Migrate harness from in-memory stores to CloudNativePG

Replace all in-memory Map-backed stores (credentials, models, agents, tasks, iterations, usage) with Drizzle ORM queries against the homelab-pg PostgreSQL cluster. All store functions are now async. - Add 6 harness_* tables to @homelab/db schema - Generate and apply initial Drizzle migration - Add lazy DB connection proxy to avoid build-time errors - Wire DATABASE_URL from sealed secret into harness deployment - Update all API routes, orchestrator, executor, and boot to await async store operations
2026-03-21 20:17:00 +00:00
parent df351439d6
commit 3fe75a8e04
28 changed files with 1245 additions and 304 deletions
--- a/apps/harness/k8s/base/deployment.yaml
+++ b/apps/harness/k8s/base/deployment.yaml
@@ -28,6 +28,11 @@ spec:
              value: /secrets/claude
            - name: OPENCODE_CONFIG_DIR
              value: /secrets/opencode
+            - name: DATABASE_URL
+              valueFrom:
+                secretKeyRef:
+                  name: harness-db-credentials
+                  key: database-url
          volumeMounts:
            - name: workspace
              mountPath: /data/harness
--- a/apps/harness/k8s/base/harness-db-credentials-sealed.yaml
+++ b/apps/harness/k8s/base/harness-db-credentials-sealed.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: harness-db-credentials
+  namespace: apps
+spec:
+  encryptedData:
+    database-url: AgA3P5VHDwMKFvoF8YWox4KkFSVhHfSFFA1iT9vJEz4Iw8V4U2tkYJ9VRzCXo8mcRmCxm1/9o5gFZ2BX9BsSLW8kdcJi0YEQ7ieHHBO4NElpkYPbuYCc3MJnpd7YycOciLjcBVzuR4gbNl1PCiFtDY82+Kb0DLxclWXrPRuLxcT2hyMwHzYAfxDHdbgvcDEQ4pK+hZ6R2b7Hror29TvXDIMvdj015ertU8XmsSj/CbDUv8AY/CpyQIymIvZrTmdQx2smBN6HfTNvk/YxWukM0p6pUAWoJ+ylqq6Q+dNDKZpv417T8GHqyd/4bfQOVbkUVClcA3Sil1BNUxm8S/AA8iJIFS+6i2MyN0bRPrfV7AGTT17CdlRmyu35wRX+QLO774MRDzXnJu6aTEyoupFaTxG5qGaGU9Sd9bo+nvi72pClMMsmjTZJNruqKjhilq05jmqJbrCq5x+zJm/jXWQL9jL/K2jVsoOctNSJFu/vIqGOhArspKKMaEQykNbL4Hdmdlzf2cxCB4zrNN8/EfYMalS+mkr9/9heX87n5HU63ndOH6k8jWS49osxi2Upe17STdC5jAHvJnZpxmwpC7x/fo3YaEDT11Q3/Oz5oZ+YU7N7EP3tl57OLYhsYMRcAt+baNjxuvh1YB8r3lThtwjJu5Tj8MSEAWxRAP4TAvI/VQdnHKh3S8jhWyV4rH26dJlUXiRTCLfsjeC1LNwdV4mcdvZQoWROHNuUchp0Q0g6qaor2lJTLKiLcrTtb9+dHvKdYW2ImnBmDgXfxOXc5eSQaISv0BFlrnPAqkjNSUOqi+Ts1LKc/0Fm1RvzW61z4A==
+  template:
+    metadata:
+      name: harness-db-credentials
+      namespace: apps
--- a/apps/harness/k8s/base/kustomization.yaml
+++ b/apps/harness/k8s/base/kustomization.yaml
@@ -5,3 +5,4 @@ resources:
  - service.yaml
  - harness-claude-credentials-sealed.yaml
  - harness-opencode-credentials-sealed.yaml
+  - harness-db-credentials-sealed.yaml