6 Commits

Author	SHA1	Message	Date
compat-seeder	adfdf38fb0	fix(compat): commit email must match git_admin's Gitea record (gitea@local.domain)	2026-05-10 17:05:11 +03:00
compat-seeder	32556761c1	fix(compat): commit as git_admin (only Gitea-known user passes pre-receive hook)	2026-05-10 17:02:48 +03:00
compat-seeder	ed0e835863	feat(compat): sign seeded-ci.json with cosign (Phase 4.1) ... Adds cosign install + sign-blob step before commit. The detached .sig (base64-encoded ASN.1 DER ECDSA over SHA256(file)) is committed alongside seeded-ci.json. Tower's loader verifies it pure-Go before replay; mismatched/missing sig → refuse + log. cosign.pub is also checked in so the workflow can self-verify before push (catches key-rotation mismatch early). The same pubkey is embedded in Tower's binary at compat_bootstrap_pubkey.pem; both copies must match or replay will fail.	2026-05-10 16:59:39 +03:00
compat-seeder	d32422c5e2	fix(compat): stage before diff in commit step (untracked-file blind spot)	2026-05-10 00:16:31 +03:00
compat-seeder	2f7fd6385d	fix(compat): rename secret to COMPAT_PUSH_TOKEN (GITEA_* prefix is reserved)	2026-05-10 00:15:09 +03:00
compat-seeder	820ee83c09	feat(compat): seed-compat workflow + emitter (Phase 4) ... Wires the nightly cold-start seeder. The Gitea Action runs qualify-addon.py against every addon on each version branch (18.0 + 19.0), emits a canonical JSON snapshot to compat-bootstrap/seeded-ci.json, and commits only when content changed. Tower's CompatSeedLoader fetches this file at startup + every 24h, replays unseen stampIds into the matrix. Decisions: Git-as-bus over HTTP endpoint, static lint over real install, content-hash stampId for byte-stability across runs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-10 00:14:14 +03:00