Skip to content

docs: add APT/DNF Worker learnings + CLAUDE.md Distribution section#512

Merged
aaddrick merged 1 commit intomainfrom
docs/apt-worker-learnings
Apr 23, 2026
Merged

docs: add APT/DNF Worker learnings + CLAUDE.md Distribution section#512
aaddrick merged 1 commit intomainfrom
docs/apt-worker-learnings

Conversation

@aaddrick
Copy link
Copy Markdown
Owner

Summary

Phase 5 docs follow-up to #493. The plan doc was retired in #511 once the implementation shipped; this replaces it with a learnings file aimed at future maintainers (and future-me in a year) rather than a forward-looking design spec.

What's in the learnings file

docs/learnings/apt-worker-architecture.md — one file a future maintainer can open cold and recover from an outage or credential rotation. Covers:

  • The problem (100 MB push cap) and why the alternatives were rejected
  • Two redirect chains — one for legacy aaddrick.github.io users, one for direct pkg.<domain> users — with the exact hostnames each hop lands on
  • Why raw.githubusercontent.com is the Worker's origin, not aaddrick.github.io (Pages 301 loop risk that bit me during cutover)
  • Why Pages emits http:// in its redirect (no cert, because DNS points at Cloudflare; Pages can't ever verify) and why that's the apt-breaks-but-dnf-works root cause
  • File map of everything in the repo that's part of the system
  • Credential ownership (Cloudflare account email, registrar, API token scopes)
  • Heartbeat failure runbook — 5 ordered diagnostic steps when heartbeat-failure-deb or heartbeat-failure-rpm auto-opens a tracking issue
  • Rollback paths (fast disable, cold-standby restore, full revert)
  • Documented fallbacks if Cloudflare becomes unavailable
  • Known gotchas, including the smoke-test URLs are intentionally still github.io note so future cleanup passes don't "fix" them and break coverage of the Pages-301 path

What's in CLAUDE.md

  • One line added to the Learnings list pointing at the new file
  • New ## Distribution section under ## CI/CD with a one-paragraph summary, the key file paths, the repo-secret names, and a pointer to the learnings file

Not in scope

Refs #493


Generated with Claude Code
Co-Authored-By: Claude Opus 4.7 [email protected]

Phase 5 docs follow-up to #493. The plan doc was deleted in #511;
this replaces it with a learnings file aimed at future maintainers
(and future-me) rather than a design spec.

docs/learnings/apt-worker-architecture.md covers:
- The problem (100MB push cap) and why other fixes were rejected
- Redirect chains for both legacy github.io users and direct
  pkg.<domain> users
- Why raw.githubusercontent.com is the origin (Pages 301 loop)
- Why Pages emits http:// (no cert, and why the cert can't be had)
- File map (worker source, wrangler.toml, deploy workflow, heartbeat)
- Credential ownership (Cloudflare account, registrar, API token scopes)
- Heartbeat failure runbook — 5 ordered steps to work through
- Rollback paths and documented fallbacks if Cloudflare becomes
  unavailable
- Known gotchas including the smoke-test-URL-is-intentionally-github.io
  note so future cleanup passes don't "fix" it

CLAUDE.md gains:
- Link to the new learnings file in the Learnings list
- New "Distribution" section under CI/CD with a one-paragraph summary
  and pointers to the key files

Refs #493
@aaddrick aaddrick merged commit e86f17b into main Apr 23, 2026
16 checks passed
@aaddrick aaddrick deleted the docs/apt-worker-learnings branch April 23, 2026 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant