marcel/familienarchiv
1
0
Fork 0
Code Issues 107 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(obs): Tempo processors schema fix + configurable Postgres host and Grafana port #602

Merged
marcel merged 27 commits from fix/issue-601-obs-stack-permanent into main 2026-05-16 09:46:12 +02:00
Conversation 46 Commits 27 Files Changed 10 +20 -3
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 7e52494880 - Show all commits

18
.gitea/workflows/nightly.yml
View File

@@ -131,11 +131,25 @@ jobs:
--profile staging \
up -d --wait --remove-orphans
- name: Deploy observability configs
# Copies the compose file and config tree from the workspace checkout
# into /opt/familienarchiv/ — the permanent location that persists
# between CI runs. Containers started in the next step bind-mount
# from there, so a future workspace wipe cannot corrupt a running
# config file. Secrets are read from /opt/familienarchiv/.env (managed
# separately on the server; not written or deleted by CI).
run: |
mkdir -p /opt/familienarchiv/infra
cp -r infra/observability /opt/familienarchiv/infra/
cp docker-compose.observability.yml /opt/familienarchiv/
- name: Start observability stack
# Runs from /opt/familienarchiv/ so bind mounts resolve to stable
# host paths that survive workspace wipes between nightly runs.
# Docker Compose reads /opt/familienarchiv/.env automatically.
run: |
docker compose \
-f docker-compose.observability.yml \
--env-file .env.staging \
-f /opt/familienarchiv/docker-compose.observability.yml \
up -d --wait --remove-orphans
- name: Reload Caddy

5
runner-config.yaml
View File

@@ -15,12 +15,15 @@ container:
valid_volumes:
- "/var/run/docker.sock"
- "/srv/gitea-workspace"
- "/opt/familienarchiv"
# appended to `docker run` when the runner spawns a job container
# SECURITY: Mounting the Docker socket grants job containers root-equivalent
# access to the host Docker daemon. Acceptable here because only trusted code
# from this private repo runs on this runner. Do NOT use on a runner that
# accepts untrusted PRs from external contributors.
options: "-v /var/run/docker.sock:/var/run/docker.sock -v /srv/gitea-workspace:/srv/gitea-workspace"
# /opt/familienarchiv is mounted so the nightly job can deploy observability
# configs to the permanent location without needing ssh or nsenter.
options: "-v /var/run/docker.sock:/var/run/docker.sock -v /srv/gitea-workspace:/srv/gitea-workspace -v /opt/familienarchiv:/opt/familienarchiv"
# keep network mode default (bridge) — Testcontainers handles its own networking
force_pull: false