-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathdevfile.yaml
More file actions
316 lines (305 loc) · 12.9 KB
/
devfile.yaml
File metadata and controls
316 lines (305 loc) · 12.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
schemaVersion: 2.2.0
metadata:
name: elohim-devspace
displayName: Holochain + Angular Development Environment
description: >-
Full-stack development with Holochain (Rust/Nix) backend and Angular frontend,
plus Claude AI utilities
icon: >-
https://raw.githubusercontent.com/devfile/devfile-web/main/apps/landing-page/public/pwa-192x192.png
tags:
- Rust
- Nix
- Holochain
- Angular
- Node.js
- Java
- ubi10
- Claude
- mempalace
projectType: holochain
language: Polyglot
version: 2.0.0
projects:
- name: elohim
git:
remotes:
origin: https://github.com/ethosengine/elohim.git
# NOTE: the `submodules:` block below is NOT part of the devfile v2.2.0
# spec — devfile clones the parent repo but has no native recurse-
# submodules flag. It's listed here in proposed-spec shape so the
# devfile reads as the source of truth for what the workspace needs.
# Until upstream support exists, run once per workspace:
# git submodule update --init --recursive --jobs 4
# submodules:
# - name: sophia
# path: sophia
# url: https://github.com/ethosengine/sophia.git
# - name: rust-ipfs
# path: elohim/rust-ipfs
# url: https://github.com/ethosengine/rust-ipfs.git
# branch: elohim
# - name: brit
# path: elohim/brit
# url: https://github.com/ethosengine/brit.git
# - name: rakia
# path: elohim/rakia
# url: https://github.com/ethosengine/rakia.git
components:
- name: tools
container:
# Image build source: https://github.com/ethosengine/che-devworkspaces
# containers/udi-plus/Dockerfile — base: claude-code, SonarQube MCP jar,
# Java 21, Node, Chrome for Testing,
# hadolint, yamllint, nerdctl/buildctl
# containers/rust-dev/Dockerfile — adds Rust toolchain at /opt/rust,
# Holochain binaries at /opt/holochain,
# sccache, just, cached nix-installer
# Built via Jenkins (devspaces-udi-plus, devspaces-rust-nix-dev). Image name
# rust-nix-dev:latest is historical — current source folder is rust-dev/.
image: harbor.ethosengine.com/devspaces/udi-plus-mem-rust-nix:latest
memoryLimit: 24Gi
memoryRequest: 8Gi
cpuLimit: '10'
cpuRequest: '6'
mountSources: true
sourceMapping: /projects
env:
# Claude and general config
- name: CLAUDE_CONFIG_DIR
value: /projects/.claude-config
- name: USER
value: user
- name: RUST_BACKTRACE
value: '1'
# Nix experimental features (required for flakes and nix develop)
- name: NIX_CONFIG
value: 'experimental-features = nix-command flakes'
# XDG directories - subdirs under /nix volume (single PVC)
- name: XDG_CACHE_HOME
value: /nix/xdg/cache
- name: XDG_DATA_HOME
value: /nix/xdg/data
- name: XDG_STATE_HOME
value: /nix/xdg/state
- name: XDG_CONFIG_HOME
value: /nix/xdg/config
- name: NPM_CONFIG_CACHE
value: /nix/xdg/cache/npm
- name: PNPM_HOME
value: /nix/xdg/cache/pnpm
- name: CYPRESS_CACHE_FOLDER
value: /nix/xdg/cache/cypress
# Jenkins integration
- name: JENKINS_URL
value: "https://jenkins.ethosengine.com"
# SonarQube MCP configuration (SONARQUBE_TOKEN comes from K8s secret)
- name: STORAGE_PATH
value: /projects/.sonarqube-mcp
- name: SONARQUBE_URL
value: "https://sonarqube.ethosengine.com"
# Observability MCP (Grafana: metrics/logs/traces); internal SSE, no credentials needed
- name: OBSERVABILITY_MCP_URL
value: "http://observability-mcp.observability.svc.cluster.local:8000/sse"
# GH_TOKEN injected via K8s secret auto-mount annotations
# Chrome for Angular testing
- name: CHROME_BIN
value: /usr/local/bin/chrome
- name: CHROME_PATH
value: /opt/chrome-linux64/chrome
# Rust toolchain (installed to /opt/rust in Dockerfile)
- name: RUSTUP_HOME
value: /opt/rust/rustup
- name: CARGO_HOME
value: /opt/rust/cargo
# RUSTFLAGS for Holochain WASM builds (getrandom backend for wasm32)
- name: RUSTFLAGS
value: '--cfg getrandom_backend="custom"'
# CC for native compilation (some crates need explicit gcc)
- name: CC
value: gcc
# sccache config injected via K8s secret auto-mount annotations
# (sccache-credentials Secret in the Che user namespace, labeled
# controller.devfile.io/mount-to-devworkspace=true and annotated
# mount-as=env). Backing store is Garage at
# garage.ethosengine.svc.cluster.local:3900 (S3-compatible). Provides:
# AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY,
# SCCACHE_BUCKET, SCCACHE_ENDPOINT, SCCACHE_S3_USE_SSL, SCCACHE_REGION
# sccache binary is baked into rust-nix-dev image at /usr/local/bin/sccache
# (added 2026-05-09 in ethosengine/che-devworkspaces). Flipping the
# wrapper here means every cargo invocation in the workspace consults
# Garage; cache hits are ~ms, misses fall through to local compile
# and populate the cache for the next workspace.
- name: RUSTC_WRAPPER
value: sccache
- name: SCCACHE_LOG
value: warn
# Cargo target pool — family-shared target dirs to keep parallel
# worktree builds from each materializing their own ~18GB target/.
# Hooks at SessionStart/Stop run worktree stewardship; agents read
# the slot path from the hook's context block and set
# CARGO_TARGET_DIR explicitly for native builds.
# Design: genesis/docs/plans/cargo-target-pool-design.md
- name: CARGO_TARGET_POOL_ROOT
value: /projects/.cargo-target-pool
# PATH: Ensure holochain binaries, rust toolchain, helper scripts,
# and genesis/agentic/bin (cargo-pool, pool-*.sh) are available.
- name: PATH
value: '/projects/elohim/genesis/agentic/bin:/nix/xdg/cache/pnpm:/opt/rust/cargo/bin:/opt/holochain/bin:/home/user/bin:/home/user/.nix-profile/bin:/home/user/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
# Cutover gate #10 — auto-enable the pkarr resolver in Che workspaces
# so dev-time iroh can use the workspace doorway as its resolver.
- name: DOORWAY_PKARR_RESOLVER_ENABLED
value: "true"
- name: DOORWAY_PKARR_CACHE_DIR
value: "/projects/elohim/.doorway/pkarr-cache"
# ===== MemPalace =====
- name: MEMPALACE_HOME
value: /projects/elohim/.mempalace
- name: MEMPALACE_EMBEDDING_BACKEND
value: local
- name: MEMPALACE_EMBEDDING_MODEL
value: sentence-transformers/all-MiniLM-L6-v2
- name: HF_HOME
value: /opt/mempalace/hf-cache
- name: HF_HUB_OFFLINE
value: "1"
- name: TRANSFORMERS_OFFLINE
value: "1"
endpoints:
- name: angular-dev
targetPort: 4200
exposure: public
protocol: http
- name: ui-playground
targetPort: 4201
exposure: public
protocol: http
# Holochain Dev Proxy - unified path-based routing for all conductor access
# Routes: /admin → :4444, /app/:port → :port, /health, /status
- name: hc-dev
targetPort: 8888
exposure: public
protocol: http
#secure:true needed for che http -> ws upgrade, which uses traefik proxy
secure: true
# elohim-storage - blob storage and import processing
- name: hc-storage
targetPort: 8090
exposure: public
protocol: http
# Storybook - sophia component documentation
# Note: secure: false allows unauthenticated access to static assets
# The endpoint is still HTTPS via Che's ingress controller
- name: storybook
targetPort: 6006
exposure: public
protocol: http
volumeMounts:
- name: persistent
path: /nix
# Single PVC — Che consolidates all volumes into one PVC anyway.
# Nix store lives at /nix/store, XDG caches at /nix/xdg/.
- name: persistent
volume:
size: 220Gi
commands:
- id: setup-pnpm
exec:
component: tools
workingDir: /projects/elohim
commandLine: |
# Install pnpm standalone binary to $PNPM_HOME (on PATH via devfile env).
# Runs as user, no root or corepack needed. Version pinned to match package.json.
if pnpm --version 2>/dev/null | grep -q "10.30.3"; then
echo "pnpm 10.30.3 already installed"
else
curl -fsSL https://get.pnpm.io/install.sh | env PNPM_HOME="$PNPM_HOME" SHELL=/bin/bash bash -
fi
pnpm --version
- id: setup-vscode-cli
exec:
component: tools
commandLine: |
# Create VS Code CLI symlink (code-oss -> code)
# checode only ships ubi8/ubi9 binaries, use ubi9 (forward compatible with ubi10)
mkdir -p /home/user/.local/bin
if [ -f /checode/checode-linux-libc/ubi9/bin/remote-cli/code-oss ]; then
ln -sf /checode/checode-linux-libc/ubi9/bin/remote-cli/code-oss /home/user/.local/bin/code
fi
# Link ~/.claude to persistent config dir for VS Code extension IDE detection
# The extension uses ~/.claude/ide for IPC sockets, must match CLAUDE_CONFIG_DIR
rm -rf /home/user/.claude 2>/dev/null || true
ln -sf "$CLAUDE_CONFIG_DIR" /home/user/.claude
mkdir -p /home/user/.claude/ide
- id: setup-claude-mcp
exec:
component: tools
workingDir: /projects/elohim
commandLine: |
# Create persistent storage directory for SonarQube MCP
mkdir -p "$STORAGE_PATH"
# Configure SonarQube MCP (env vars from devfile, SONARQUBE_TOKEN from K8s secret)
claude mcp remove sonarqube 2>/dev/null || true
claude mcp add sonarqube \
--env STORAGE_PATH="$STORAGE_PATH" \
--env SONARQUBE_TOKEN="$SONARQUBE_TOKEN" \
--env SONARQUBE_URL="$SONARQUBE_URL" \
-- java -jar /opt/mcp/sonarqube-mcp.jar
# Jenkins MCP is scoped per-subagent via inline `mcpServers` frontmatter on
# ci-observer, ci-investigator, and after-action — not registered globally
# here, so the parent context doesn't load Jenkins tool schemas.
# Configure GitHub CLI authentication
# Commented out 2026-05-10: `gh` is not installed in rust-nix-dev image,
# so this block exit-127s and aborts postStart. Re-enable after gh is
# baked into the image (ethosengine/che-devworkspaces).
# if [ -n "$GH_TOKEN" ]; then
# echo "$GH_TOKEN" | gh auth login --with-token
# gh auth status
# fi
- id: start-doorway
exec:
component: tools
workingDir: /projects/elohim/holochain/doorway
commandLine: |
RUSTFLAGS="" cargo build --release && STORAGE_URL=http://localhost:8090 ./target/release/doorway --dev-mode --listen 0.0.0.0:8888 --conductor-url ws://localhost:4444
- id: build-happ
exec:
component: tools
workingDir: /projects/elohim/elohim/holochain/dna/elohim
commandLine: |
echo "Building Holochain WASM zomes..."
cargo build --release --target wasm32-unknown-unknown
echo "Packing DNA..."
hc dna pack . -o workdir/lamad.dna
echo "Packing hApp..."
hc app pack workdir -o workdir/elohim.happ
echo "Done! hApp at: workdir/elohim.happ"
- id: seed-holochain
exec:
component: tools
workingDir: /projects/elohim/genesis/seeder
commandLine: |
pnpm install && pnpm run seed
- id: setup-mempalace
exec:
component: tools
commandLine: |
set -e
# MemPalace CLI does NOT read $MEMPALACE_HOME. Default palace is
# ~/.mempalace/palace. To make all CLI calls and the MCP server
# land in the PVC-persisted slot without --palace plumbing, we
# symlink ~/.mempalace -> $MEMPALACE_HOME (mirrors ~/.claude
# -> $CLAUDE_CONFIG_DIR pattern from setup-vscode-cli above).
mkdir -p "$MEMPALACE_HOME/palace"
rm -rf /home/user/.mempalace 2>/dev/null || true
ln -sf "$MEMPALACE_HOME" /home/user/.mempalace
# Mining is operator/agent-driven — historian decides what to mine
# and when. See .claude/agents/historian.md (mcpServers frontmatter)
# for the read-side wiring. Probe palace state so postStart logs it.
mempalace status 2>&1 || true
events:
postStart:
- setup-pnpm
- setup-vscode-cli
- setup-claude-mcp
# - setup-mempalace