From 4cf1ac286e661ce36db85a7a543f68619bb739ee Mon Sep 17 00:00:00 2001
From: cinereal <cinereal@riseup.net>
Date: Sat, 25 Oct 2025 14:19:59 +0200
Subject: [PATCH] expand on CI/CD

Signed-off-by: cinereal <cinereal@riseup.net>
---
 architecture-docs/architecture.md | 43 +++++++++++++++++++++++++++++--
 1 file changed, 41 insertions(+), 2 deletions(-)

diff --git a/architecture-docs/architecture.md b/architecture-docs/architecture.md
index 608075f..2873fbe 100644
--- a/architecture-docs/architecture.md
+++ b/architecture-docs/architecture.md
@@ -173,5 +173,44 @@ Whereas the core abstraction in Fediversity is a NixOS configuration module, a m
 
 ### CI / CD
 
-In our simplest set-up, continuous integration and continuous deployment pipelines are handled using Forgejo's [built-in runner](https://code.forgejo.org/forgejo/runner), with relevant secrets handled using [Forgejo secrets](https://forgejo.org/docs/latest/developer/secrets/). Jobs we handle using CI include linting, formatting, testing, and a periodic life-cycle management job to keep our dependencies up-to-date.
-In a future iteration, we may make use of [Gerrit](https://gerrit.googlesource.com/) to better manage our review process for incoming merge requests.
+In our present set-up, continuous integration and continuous deployment pipelines are handled using Forgejo's [built-in runner](https://code.forgejo.org/forgejo/runner), with relevant secrets handled using [Forgejo secrets](https://forgejo.org/docs/latest/developer/secrets/). Our CI jobs use Nix flakes to ensure tests results remain cached in case new commits do not materially affect our tests.
+A CD pipeline helps us automate our deployment by using NixOps4 to sync the latest code on our main branch to our live environment.
+Tests created so far cover:
+
+- pre-commit checks, including:
+  - formatting
+  - dead code detection
+  - trailing whitespace detection
+  - linting of shell scripts
+- our data model
+- building our front-end
+- services we offer to our operators, so far covering:
+  - mastodon
+  - peertube
+  - pixelfed
+- builds for test machines covering our applications and ancilliary services (Garage)
+- deployments of the above applications using:
+  - NixOps4 through Nix
+  - NixOps4 through CLI
+  - NixOps4 through our front-end
+- provisioning virtual machines on ProxmoX
+- deployments using our data model by:
+  - SSH
+  - NixOps4
+  - OpenTofu as a wrapper around SSH
+  - OpenTofu provisioning a virtual machine on ProxmoX
+- builds for the (virtual) machines making up our internal infrastructure
+- ensuring any checks exposed by our Nix flake have been exposed in CI
+
+The latest info on these may be found at:
+
+- CI/CD runner set-up: <https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/machines/dev/forgejo-ci>
+- workflow definitions: <https://git.fediversity.eu/Fediversity/Fediversity/src/branch/main/.forgejo/workflows>
+- CI/CD runs: <https://git.fediversity.eu/Fediversity/Fediversity/actions>
+
+Expanding test coverage aside as our functionality increases, considerations for future iterations of this infrastructure include:
+
+- separating demo versus production environments
+- switching to e.g. Woodpecker CI for its features around secret scoping
+- a periodic life-cycle management job to keep our dependencies up-to-date
+- using [Gerrit](https://gerrit.googlesource.com/) to better manage our review process for incoming merge requests