studio/cli - cli - Gitea: Git with a cup of tea

studio/cli

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sienna Meridian Satterwhite	0acbf66673	check: rewrite seaweedfs probe with S3 SigV4 auth Replaced the unauthenticated SeaweedFS probe (which accepted any HTTP < 500 as passing) with a signed S3 ListBuckets request using AWS Signature V4. Credentials are read from the seaweedfs-s3-credentials K8s secret; a 200 response confirms authentication is working. Updated tests to cover missing creds, 403 bad-creds, 502 gateway error, and URLError cases.	2026-03-03 00:57:27 +00:00
Sienna Meridian Satterwhite	6bd59abd74	sunbeam check: parallel execution, 5s timeout, external S3 check All checks now run concurrently via ThreadPoolExecutor so total time is bounded by the slowest single check, not their sum. Timeout reduced from 10s to 5s per check. SeaweedFS check switched from kubectl exec (wget not reliably available in container) to an HTTP probe against the external S3 endpoint (https://s3.DOMAIN/) — consistent with the "use external URLs for publicly facing services" requirement. 403 is treated as healthy (unauthenticated S3 response).	2026-03-02 21:57:33 +00:00
Sienna Meridian Satterwhite	1573faa0fd	Add sunbeam check verb with service-level health probes 11 checks across 7 namespaces: gitea version+auth, postgres CNPG readiness, valkey PONG, openbao sealed state, seaweedfs filer, kratos health, hydra OIDC discovery, people HTTP (catches 502s), people API, and livekit. Supports ns and ns/svc scoping. - checks.py: new module with _http_get (no-redirect opener + mkcert SSL), kube_exec-based exec checks, and cmd_check dispatch - kube.py: add kube_exec() and get_domain() (reads from cluster configmap) - cli.py: add 'check [target]' verb - 103 tests, all passing	2026-03-02 21:49:57 +00:00

Author

SHA1

Message

Date

Sienna Meridian Satterwhite

0acbf66673

check: rewrite seaweedfs probe with S3 SigV4 auth

Replaced the unauthenticated SeaweedFS probe (which accepted any HTTP
< 500 as passing) with a signed S3 ListBuckets request using AWS
Signature V4. Credentials are read from the seaweedfs-s3-credentials
K8s secret; a 200 response confirms authentication is working.

Updated tests to cover missing creds, 403 bad-creds, 502 gateway error,
and URLError cases.

2026-03-03 00:57:27 +00:00

Sienna Meridian Satterwhite

6bd59abd74

sunbeam check: parallel execution, 5s timeout, external S3 check

All checks now run concurrently via ThreadPoolExecutor so total time
is bounded by the slowest single check, not their sum.

Timeout reduced from 10s to 5s per check. SeaweedFS check switched
from kubectl exec (wget not reliably available in container) to an
HTTP probe against the external S3 endpoint (https://s3.DOMAIN/) —
consistent with the "use external URLs for publicly facing services"
requirement. 403 is treated as healthy (unauthenticated S3 response).

2026-03-02 21:57:33 +00:00

Sienna Meridian Satterwhite

1573faa0fd

Add sunbeam check verb with service-level health probes

11 checks across 7 namespaces: gitea version+auth, postgres CNPG
readiness, valkey PONG, openbao sealed state, seaweedfs filer,
kratos health, hydra OIDC discovery, people HTTP (catches 502s),
people API, and livekit. Supports ns and ns/svc scoping.

- checks.py: new module with _http_get (no-redirect opener + mkcert SSL),
  kube_exec-based exec checks, and cmd_check dispatch
- kube.py: add kube_exec() and get_domain() (reads from cluster configmap)
- cli.py: add 'check [target]' verb
- 103 tests, all passing

2026-03-02 21:49:57 +00:00

3 Commits