blumeops

History

Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials Enable authentication on the zot registry with OIDC (via Authentik) and API key support. Add three-tier accessControl: anonymous read, CI create (artifact-workloads group), admin full access. Wire both CI push paths with registry credentials: - Dagger publish() gains optional registry_password/username params - Nix/skopeo path adds --dest-creds to skopeo copy The ZOT_CI_API_KEY secret flows from 1Password through the existing forgejo_actions_secrets ansible role to both runners. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-02-21 09:13:30 -08:00
..
.gitkeep	Add towncrier changelog system (#86 )	2026-02-03 11:48:13 -08:00
add-container-versioning-prereq.infra.md	Add commit-based container tagging prereq to harden-zot-registry chain (#230 )	2026-02-20 18:26:27 -08:00
feature-agent-change-process.feature.md	Add agent change process (C0/C1/C2) and docs-mikado tool (#225 )	2026-02-20 08:15:20 -08:00
feature-authentik-mikado-chain.infra.md	Convert deploy-authentik plan to C2 Mikado chain (#226 )	2026-02-20 08:22:19 -08:00
feature-deploy-authentik.feature.md	Deploy Authentik identity provider (C2 Mikado) (#227 )	2026-02-20 12:55:59 -08:00
feature-forgejo-authentik-oidc.feature.md	Integrate Forgejo with Authentik OIDC (#228 )	2026-02-20 17:39:50 -08:00
harden-zot-mikado-cards.ai.md	Harden zot registry, pt 1 (#231 )	2026-02-20 22:50:01 -08:00
harden-zot-registry.feature.md	Adopt commit-based container tags (#232 )	2026-02-20 22:56:20 -08:00
plan-deploy-authentik.doc.md	Add Authentik deployment plan (#224 )	2026-02-20 07:06:56 -08:00
register-zot-oidc-client.feature.md	Register Zot as OIDC client in Authentik (#236 )	2026-02-21 08:45:06 -08:00
wire-ci-registry-auth.feature.md	Enable zot OIDC auth + accessControl, wire CI registry credentials	2026-02-21 09:13:30 -08:00