Skip to content

Pipeline flow

Planned — Phase 3. Current state: manual deployments via Ansible from caneast-c1-node3. 

graph TD
    DEV["Developer\ncaneast-c1-node3"]

    subgraph ADO["Azure DevOps"]
        PR["Pull request\nbranch policy check"]
        IT_PIPE["IT pipeline\nAnsible lint → Grype → AWX trigger"]
        OT_PIPE["OT pipeline\nPlatformIO build → firmware artifact"]
    end

    subgraph SECRETS["Infisical — caneast-c1-node3:8443"]
        MI["Machine identity\ntoken injection"]
    end

    subgraph DEPLOY["Deployment"]
        AWX["AWX\nAnsible job template"]
        NODES["IT nodes\ncaneast-c1-node2, caneast-c1-node3"]
        ESP["OT node\ncaneast-c1-ot1-esp1"]
    end

    DEV -->|git push feature/*| PR
    PR -->|path filter: ansible/ terraform/ k3s/| IT_PIPE
    PR -->|path filter: ot/esp32/| OT_PIPE
    IT_PIPE --> MI
    MI --> AWX
    AWX --> NODES
    OT_PIPE -->|manual flash| ESP

Current state

All deployments are manual. Ansible runs from caneast-c1-node3 via: 

cd ~/homelab/repos/archon-platform
ansible-playbook ansible/playbooks/it/baseline.yml \
  -i ansible/inventories/it/hosts.yml

Pipelines will be wired in Phase 3 once k3s and AWX are running.