feat: intake service - HTTP endpoint to submit tasks to Janet

2026-05-30 20:26:32 -07:00 · 2026-05-30 20:26:32 -07:00 · 2a00b25840
commit 2a00b25840
parent be03d042ad
6 changed files with 157 additions and 0 deletions
--- a/.woodpecker.yaml
+++ b/.woodpecker.yaml
@ -54,6 +54,27 @@ steps:
        branch: mainline
      - event: tag

+  # ── Intake image ─────────────────────────────────────────────────────────────
+  - name: build-intake
+    image: woodpeckerci/plugin-docker-buildx
+    settings:
+      registry: registry.ctz.fyi
+      repo: registry.ctz.fyi/library/autojanet-intake
+      dockerfile: intake/Dockerfile
+      context: intake/
+      username:
+        from_secret: RS_HARBOR_USER
+      password:
+        from_secret: RS_HARBOR_PASS
+      tags:
+        - latest
+        - "${CI_COMMIT_SHA:0:12}"
+      platforms: linux/amd64
+    when:
+      - event: push
+        branch: mainline
+      - event: tag
+
  # ── Trivy scan agent image ───────────────────────────────────────────────────
  - name: trivy-agent
    image: aquasec/trivy:latest
--- a/intake/Dockerfile
+++ b/intake/Dockerfile
@ -0,0 +1,14 @@
+FROM python:3.12-slim
+
+WORKDIR /app
+
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+COPY main.py .
+
+RUN useradd -m -u 1000 intake
+USER intake
+
+EXPOSE 8080
+CMD ["uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8080"]
--- a/intake/requirements.txt
+++ b/intake/requirements.txt
@ -0,0 +1,4 @@
+fastapi==0.115.0
+uvicorn[standard]==0.30.6
+httpx==0.27.2
+pydantic==2.8.2
--- a/k8s/externalsecrets/intake-vikunja-token.yaml
+++ b/k8s/externalsecrets/intake-vikunja-token.yaml
@ -0,0 +1,21 @@
+---
+# ExternalSecret: intake-vikunja-token
+# Pulls pm vikunja token from OpenBao for the intake service
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: intake-vikunja-token
+  namespace: autojanet
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: openbao
+    kind: ClusterSecretStore
+  target:
+    name: intake-vikunja-token
+    creationPolicy: Owner
+  data:
+    - secretKey: token
+      remoteRef:
+        key: autojanet/pm/vikunja-token
+        property: token
--- a/k8s/manifests/intake-deployment.yaml
+++ b/k8s/manifests/intake-deployment.yaml
@ -0,0 +1,79 @@
+---
+# AutoJanet Intake Service
+# Accepts task submissions via HTTP and creates Vikunja tasks with agent labels.
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: intake
+  namespace: autojanet
+  labels:
+    autojanet/role: intake
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      autojanet/role: intake
+  template:
+    metadata:
+      labels:
+        autojanet/role: intake
+    spec:
+      serviceAccountName: intake
+      containers:
+        - name: intake
+          image: registry.ctz.fyi/library/autojanet-intake:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          env:
+            - name: VIKUNJA_BASE_URL
+              value: "http://vikunja.vikunja.svc.cluster.local:3456"
+            - name: VIKUNJA_PROJECT_ID
+              value: "78"
+            - name: VIKUNJA_TODO_BUCKET_ID
+              value: "116"
+            - name: VIKUNJA_VIEW_ID
+              value: "114"
+            - name: VIKUNJA_PM_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: intake-vikunja-token
+                  key: token
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "64Mi"
+            limits:
+              cpu: "200m"
+              memory: "128Mi"
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 15
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            runAsUser: 1000
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop: ["ALL"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: intake
+  namespace: autojanet
+spec:
+  selector:
+    autojanet/role: intake
+  ports:
+    - port: 80
+      targetPort: 8080
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: intake
+  namespace: autojanet
--- a/k8s/manifests/intake-ingress.yaml
+++ b/k8s/manifests/intake-ingress.yaml
@ -0,0 +1,18 @@
+---
+# IngressRoute: janet.ctz.fyi → intake service
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: intake
+  namespace: autojanet
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`janet.ctz.fyi`)
+      kind: Rule
+      services:
+        - name: intake
+          port: 80
+  tls:
+    certResolver: letsencrypt