lfg2025/archy
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases 44 Wiki Activity

docs: master plan — mark registry-manifest phases 1-3 + immich + reboot-survival done

Browse Source 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
archipelago 2026-06-21 08:25:40 -04:00
parent f160e0c404
commit c548705147
1 changed files with 20 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/PRODUCTION-MASTER-PLAN.md
View File

@ -84,17 +84,26 @@ L2 UI ● dashboard + proxies; L3 survival ◐; ~30 apps have zero automated cov
## 6. Immediate sequence (live workstream)
1. **B-phase 1**`manifest` field on `AppCatalogEntry`; `load_manifests`
catalog-wins merge; `manifest_dir: Option`; unit tests (image-only apps first).
2. **B-phase 2** — publisher generator embeds + signs manifests into
`releases/app-catalog.json`.
3. **C immich proof** — author immich as registry manifests (postgres/redis/server)
installed via `install_stack_via_orchestrator`; delete `install_immich_stack`;
`generated_secrets: [immich-db-password]` — **reuse the live secret `39ec03dc…`**
(postgres is initialised with it; never regenerate). Anon `/data` vol is empty.
4. **Verify on .228, then .198.**
5. **E** — run the 20× gate; fix until green.
6. Demote this banner.
1. ✅ **B-phase 1**`manifest` field on `AppCatalogEntry`; `load_manifests`
catalog-wins merge; `manifest_dir` kept (build-source catalog manifests skipped
in phase 1); unit tests. *(commit 220666d3)*
2. ✅ **B-phase 2**`EMBED_MANIFESTS` publisher generator + round-trip guard.
*(7bfbe8fe; signing via existing ceremony — not yet flipped on for the fleet.)*
3. ✅ **C immich proof** — immich is a manifest-driven stack (immich + immich-postgres
+ immich-redis) installed via `install_stack_via_orchestrator`; legacy installer
is now fallback-only. Live-migrated + verified on .228. Found+fixed: container_name
duplicate-on-shared-PGDATA, version-digit validation, partial-fallback hardening,
data_uid 100998. Canonical app_id `immich` (title+icon). *(9e6c5370, d5ef4573)*
4. ✅ **Reboot-survival** — podman-restart.service enabled (startup, fleet-wide)
for the podman-`--restart` path. *(f160e0c4)*
5. ◻ **Verify on .198** (immich migration validated on .228 only so far).
6. ◻ **E** — run the 20× gate; fix until green.
7. ◻ Demote this banner.
**Not yet done / deliberate follow-ups:** flip `EMBED_MANIFESTS` on for the
published catalog (then sign) to actually distribute manifests via the registry;
Phase-3 `use_quadlet_backends` rollout so orchestrator backends are Quadlet (not
just podman-`--restart`); immich on .198.
## 7. Release blockers & operational gotchas (durable)