azcomputerguru/guru-connect
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
60519be28aa7d83ddcb16894b8f0869862ae385c
guru-connect/docs/ARCHITECTURE_DECISIONS.md
Mike Swanson 60519be28a feat: operational tooling — signing, versioning, changelog, roadmap (SPEC-001) 
Establish GuruConnect's release engineering and project tracking (SPEC-001):
- docs/ scaffold: FEATURE_ROADMAP, ARCHITECTURE_DECISIONS (ADR-001 standalone+contract,
  ADR-002 Gitea Actions + Azure Trusted Signing), docs/specs/SPEC-001, CHANGELOG.
- .gitea/workflows/release.yml: conventional-commit auto-versioning, git-cliff changelog,
  Windows agent build, Azure Trusted Signing via jsign (reusing the shared ACG cert profile),
  Gitea release via REST API. build-and-test.yml is the PR/push gate; deploy.yml de-duplicated.
- server: GET /api/changelog/:component/:version (latest + by-version), path-traversal hardened.
- cliff.toml; server/.env.example documents CHANGELOG_DIR.

Reviewed (Code Review Agent): axum route-conflict blocker fixed; CHANGELOG ordering, toolchain
target, breaking-change parsing, empty-changelog fallback addressed.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 07:19:29 -07:00

82 lines
3.3 KiB
Markdown
Raw Blame History

# GuruConnect — Architecture Decisions
Records significant architectural decisions for the GuruConnect product. Each entry: context,
decision, options considered, rationale, consequences.
---
## ADR-001: GuruConnect is a Standalone Product; Integrate with GuruRMM via a Versioned Contract
**Date:** 2026-05-29
**Status:** Decided
**Deciders:** Mike Swanson
### Context
GuruConnect is a remote-support product that must work fully on its own, with its own repository
(`azcomputerguru/guru-connect`), build pipeline, and release cadence. GuruRMM wants to offer native
integrated remote control by driving GuruConnect.
### Decision
GuruConnect stays an independent product. It exposes a **versioned integration contract**
(`/api/integration/v1/`, capability discovery, embedded-viewer protocol) that GuruRMM consumes as a
broker. The two products do not share build pipelines or release in lockstep. GuruConnect owns the
contract; GuruRMM does no active development on GuruConnect.
### Rationale
- Preserves GuruConnect as a sellable standalone product.
- Avoids coupling two independently-evolving codebases; integration changes go through the contract.
- Mirrors the GuruRMM-side decision (GuruRMM ADR-008).
### Consequences
- The integration surface is semver'd; breaking changes require a major bump.
- See `docs/specs/native-remote-control/` for the contract spec.
---
## ADR-002: Release Engineering — Gitea Actions Pipeline with Azure Trusted Signing
**Date:** 2026-05-29
**Status:** Decided
**Deciders:** Mike Swanson
### Context
GuruConnect needs operational parity with GuruRMM: signed Windows binaries, automatic versioning,
changelogs, and tracking. GuruRMM achieves this with a Gitea **webhook → shell-script** pipeline on
shared build hosts (Saturn + Pluto) and signs via Azure Trusted Signing (`jsign`) using credentials
in `/etc/gururmm-signing.env`.
### Decision
GuruConnect implements its release engineering **entirely in Gitea Actions** (not the webhook/script
model), and **reuses GuruRMM's existing Azure Trusted Signing certificate profile** (same account +
service principal) to sign the Windows agent `.exe`.
### Options Considered
- **A — Gitea Actions, reuse RMM cert profile (chosen):** self-contained workflows; `jsign` runs on
the `ubuntu-latest` runner; no Pluto/webhook dependency. GC ships a single `.exe` (no WiX/MSI), so
no Windows runner is needed.
- **B — Mirror RMM's webhook + shell scripts:** maximal parity but adds Pluto/webhook coupling and a
build host to maintain.
- **C — Separate Azure Trusted Signing account for GC:** cleaner attribution, more Azure setup.
### Rationale
- `jsign` is cross-platform (Java) and signs PE binaries on Linux — no Windows runner required.
- Reusing RMM's cert profile means zero new Azure provisioning; GC binaries are signed by the same
ACG identity.
- Actions are self-contained and versioned with the repo, simpler than maintaining build-host scripts.
### Consequences
- The Azure Trusted Signing service-principal secrets must be added to the `guru-connect` repo's
Gitea Actions secrets (values come from `/etc/gururmm-signing.env` / the SOPS vault). See SPEC-001.
- Windows binaries will be attributed to GuruRMM's cert profile until/unless a GuruConnect-specific
profile is provisioned (a future, low-effort change).
- Implementation: `docs/specs/SPEC-001-operational-tooling-parity.md`.
Reference in New Issue View Git Blame Copy Permalink