docs(friction): log registry-push auth gotcha (no creds in vault)
Building images is fully automatable; pushing to the Forgejo registry needs an interactive docker login, and registry creds aren't in vault — so an agent can't complete a push. Captured for the next kaizen review. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
b3468b34e4
commit
19e675fa5a
1 changed files with 11 additions and 0 deletions
|
|
@ -22,6 +22,17 @@ earning its keep.
|
|||
|
||||
_(append new raw signals here; the next kaizen review consumes them)_
|
||||
|
||||
- `[friction]` **Image push to the Forgejo registry fails with `no basic auth
|
||||
credentials`** (2026-06-15): `make caddy-image-push` (and `molecule-image-push`) fail
|
||||
unless the Docker daemon on ubongo has an interactive `docker login
|
||||
forgejo.nyumbani.baobab.band` session — and those creds are **not in vault** (only
|
||||
`gandi` + `hetzner` are), so an agent can't complete a push non-interactively. The
|
||||
build half is fully automatable; the push half silently requires a human. → candidate:
|
||||
document the `docker login` step in `docs/runbooks/claude-code-setup.md`, **or** store
|
||||
a scoped Forgejo registry token in vault + a `make registry-login` target (login via
|
||||
`--password-stdin`, `no_log`) so pushes are agent-completable like every other
|
||||
vault-backed action.
|
||||
|
||||
- `[recurring]` **ADRs claim cross-doc reconciliation they didn't actually perform**
|
||||
(2026-06-14): ADR-024's Status + Consequences asserted "ADR-017 prose that mentioned
|
||||
Traefik is updated to read Caddy" — but ADR-008/017/019 + CAPABILITIES still said
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue