一键在 Manus 中运行任何 Skill

$pwd:

demo-web-ng-fastpath

Name: Demo Web Ng Fastpath
Author: carverauto

// Refresh the Kubernetes `demo` namespace with a web-ng-only change using the ServiceRadar fast path. Use when the diff only touches `elixir/web-ng/**` and the user wants a faster local demo rollout without rebuilding the full image graph. Covers scope verification, copying unchanged images forward, rebuilding the production `serviceradar-web-ng` release locally, pushing with `crane`, signing with the OpenBao release key, patching Argo, and verifying the rollout. Do not use when non-web-ng services changed or when cutting a release.

在 Manus 中运行

$ git log --oneline --stat

stars:867

forks:68

updated:2026年5月12日 16:20

文件资源管理器

2 个文件

SKILL.md

readonly

name

demo-web-ng-fastpath

description

Refresh the Kubernetes `demo` namespace with a web-ng-only change using the ServiceRadar fast path. Use when the diff only touches `elixir/web-ng/**` and the user wants a faster local demo rollout without rebuilding the full image graph. Covers scope verification, copying unchanged images forward, rebuilding the production `serviceradar-web-ng` release locally, pushing with `crane`, signing with the OpenBao release key, patching Argo, and verifying the rollout. Do not use when non-web-ng services changed or when cutting a release.

Demo Web-NG Fast Path

Overview

Use this skill when a change is isolated to elixir/web-ng/** and the goal is to test it in demo quickly. Rebuild only serviceradar-web-ng, copy the other demo images forward to the new immutable tag, sign the new web-ng image, patch Argo, and verify the rollout.

Formal releases use semver tags, such as v1.2.41, and ArgoCD Image Updater. This skill is only for temporary unpublished sha-... demo testing.

Workflow

Work from the repo root.
Determine the new immutable tag from git rev-parse HEAD.
Verify the diff only touches elixir/web-ng/**.
Identify the currently deployed demo tag.
Copy every unchanged demo image from the old tag to the new tag.
Build a local production web-ng release.
Package and push the new serviceradar-web-ng image with crane.
Sign the new web-ng digest with the OpenBao-backed release key.
Patch serviceradar-demo-prod to the new tag.
Watch Argo and the key workloads until the rollout completes.

Guardrails

Use this only when the diff is actually web-ng-only. If anything outside elixir/web-ng/** changed, fall back to $demo-local-rollout.
Do not use this for release cuts or any namespace other than demo unless the user explicitly redirects you.
Do not leave a formal release rollout on a sha-... tag. After testing is complete, use $release-cut-and-demo-roll to return demo to the published semver/Image Updater path.
Do not skip signing. demo admission is Kyverno-enforced.
Sign by digest, not by tag, whenever possible.
Keep the other demo images identical by copying them forward from the currently deployed tag.

Verify The Scope First

Run:

git diff --name-only <currently-deployed-sha>..HEAD

Proceed only if every changed file is under elixir/web-ng/.

Copy Unchanged Images Forward

Copy the unchanged images from the current demo tag to the new tag with crane:

/tmp/gobin/crane copy \
  registry.carverauto.dev/serviceradar/<image>:sha-<old> \
  registry.carverauto.dev/serviceradar/<image>:sha-<new>

Repeat for:

arancini
serviceradar-agent
serviceradar-agent-gateway
serviceradar-core-elx
serviceradar-datasvc
serviceradar-db-event-writer
serviceradar-faker
serviceradar-flow-collector
serviceradar-log-collector
serviceradar-rperf-client
serviceradar-tools
serviceradar-trapd
serviceradar-zen

Leave serviceradar-log-collector-tcp alone unless the user explicitly changed that path too.

Build The Production Web-NG Release

From elixir/web-ng:

MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix deps.compile
MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix compile
MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix assets.deploy
MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix release --path /tmp/serviceradar_web_ng_release_<shortsha>

Package And Push The Web-NG Image

Create the image layer tarball:

tar --owner=10001 --group=10001 --transform='s,^,app/,' \
  -cf /tmp/serviceradar_web_ng_layer_<shortsha>.tar \
  -C /tmp/serviceradar_web_ng_release_<shortsha> .

Append the release onto the pinned Elixir base image and then mutate the runtime config:

/tmp/gobin/crane append \
  --platform linux/amd64 \
  -b index.docker.io/hexpm/elixir:1.19.4-erlang-28.3-debian-bookworm-20251208-slim \
  -f /tmp/serviceradar_web_ng_layer_<shortsha>.tar \
  -t registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new>

/tmp/gobin/crane mutate \
  --platform linux/amd64 \
  --tag registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new> \
  --entrypoint /app/bin/serviceradar_web_ng \
  --cmd start \
  --env HOME=/app \
  --env PATH=/app/bin:/usr/local/bin:/usr/bin:/bin \
  --env PHX_SERVER=true \
  --env MIX_ENV=prod \
  --exposed-ports 4000/tcp \
  --user 10001:10001 \
  --workdir /app \
  registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new>

Capture the pushed digest with:

/tmp/gobin/crane digest registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new>

Prepare OpenBao Signing Env

Port-forward the signer if needed:

kubectl port-forward -n openbao-system svc/openbao-active 18200:8200

Mint a Forgejo runner service-account token and exchange it for a Vault token:

OPENBAO_ADDR=http://127.0.0.1:18200
OPENBAO_K8S_ROLE=forgejo-runner
sa_jwt="$(kubectl create token -n forgejo-actions forgejo-runner)"
vault_token="$({
  curl -fsSL \
    -H 'Content-Type: application/json' \
    -d "{\"role\":\"${OPENBAO_K8S_ROLE}\",\"jwt\":\"${sa_jwt}\"}" \
    "${OPENBAO_ADDR}/v1/auth/kubernetes/login"
} | jq -er '.auth.client_token')"

Export:

export VAULT_ADDR="$OPENBAO_ADDR"
export VAULT_TOKEN="$vault_token"
export COSIGN_KEY_REF=hashivault://cosign-release
export COSIGN_YES=true
export COSIGN_DOCKER_MEDIA_TYPES=1
export COSIGN_REFERRERS_MODE=legacy
export COSIGN_TLOG_UPLOAD=true

If signing fails with 403 permission denied, mint a fresh Vault token and retry.

Sign The Web-NG Digest

cosign sign --key "$COSIGN_KEY_REF" \
  registry.carverauto.dev/serviceradar/serviceradar-web-ng@sha256:<digest>

Patch Demo Argo App

kubectl patch application -n argocd serviceradar-demo-prod \
  --type merge \
  -p '{"spec":{"source":{"helm":{"parameters":[{"name":"global.imageTag","value":"sha-<new>"}]}}}}'

Verify Rollout

Wait for:

Synced|Healthy|Succeeded

Use:

kubectl get application -n argocd serviceradar-demo-prod \
  -o jsonpath='{.status.sync.status}{"|"}{.status.health.status}{"|"}{.status.operationState.phase}{"\n"}'

Check the key deployments:

kubectl get deploy -n demo \
  serviceradar-web-ng serviceradar-core serviceradar-agent serviceradar-tools \
  -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{range .spec.template.spec.containers[*]}{.image}{" "}{end}{"\n"}{end}'

Inspect pods and jobs if Argo is still Progressing:

kubectl get pods -n demo -o wide
kubectl get jobs -n demo

Do not report success until the new serviceradar-web-ng pod is running on the new tag and Argo reaches Succeeded.

Report Back

Close with:

target immutable tag
old tag that was copied forward
web-ng digest that was signed
final Argo status
any lingering rollout risk

related-skills.json

同仓库

demo-cnpg-local-web-ng.md

from "carverauto/serviceradar"

Run ServiceRadar web-ng locally against the live Kubernetes `demo` CNPG database for dashboard, SRQL, services, and UI testing. Use when a task asks to test with live demo data, run local Phoenix against demo CNPG, validate dashboard authoring with Playwright, or avoid fragile kubectl port-forward database access.

2026-05-27867

demo-local-rollout.md

from "carverauto/serviceradar"

Build, sign, and roll ServiceRadar changes into the Kubernetes `demo` namespace using locally built images and immutable `sha-...` tags. Use when the user asks to deploy, refresh, roll, patch, or test code in `demo` before a release. Covers changed-image detection, copying unchanged images forward, OpenBao cosign signing, Argo patching, and rollout verification. Do not use for release cuts, Docker Compose refreshes, or non-demo namespaces unless the user explicitly redirects you.

2026-05-12867

release-cut-and-demo-roll.md

from "carverauto/serviceradar"

Cut a ServiceRadar release and roll the Kubernetes `demo` namespace to the resulting published semver image tag through ArgoCD Image Updater. Use when the user asks to update `VERSION` and `CHANGELOG`, run `scripts/cut-release.sh`, push the release refs, wait for published release artifacts, and then refresh `demo` to that released version. Do not use for pre-release local testing with unpublished images; use `$demo-local-rollout` or `$demo-web-ng-fastpath` for that.

2026-05-12867

web-ng-docker-loop.md

from "carverauto/serviceradar"

Run ServiceRadar `elixir/web-ng` locally against the Docker Compose CNPG database with copied mTLS certs and Docker secrets, then verify dashboard UI changes with Playwright. Use when iterating on web-ng, dashboard package, custom React dashboard, UAL WiFi map, SRQL topbar, or browser screenshot behavior without rebuilding the web-ng release image.

2026-05-04867

fieldsurvey-local-web-ng.md

from "carverauto/serviceradar"

Run ServiceRadar web-ng locally against the Kubernetes demo namespace FieldSurvey data, including CNPG NodePort access, NATS Object Store artifact access, authenticated browser checks, and Playwright screenshots for dashboard and FieldSurvey review iteration.

2026-04-29867

srql-fixtures-db-tests.md

from "carverauto/serviceradar"

Run ServiceRadar Elixir database tests against the Kubernetes CNPG instance in the `srql-fixtures` namespace. Use when local localhost PostgreSQL is unavailable, when tests need current branch migrations, or when a user asks to use the srql-fixtures database for DB-backed validation. Covers scratch database creation, TLS-required NodePort connections, migrations, focused test commands, cleanup, and secret hygiene.

2026-04-28867

package.json

"author": "carverauto"

"repository": "carverauto/serviceradar"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

网络与计算机系统管理员计算机与数学类职业15-1244L4

name

demo-web-ng-fastpath

description

Demo Web-NG Fast Path

Overview

Formal releases use semver tags, such as v1.2.41, and ArgoCD Image Updater. This skill is only for temporary unpublished sha-... demo testing.

Workflow

Work from the repo root.
Determine the new immutable tag from git rev-parse HEAD.
Verify the diff only touches elixir/web-ng/**.
Identify the currently deployed demo tag.
Copy every unchanged demo image from the old tag to the new tag.
Build a local production web-ng release.
Package and push the new serviceradar-web-ng image with crane.
Sign the new web-ng digest with the OpenBao-backed release key.
Patch serviceradar-demo-prod to the new tag.
Watch Argo and the key workloads until the rollout completes.

Guardrails

Use this only when the diff is actually web-ng-only. If anything outside elixir/web-ng/** changed, fall back to $demo-local-rollout.
Do not use this for release cuts or any namespace other than demo unless the user explicitly redirects you.
Do not leave a formal release rollout on a sha-... tag. After testing is complete, use $release-cut-and-demo-roll to return demo to the published semver/Image Updater path.
Do not skip signing. demo admission is Kyverno-enforced.
Sign by digest, not by tag, whenever possible.
Keep the other demo images identical by copying them forward from the currently deployed tag.

Verify The Scope First

Run:

git diff --name-only <currently-deployed-sha>..HEAD

Proceed only if every changed file is under elixir/web-ng/.

Copy Unchanged Images Forward

Copy the unchanged images from the current demo tag to the new tag with crane:

/tmp/gobin/crane copy \
  registry.carverauto.dev/serviceradar/<image>:sha-<old> \
  registry.carverauto.dev/serviceradar/<image>:sha-<new>

Repeat for:

arancini
serviceradar-agent
serviceradar-agent-gateway
serviceradar-core-elx
serviceradar-datasvc
serviceradar-db-event-writer
serviceradar-faker
serviceradar-flow-collector
serviceradar-log-collector
serviceradar-rperf-client
serviceradar-tools
serviceradar-trapd
serviceradar-zen

Leave serviceradar-log-collector-tcp alone unless the user explicitly changed that path too.

Build The Production Web-NG Release

From elixir/web-ng:

MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix deps.compile
MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix compile
MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix assets.deploy
MIX_ENV=prod HEX_HTTP_CONCURRENCY=1 HEX_HTTP_TIMEOUT=120 mix release --path /tmp/serviceradar_web_ng_release_<shortsha>

Package And Push The Web-NG Image

Create the image layer tarball:

tar --owner=10001 --group=10001 --transform='s,^,app/,' \
  -cf /tmp/serviceradar_web_ng_layer_<shortsha>.tar \
  -C /tmp/serviceradar_web_ng_release_<shortsha> .

Append the release onto the pinned Elixir base image and then mutate the runtime config:

/tmp/gobin/crane append \
  --platform linux/amd64 \
  -b index.docker.io/hexpm/elixir:1.19.4-erlang-28.3-debian-bookworm-20251208-slim \
  -f /tmp/serviceradar_web_ng_layer_<shortsha>.tar \
  -t registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new>

/tmp/gobin/crane mutate \
  --platform linux/amd64 \
  --tag registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new> \
  --entrypoint /app/bin/serviceradar_web_ng \
  --cmd start \
  --env HOME=/app \
  --env PATH=/app/bin:/usr/local/bin:/usr/bin:/bin \
  --env PHX_SERVER=true \
  --env MIX_ENV=prod \
  --exposed-ports 4000/tcp \
  --user 10001:10001 \
  --workdir /app \
  registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new>

Capture the pushed digest with:

/tmp/gobin/crane digest registry.carverauto.dev/serviceradar/serviceradar-web-ng:sha-<new>

Prepare OpenBao Signing Env

Port-forward the signer if needed:

kubectl port-forward -n openbao-system svc/openbao-active 18200:8200

Mint a Forgejo runner service-account token and exchange it for a Vault token:

OPENBAO_ADDR=http://127.0.0.1:18200
OPENBAO_K8S_ROLE=forgejo-runner
sa_jwt="$(kubectl create token -n forgejo-actions forgejo-runner)"
vault_token="$({
  curl -fsSL \
    -H 'Content-Type: application/json' \
    -d "{\"role\":\"${OPENBAO_K8S_ROLE}\",\"jwt\":\"${sa_jwt}\"}" \
    "${OPENBAO_ADDR}/v1/auth/kubernetes/login"
} | jq -er '.auth.client_token')"

Export:

export VAULT_ADDR="$OPENBAO_ADDR"
export VAULT_TOKEN="$vault_token"
export COSIGN_KEY_REF=hashivault://cosign-release
export COSIGN_YES=true
export COSIGN_DOCKER_MEDIA_TYPES=1
export COSIGN_REFERRERS_MODE=legacy
export COSIGN_TLOG_UPLOAD=true

If signing fails with 403 permission denied, mint a fresh Vault token and retry.

Sign The Web-NG Digest

cosign sign --key "$COSIGN_KEY_REF" \
  registry.carverauto.dev/serviceradar/serviceradar-web-ng@sha256:<digest>

Patch Demo Argo App

kubectl patch application -n argocd serviceradar-demo-prod \
  --type merge \
  -p '{"spec":{"source":{"helm":{"parameters":[{"name":"global.imageTag","value":"sha-<new>"}]}}}}'

Verify Rollout

Wait for:

Synced|Healthy|Succeeded

Use:

kubectl get application -n argocd serviceradar-demo-prod \
  -o jsonpath='{.status.sync.status}{"|"}{.status.health.status}{"|"}{.status.operationState.phase}{"\n"}'

Check the key deployments:

kubectl get deploy -n demo \
  serviceradar-web-ng serviceradar-core serviceradar-agent serviceradar-tools \
  -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{range .spec.template.spec.containers[*]}{.image}{" "}{end}{"\n"}{end}'

Inspect pods and jobs if Argo is still Progressing:

kubectl get pods -n demo -o wide
kubectl get jobs -n demo

Do not report success until the new serviceradar-web-ng pod is running on the new tag and Argo reaches Succeeded.

Report Back

Close with:

target immutable tag
old tag that was copied forward
web-ng digest that was signed
final Argo status
any lingering rollout risk

demo-web-ng-fastpath

Demo Web-NG Fast Path

Overview

Workflow

Guardrails

Verify The Scope First

Copy Unchanged Images Forward

Build The Production Web-NG Release

Package And Push The Web-NG Image

Prepare OpenBao Signing Env

Sign The Web-NG Digest

Patch Demo Argo App

Verify Rollout

Report Back

同仓库更多 Skills

同仓库更多 Skills

Demo Web-NG Fast Path

Overview

Workflow

Guardrails

Verify The Scope First

Copy Unchanged Images Forward

Build The Production Web-NG Release

Package And Push The Web-NG Image

Prepare OpenBao Signing Env

Sign The Web-NG Digest

Patch Demo Argo App

Verify Rollout

Report Back