Files

ci/woodpecker/push/woodpecker Pipeline was successful

Details

feat: add flexible docker-compose architecture with profiles

- Add OpenBao services to docker-compose.yml with profiles (openbao, full)
- Add docker-compose.build.yml for local builds vs registry pulls
- Make PostgreSQL and Valkey optional via profiles (database, cache)
- Create example compose files for common deployment scenarios:
  - docker/docker-compose.example.turnkey.yml (all bundled)
  - docker/docker-compose.example.external.yml (all external)
  - docker/docker.example.hybrid.yml (mixed deployment)
- Update documentation:
  - Enhance .env.example with profiles and external service examples
  - Update README.md with deployment mode quick starts
  - Add deployment scenarios to docs/OPENBAO.md
  - Create docker/DOCKER-COMPOSE-GUIDE.md with comprehensive guide
- Clean up repository structure:
  - Move shell scripts to scripts/ directory
  - Move documentation to docs/ directory
  - Move docker compose examples to docker/ directory
- Configure for external Authentik with internal services:
  - Comment out Authentik services (using external OIDC)
  - Comment out unused volumes for disabled services
  - Keep postgres, valkey, openbao as internal services

This provides a flexible deployment architecture supporting turnkey,
production (all external), and hybrid configurations via Docker Compose
profiles.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-08 16:55:33 -06:00

4.7 KiB

Raw Blame History

Codex Review — Ready to Commit

Repository: mosaic-stack (Mosaic Stack platform) Branch: develop Date: 2026-02-07

Files Ready to Commit

cd ~/src/mosaic-stack
git status

New files:

.woodpecker/ — Complete Codex review CI pipeline
- codex-review.yml — Pipeline configuration
- README.md — Setup and troubleshooting guide
- schemas/code-review-schema.json — Code review output schema
- schemas/security-review-schema.json — Security review output schema
CODEX-SETUP.md — Complete setup guide with activation steps

What This Adds

Independent AI Review System

Code quality review — Correctness, testing, performance, code quality
Security review — OWASP Top 10, secrets detection, injection flaws
Structured output — JSON findings with severity levels
CI integration — Automatic PR blocking on critical issues

Works Alongside Existing CI

The main .woodpecker.yml handles:

TypeScript type checking
ESLint linting
Vitest unit tests
Playwright integration tests
Docker builds

The new .woodpecker/codex-review.yml handles:

AI-powered code review
AI-powered security review

Both must pass for PR to be mergeable.

Commit Command

cd ~/src/mosaic-stack

# Add Codex files
git add .woodpecker/ CODEX-SETUP.md

# Commit
git commit -m "feat: Add Codex AI review pipeline for automated code/security reviews

Add Woodpecker CI pipeline for independent AI-powered code quality and
security reviews on every pull request using OpenAI's Codex CLI.

Features:
- Code quality review (correctness, testing, performance, documentation)
- Security review (OWASP Top 10, secrets, injection, auth gaps)
- Parallel execution for fast feedback
- Fails on blockers or critical/high security findings
- Structured JSON output with actionable remediation steps

Integration:
- Runs independently from main CI pipeline
- Both must pass for PR merge
- Uses global scripts from ~/.claude/scripts/codex/

Files added:
- .woodpecker/codex-review.yml — Pipeline configuration
- .woodpecker/schemas/ — JSON schemas for structured output
- .woodpecker/README.md — Setup and troubleshooting
- CODEX-SETUP.md — Complete activation guide

To activate:
1. Add 'codex_api_key' secret to Woodpecker CI (ci.mosaicstack.dev)
2. Create a test PR to verify pipeline runs
3. Review findings in CI logs

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>"

# Push
git push

Post-Push Actions

1. Add Woodpecker Secret

Go to https://ci.mosaicstack.dev
Navigate to mosaic/stack repository
Settings → Secrets
Add: codex_api_key = (your OpenAI API key)
Select events: Pull Request, Manual

2. Test the Pipeline

# Create test branch
git checkout -b test/codex-review
echo "# Test change" >> README.md
git add README.md
git commit -m "test: Trigger Codex review"
git push -u origin test/codex-review

# Create PR (using tea CLI for Gitea)
tea pr create --title "Test: Codex Review Pipeline" \
              --body "Testing automated AI code and security reviews"

3. Verify Pipeline Runs

Check CI at https://ci.mosaicstack.dev
Look for code-review and security-review steps
Verify structured findings in logs
Test that critical/high findings block merge

Local Testing (Optional)

Before pushing, test locally:

cd ~/src/mosaic-stack

# Review uncommitted changes
~/.claude/scripts/codex/codex-code-review.sh --uncommitted

# Review against develop
~/.claude/scripts/codex/codex-code-review.sh -b develop

Already Tested

✅ Tested on calibr repo commit fab30ec:

Successfully identified merge-blocking lint regression
Correctly categorized as blocker severity
Provided actionable remediation steps
High confidence (0.98)

This validates the entire Codex review system.

Benefits

✅ Independent review — Separate AI model from Claude sessions ✅ Security-first — OWASP coverage + CWE IDs ✅ Actionable — Specific file/line references with fixes ✅ Fast — 15-60 seconds per review ✅ Fail-safe — Blocks merges on critical issues ✅ Reusable — Global scripts work across all repos

Documentation

Setup guide: CODEX-SETUP.md (this repo)
Pipeline README: .woodpecker/README.md (this repo)
Global scripts: ~/.claude/scripts/codex/README.md
Test results: ~/src/calibr/TEST-RESULTS.md (calibr repo test)

Next Repository

After mosaic-stack, the Codex review system can be added to:

Any repository with Woodpecker CI
Any repository with GitHub Actions (using openai/codex-action)
Local-only usage via the global scripts

Just copy .woodpecker/ directory and add the API key secret.

Ready to commit and activate! 🚀

4.7 KiB Raw Blame History