feat: add flexible docker-compose architecture with profiles
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Add OpenBao services to docker-compose.yml with profiles (openbao, full) - Add docker-compose.build.yml for local builds vs registry pulls - Make PostgreSQL and Valkey optional via profiles (database, cache) - Create example compose files for common deployment scenarios: - docker/docker-compose.example.turnkey.yml (all bundled) - docker/docker-compose.example.external.yml (all external) - docker/docker.example.hybrid.yml (mixed deployment) - Update documentation: - Enhance .env.example with profiles and external service examples - Update README.md with deployment mode quick starts - Add deployment scenarios to docs/OPENBAO.md - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide - Clean up repository structure: - Move shell scripts to scripts/ directory - Move documentation to docs/ directory - Move docker compose examples to docker/ directory - Configure for external Authentik with internal services: - Comment out Authentik services (using external OIDC) - Comment out unused volumes for disabled services - Keep postgres, valkey, openbao as internal services This provides a flexible deployment architecture supporting turnkey, production (all external), and hybrid configurations via Docker Compose profiles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
177
docs/CODEX-READY.md
Normal file
177
docs/CODEX-READY.md
Normal file
@@ -0,0 +1,177 @@
|
||||
# Codex Review — Ready to Commit
|
||||
|
||||
**Repository:** mosaic-stack (Mosaic Stack platform)
|
||||
**Branch:** develop
|
||||
**Date:** 2026-02-07
|
||||
|
||||
## Files Ready to Commit
|
||||
|
||||
```bash
|
||||
cd ~/src/mosaic-stack
|
||||
git status
|
||||
```
|
||||
|
||||
**New files:**
|
||||
|
||||
- `.woodpecker/` — Complete Codex review CI pipeline
|
||||
- `codex-review.yml` — Pipeline configuration
|
||||
- `README.md` — Setup and troubleshooting guide
|
||||
- `schemas/code-review-schema.json` — Code review output schema
|
||||
- `schemas/security-review-schema.json` — Security review output schema
|
||||
- `CODEX-SETUP.md` — Complete setup guide with activation steps
|
||||
|
||||
## What This Adds
|
||||
|
||||
### Independent AI Review System
|
||||
|
||||
- **Code quality review** — Correctness, testing, performance, code quality
|
||||
- **Security review** — OWASP Top 10, secrets detection, injection flaws
|
||||
- **Structured output** — JSON findings with severity levels
|
||||
- **CI integration** — Automatic PR blocking on critical issues
|
||||
|
||||
### Works Alongside Existing CI
|
||||
|
||||
The main `.woodpecker.yml` handles:
|
||||
|
||||
- TypeScript type checking
|
||||
- ESLint linting
|
||||
- Vitest unit tests
|
||||
- Playwright integration tests
|
||||
- Docker builds
|
||||
|
||||
The new `.woodpecker/codex-review.yml` handles:
|
||||
|
||||
- AI-powered code review
|
||||
- AI-powered security review
|
||||
|
||||
Both must pass for PR to be mergeable.
|
||||
|
||||
## Commit Command
|
||||
|
||||
```bash
|
||||
cd ~/src/mosaic-stack
|
||||
|
||||
# Add Codex files
|
||||
git add .woodpecker/ CODEX-SETUP.md
|
||||
|
||||
# Commit
|
||||
git commit -m "feat: Add Codex AI review pipeline for automated code/security reviews
|
||||
|
||||
Add Woodpecker CI pipeline for independent AI-powered code quality and
|
||||
security reviews on every pull request using OpenAI's Codex CLI.
|
||||
|
||||
Features:
|
||||
- Code quality review (correctness, testing, performance, documentation)
|
||||
- Security review (OWASP Top 10, secrets, injection, auth gaps)
|
||||
- Parallel execution for fast feedback
|
||||
- Fails on blockers or critical/high security findings
|
||||
- Structured JSON output with actionable remediation steps
|
||||
|
||||
Integration:
|
||||
- Runs independently from main CI pipeline
|
||||
- Both must pass for PR merge
|
||||
- Uses global scripts from ~/.claude/scripts/codex/
|
||||
|
||||
Files added:
|
||||
- .woodpecker/codex-review.yml — Pipeline configuration
|
||||
- .woodpecker/schemas/ — JSON schemas for structured output
|
||||
- .woodpecker/README.md — Setup and troubleshooting
|
||||
- CODEX-SETUP.md — Complete activation guide
|
||||
|
||||
To activate:
|
||||
1. Add 'codex_api_key' secret to Woodpecker CI (ci.mosaicstack.dev)
|
||||
2. Create a test PR to verify pipeline runs
|
||||
3. Review findings in CI logs
|
||||
|
||||
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"
|
||||
|
||||
# Push
|
||||
git push
|
||||
```
|
||||
|
||||
## Post-Push Actions
|
||||
|
||||
### 1. Add Woodpecker Secret
|
||||
|
||||
- Go to https://ci.mosaicstack.dev
|
||||
- Navigate to `mosaic/stack` repository
|
||||
- Settings → Secrets
|
||||
- Add: `codex_api_key` = (your OpenAI API key)
|
||||
- Select events: Pull Request, Manual
|
||||
|
||||
### 2. Test the Pipeline
|
||||
|
||||
```bash
|
||||
# Create test branch
|
||||
git checkout -b test/codex-review
|
||||
echo "# Test change" >> README.md
|
||||
git add README.md
|
||||
git commit -m "test: Trigger Codex review"
|
||||
git push -u origin test/codex-review
|
||||
|
||||
# Create PR (using tea CLI for Gitea)
|
||||
tea pr create --title "Test: Codex Review Pipeline" \
|
||||
--body "Testing automated AI code and security reviews"
|
||||
```
|
||||
|
||||
### 3. Verify Pipeline Runs
|
||||
|
||||
- Check CI at https://ci.mosaicstack.dev
|
||||
- Look for `code-review` and `security-review` steps
|
||||
- Verify structured findings in logs
|
||||
- Test that critical/high findings block merge
|
||||
|
||||
## Local Testing (Optional)
|
||||
|
||||
Before pushing, test locally:
|
||||
|
||||
```bash
|
||||
cd ~/src/mosaic-stack
|
||||
|
||||
# Review uncommitted changes
|
||||
~/.claude/scripts/codex/codex-code-review.sh --uncommitted
|
||||
|
||||
# Review against develop
|
||||
~/.claude/scripts/codex/codex-code-review.sh -b develop
|
||||
```
|
||||
|
||||
## Already Tested
|
||||
|
||||
✅ **Tested on calibr repo commit `fab30ec`:**
|
||||
|
||||
- Successfully identified merge-blocking lint regression
|
||||
- Correctly categorized as blocker severity
|
||||
- Provided actionable remediation steps
|
||||
- High confidence (0.98)
|
||||
|
||||
This validates the entire Codex review system.
|
||||
|
||||
## Benefits
|
||||
|
||||
✅ **Independent review** — Separate AI model from Claude sessions
|
||||
✅ **Security-first** — OWASP coverage + CWE IDs
|
||||
✅ **Actionable** — Specific file/line references with fixes
|
||||
✅ **Fast** — 15-60 seconds per review
|
||||
✅ **Fail-safe** — Blocks merges on critical issues
|
||||
✅ **Reusable** — Global scripts work across all repos
|
||||
|
||||
## Documentation
|
||||
|
||||
- **Setup guide:** `CODEX-SETUP.md` (this repo)
|
||||
- **Pipeline README:** `.woodpecker/README.md` (this repo)
|
||||
- **Global scripts:** `~/.claude/scripts/codex/README.md`
|
||||
- **Test results:** `~/src/calibr/TEST-RESULTS.md` (calibr repo test)
|
||||
|
||||
## Next Repository
|
||||
|
||||
After mosaic-stack, the Codex review system can be added to:
|
||||
|
||||
- Any repository with Woodpecker CI
|
||||
- Any repository with GitHub Actions (using `openai/codex-action`)
|
||||
- Local-only usage via the global scripts
|
||||
|
||||
Just copy `.woodpecker/` directory and add the API key secret.
|
||||
|
||||
---
|
||||
|
||||
_Ready to commit and activate! 🚀_
|
||||
Reference in New Issue
Block a user