From ca1a16873ca899e874d1f396b9a270b53feb38d1 Mon Sep 17 00:00:00 2001
From: Mathias Bergqvist <mthbqv@gmail.com>
Date: Wed, 22 Apr 2026 16:37:11 +0200
Subject: [PATCH] feat(ingestion): add Dockerfile and extend CD to build+push
 ingestion image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ingestion server is a pure-Go HTTP binary — alpine runtime, no node.js.
CD now builds both supervisor and ingestion images on every push,
updates both deployment.yaml files in the infra repo.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/cd.yml | 36 +++++++++++++++++++++++++++++-------
 ingestion/Dockerfile    | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+), 7 deletions(-)
 create mode 100644 ingestion/Dockerfile

diff --git a/.gitea/workflows/cd.yml b/.gitea/workflows/cd.yml
index 8a33cd5..f2b23e0 100644
--- a/.gitea/workflows/cd.yml
+++ b/.gitea/workflows/cd.yml
@@ -11,20 +11,20 @@ jobs:
     env:
       SERVICE: supervisor
       IMAGE: gitea.d-ma.be/mathias/supervisor
+      INGESTION_IMAGE: gitea.d-ma.be/mathias/ingestion
       INFRA_REPO: git@gitea.d-ma.be:mathias/infra.git
       BUILDKIT_HOST: unix:///run/buildkit/buildkitd.sock
     steps:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Build and push image
+      - name: Build and push supervisor image
         run: |
           set -e
           trap 'rm -f /tmp/supervisor-image.tar' EXIT
           IMAGE_TAG="${{ github.sha }}"
           echo "Building ${IMAGE}:${IMAGE_TAG}"
 
-          # Build to local OCI tar (no registry auth needed at build time)
           buildctl --addr "${BUILDKIT_HOST}" build \
             --frontend dockerfile.v0 \
             --local context=. \
@@ -32,7 +32,6 @@ jobs:
             --opt build-arg:VERSION="${IMAGE_TAG}" \
             --output type=oci,dest=/tmp/supervisor-image.tar
 
-          # Push with skopeo using simple credential flag (avoids OAuth token flow)
           skopeo copy \
             oci-archive:/tmp/supervisor-image.tar \
             docker://${IMAGE}:${IMAGE_TAG} \
@@ -40,12 +39,31 @@ jobs:
 
           echo "Built and pushed ${IMAGE}:${IMAGE_TAG}"
 
+      - name: Build and push ingestion image
+        run: |
+          set -e
+          trap 'rm -f /tmp/ingestion-image.tar' EXIT
+          IMAGE_TAG="${{ github.sha }}"
+          echo "Building ${INGESTION_IMAGE}:${IMAGE_TAG}"
+
+          buildctl --addr "${BUILDKIT_HOST}" build \
+            --frontend dockerfile.v0 \
+            --local context=ingestion \
+            --local dockerfile=ingestion \
+            --output type=oci,dest=/tmp/ingestion-image.tar
+
+          skopeo copy \
+            oci-archive:/tmp/ingestion-image.tar \
+            docker://${INGESTION_IMAGE}:${IMAGE_TAG} \
+            --dest-creds "${{ secrets.REGISTRY_CREDS }}"
+
+          echo "Built and pushed ${INGESTION_IMAGE}:${IMAGE_TAG}"
+
       - name: Update infra repo
         run: |
           set -e
           trap 'rm -rf /tmp/infra-update; rm -f ~/.ssh/infra_deploy_key' EXIT
           IMAGE_TAG="${{ github.sha }}"
-          # Use internal Gitea SSH (runner is on koala — NodePort 30022 is reachable locally)
           mkdir -p ~/.ssh
           echo "${{ secrets.INFRA_DEPLOY_KEY }}" > ~/.ssh/infra_deploy_key
           chmod 600 ~/.ssh/infra_deploy_key
@@ -55,14 +73,18 @@ jobs:
             git clone "${INFRA_REPO}" /tmp/infra-update
 
           cd /tmp/infra-update
+
           sed -i "s|gitea.d-ma.be/mathias/supervisor:.*|gitea.d-ma.be/mathias/supervisor:${IMAGE_TAG}|" \
             "k3s/apps/${SERVICE}/deployment.yaml"
 
+          sed -i "s|gitea.d-ma.be/mathias/ingestion:.*|gitea.d-ma.be/mathias/ingestion:${IMAGE_TAG}|" \
+            "k3s/apps/${SERVICE}/ingestion-deployment.yaml"
+
           git config user.email "cd-bot@d-ma.be"
           git config user.name "CD Bot"
-          git add "k3s/apps/${SERVICE}/deployment.yaml"
-          git commit -m "chore(deploy): ${SERVICE} → ${IMAGE_TAG}"
+          git add "k3s/apps/${SERVICE}/deployment.yaml" "k3s/apps/${SERVICE}/ingestion-deployment.yaml"
+          git commit -m "chore(deploy): ${SERVICE}+ingestion → ${IMAGE_TAG}"
           GIT_SSH_COMMAND="ssh -i ~/.ssh/infra_deploy_key -o IdentitiesOnly=yes" \
             git push
 
-          echo "Infra repo updated: ${SERVICE} → ${IMAGE_TAG}"
+          echo "Infra repo updated: ${SERVICE}+ingestion → ${IMAGE_TAG}"
diff --git a/ingestion/Dockerfile b/ingestion/Dockerfile
new file mode 100644
index 0000000..4e9ebc5
--- /dev/null
+++ b/ingestion/Dockerfile
@@ -0,0 +1,34 @@
+# syntax=docker/dockerfile:1
+
+FROM golang:1.26-bookworm AS builder
+
+ARG VERSION=dev
+WORKDIR /src
+
+COPY go.mod go.sum ./
+RUN go mod download
+
+COPY . .
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
+    go build -trimpath -ldflags="-s -w" \
+    -o /out/ingestion ./cmd/server
+
+FROM alpine:3.21
+
+COPY --from=builder /out/ingestion /usr/local/bin/ingestion
+
+RUN addgroup -S ingestion && adduser -S -G ingestion ingestion
+
+WORKDIR /app
+
+# brain/ is writable state — mount a PersistentVolume here
+VOLUME /app/brain
+
+ENV INGEST_BRAIN_DIR=/app/brain
+ENV INGEST_PORT=3300
+
+USER ingestion
+
+EXPOSE 3300
+
+ENTRYPOINT ["/usr/local/bin/ingestion"]