `provision-ringtail` (matches the known `sshd-restart-hangs-mux` lesson — the rebuild changed the unit's PATH closure + config.yaml, systemd stopped it, then the playbook hung before the activation could restart it). Manually started; the existing memory `lesson_provision_ringtail_ssh_hang.md` was extended to mention the runner as the canary service to check after provisions. ## Test plan - [ ] `argocd app diff shower --revision shower-v1.1.0` — review the manifest change - [ ] `argocd app set shower --revision shower-v1.1.0 && argocd app sync shower` - [ ] `kubectl --context=k3s-ringtail logs -n shower deploy/shower` — confirm migrations 0009/0010/0011 applied, no errors - [ ] Hit `https://shower.ops.eblu.me/` (tailnet) — splash page renders, phase indicator visible - [ ] Hit `https://shower.ops.eblu.me/host/` — host console loads, phase dropdown shows the four states - [ ] Hit `https://shower.eblu.me/` (public via Fly) — splash page still served - [ ] After merge: `argocd app set shower --revision main && argocd app sync shower`

eblume added 5 commits 2026-05-11 18:36:01 -07:00

C1: bump shower to v1.1.0 (probe FOD hash) ... 38daa3b0c3

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

C1: shower default.nix — fetchurl wheel directly (probe FOD) ... e534100254

Forgejo's PyPI simple index returns absolute file URLs hardcoded to its
public ROOT_URL (forge.eblu.me). The Fly edge blocks /api/packages/* per
PR #2d38418e, so pip-install through the index 403s the wheel download
even when reached from the tailnet. Mirror what we already do for the
sdist: pull the wheel via fetchurl from forge.ops.eblu.me and hand it to
pip as a local path. The forge --extra-index-url is no longer needed.

Also bumps service-versions.yaml current-version to v1.1.0 to satisfy
container-version-check (the kustomization newTag follows once the nix
build pins its FOD hash).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

C1: shower — copy wheel to clean filename before pip install ... a156ea7687

Nix store paths embed a 32-char hash prefix, which pip rejects as
"Invalid wheel filename (invalid version)". Copy the wheel into TMPDIR
under its bare name first, then install from there.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

C1: pin shower v1.1.0 FOD outputHash from run 547 ... 444ff91b61

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

C1: deploy shower v1.1.0 to ringtail (kustomization + changelog) ... 66cdd01999

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

eblume merged commit 3c7967e445 into main 2026-05-11 20:08:05 -07:00

eblume referenced this pull request from a commit 2026-05-11 20:08:07 -07:00

C1: deploy shower v1.1.0 (phases + guest memories) (#354)

eblume referenced this pull request from a commit 2026-05-11 20:20:49 -07:00

C0: shower — rebuild from main SHA (post-merge retag)

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

eblume/blumeops!354

No description provided.