* fix(bp-self-sovereign-cutover): post-cutover mirror re-sync CronJob (TBD-A37, Closes#1899)
Step-01 (gitea-mirror) only runs ONCE at cutover and produces a STANDALONE
local Gitea repo (PR #1029 — pull-mirror semantics block Step-06's
HelmRepository URL rewrite push). Without an ongoing re-sync, upstream
chart bumps merged AFTER cutover never reach the Sovereign.
Live regression on t31 2026-05-19 (A145 verifier): sandbox-controller
stuck at image :8017700 from 2026-05-16 even though PR #1862 had merged
2 days earlier with the NATS consume-leg — the upstream values.yaml
bump never crossed the seam.
This chart bump adds a gitea-mirror-resync CronJob (default schedule
"*/5 * * * *") that fires the same idempotent bare-clone + push
--mirror --force as Step-01 step (3) every 5 minutes. Pre-cutover
fires are no-ops (the script detects the local repo is missing /
empty and exits 0); post-cutover fires close the upstream → local
Gitea loop.
Why CronJob, not Gitea pull-mirror revival?
PR #1029 documented why Gitea pull-mirror was abandoned: pull-mirror
repos are read-only, blocking Step-06's HelmRepository URL rewrite
push. We need a writable local repo that ALSO refreshes from upstream
— the natural shape is a periodic force-push from a separate Job.
Why CronJob, not push-from-upstream webhook?
Slower to implement (requires GitHub App + webhook receiver on each
Sovereign + DNS for the webhook URL). Tracked as a future evolution
once stable; the CronJob is the minimal correct fix today.
Default 5m cadence covers the chart-bump → upstream-merge →
Sovereign-reconcile loop in ~10 min end-to-end while staying well
under GitHub anonymous-clone rate limits (300 req/hr per IP; one
Sovereign = 12 clones/hr). Per-Sovereign overlay knobs:
.Values.mirrorResync.schedule (cron string)
.Values.mirrorResync.suspended (bool, default false)
.Values.mirrorResync.jobTimeoutSeconds (default 900)
No new RBAC — the CronJob re-uses the existing cutover runner SA
and the reflector-mirrored gitea-admin-secret that Step-01 already
mounts. concurrencyPolicy: Forbid + startingDeadlineSeconds: 60
keep parallel runs / replay storms harmless.
Verification:
- helm template test . renders cleanly (2509 lines, +52 from 0.1.32)
- tests/cutover-contract.sh all 20 gates GREEN (CronJob doesn't carry
the cutover-step labels so the "exactly 9 step ConfigMaps" assertion
still passes)
- scripts/check-bootstrap-kit-pin-sync.sh PASS (50 chart→pin pairs)
Chart 0.1.32 → 0.1.33; bootstrap-kit pin in
clusters/_template/bootstrap-kit/06a-bp-self-sovereign-cutover.yaml
bumped to match.
Closes#1899
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* fix(bp-self-sovereign-cutover): bump blueprint.yaml lockstep to 0.1.33
TBD-A20 BlueprintVersionLockstepSweep CI gate caught the missing
blueprint.yaml bump on PR #1916 (the chart Chart.yaml was bumped to
0.1.33 but blueprint.yaml still pinned 0.1.32). Bringing the two in
lockstep so the test passes.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---------
Co-authored-by: hatiyildiz <hatice.yildiz@openova.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
f6334cd023