Commit Graph

6 Commits

Author SHA1 Message Date
unkinben 0e8acca9c6 Set kubernetes backend options on all woodpecker steps
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
Give every CI step explicit resource requests/limits and the default service
account (matching the pre-commit step), so the k8s woodpecker backend schedules
them with bounded resources.

- build/test/lint/package steps: 512Mi/1cpu requests, 2Gi/2cpu limits
- upload step: lighter 128Mi/100m requests, 512Mi/500m limits
2026-07-03 13:13:48 +10:00
benvin 0edc93f6db Merge pull request 'Add LiteLLM dynamic secrets engine implementation' (#1) from benvin/initial-implementation into main
ci/woodpecker/tag/release Pipeline was successful
Reviewed-on: #1
v0.1.0
2026-07-03 13:04:56 +10:00
unkinben 023a6f03e2 Probe for an existing RPM before uploading to artifactapi
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
Avoid a failed/confusing re-upload by checking whether the package is already
published before PUTting it. artifactapi has no HEAD route (returns 405), so the
guard uses a GET against the served path (RPMs are stored under Packages/): a
200 means it exists and the upload is skipped, anything else proceeds.

Also point at the reachable artifactapi host (artifactapi.k8s.syd1.au.unkin.net,
as used by rpmbuilder) instead of the unresolvable artifactapi3 name.
2026-07-03 12:51:09 +10:00
unkinben f388709c78 Add on-tag RPM build (nfpm) and upload to artifactapi
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
Publish the plugin as an installable RPM so hosts can drop it into the Vault/
OpenBao plugin directory. On a tag, build the binary, package it with nfpm
(mirroring the rpmbuilder approach), and upload the RPM to artifactapi's local
rpm-internal repository.

- Add packaging/nfpm.yaml installing the binary to /opt/vault-plugins/ plus a
  preinstall script that creates the directory
- Add scripts/build-rpm.sh and make rpm / rpm-package targets
- Add .woodpecker/release.yml (event: tag): build -> nfpm package -> PUT to
  artifactapi remotes/rpm-internal/files/
2026-07-03 12:43:07 +10:00
unkinben 51e8681731 Add LiteLLM dynamic secrets engine implementation
ci/woodpecker/pr/test Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/pre-commit Pipeline was successful
Populate the repo with the Vault/OpenBao dynamic secrets engine that mints
LiteLLM virtual keys scoped by model, spending limit, and lease TTL.

- Secrets backend: config, roles, creds paths and a revocable litellm_key type
- LiteLLM API client (generate/update/delete/info) with master-key auth
- Unit tests (mock LiteLLM) and a docker-compose e2e against both Vault and
  OpenBao proving the same binary works on each
- Makefile, woodpecker CI (build/test/pre-commit), pre-commit config
2026-07-03 12:32:50 +10:00
gitadmin aa6914cd97 Initial commit 2026-07-02 23:18:01 +10:00