Skip to content

docs: add fullsend deployment documentation#4

Merged
durandom merged 1 commit into
mainfrom
docs/fullsend-deployment
Jun 9, 2026
Merged

docs: add fullsend deployment documentation#4
durandom merged 1 commit into
mainfrom
docs/fullsend-deployment

Conversation

@durandom

@durandom durandom commented Jun 9, 2026

Copy link
Copy Markdown
Member

Summary

  • Add 4 new reference docs distilled from the private lab notebook (asdlc-lab/mice/fullsend-ai/observations/):
    • repo-onboarding.md — how to install fullsend on a new RHDH repo (standard + manual methods)
    • gcp-infrastructure.md — GCP project, WIF providers, IAM, service accounts, troubleshooting
    • sandbox-networking.md — two-layer netns architecture, DNS failure explanation, proxy workaround
    • known-issues.md — agent behavior gaps, monorepo issues, observability, upstream tracking
  • Update README with docs table and simplified local agent runs section
  • Dedup SA creation commands in local-setup.md (link to gcp-infrastructure.md)
  • Secrets sanitized: no Slack URLs, no ServiceNow ticket IDs, no literal values in gh secret set commands

Test plan

  • Verify all doc cross-links resolve (relative paths between docs)
  • grep -rn 'redhat-internal.slack.com' docs/ returns nothing
  • grep -rn 'UR0163679' docs/ returns nothing
  • grep -rn 'gh secret set.*--body' docs/ returns nothing
  • Review gcloud commands for accuracy against live rhdh-sidekick-167988 project

🤖 Generated with Claude Code

@durandom @claude
docs: add fullsend deployment documentation
eb4ed23 
Extracts operational knowledge from the private lab notebook into
reference docs, making rhdh-fullsend the canonical home for RHDH
fullsend documentation. Secrets and internal URLs are sanitized.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings June 9, 2026 16:11
@durandom durandom requested a review from kadel as a code owner June 9, 2026 16:11
Copilot AI reviewed Jun 9, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a set of deployment/reference documents to this repo and updates existing docs/README to make fullsend onboarding, GCP/WIF setup, sandbox networking behavior, and known issues discoverable for RHDH consumers.

Changes:

  • Add four new reference docs: repo onboarding, GCP infrastructure, sandbox networking, and known issues.
  • Update README.md to include a documentation index and simplify the “Local agent runs” pointer.
  • Deduplicate service-account creation steps in docs/local-setup.md by linking to the new GCP infrastructure reference.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
README.md Adds a docs index table and streamlines local agent run guidance.
images/code/Containerfile Updates header comments to describe Yarn availability and proxy/DNS notes.
docs/local-setup.md Replaces repeated SA-creation commands with a link to the new GCP reference doc.
docs/repo-onboarding.md New guide covering standard vs manual fullsend install, WIF, secrets/vars, and repo hardening tips.
docs/gcp-infrastructure.md New reference for the RHDH GCP project, WIF provider creation, IAM, and SA/key workflows.
docs/sandbox-networking.md New deep-dive on nested netns DNS failure and proxy-based workarounds with upstream issue links.
docs/known-issues.md New consolidated list of current friction points, workarounds, and upstream tracking.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread images/code/Containerfile
Comment on lines +9 to +11
# Yarn is available on PATH immediately — no runtime corepack setup needed.
# DNS proxy config is handled by env/yarn-proxy.env (maps OpenShell's
# HTTP_PROXY to YARN_HTTP_PROXY).
Comment thread docs/repo-onboarding.md
Comment on lines +78 to +79
gh variable set FULLSEND_GCP_REGION --repo <org>/<repo> \
--body "global"
Comment thread docs/repo-onboarding.md
Comment on lines +80 to +83
gh secret set FULLSEND_GCP_WIF_PROVIDER --repo <org>/<repo> \
--body "<wif-provider-path>"
gh secret set FULLSEND_GCP_PROJECT_ID --repo <org>/<repo> \
--body "rhdh-sidekick-167988"
Comment thread docs/sandbox-networking.md
Comment on lines +60 to +62
| `curl https://...` | ✅ | Intercepted by transparent proxy |
| `node -e "fetch('https://...')"` | ✅ | Node's fetch connects to IP; proxy intercepts TCP |
| `gh api ...` | ✅ | Uses HTTPS |
Comment thread docs/sandbox-networking.md
| `nslookup`, `dig` | ❌ | Direct DNS queries |
| `dns.resolve()` (Node.js) | ❌ | Direct DNS queries |

## Workaround: explicit proxy in .yarnrc.yml
Comment thread docs/sandbox-networking.md
Comment on lines +110 to +114
CI (GitHub Actions) uses the same stack — Podman + OpenShell + same
`action.yml`. The inner netns is identical. `yarn install` works in CI
because Node.js's `undici` (used by yarn's fetch) handles connections in a
way that gets intercepted by the transparent proxy before DNS resolution
is needed.
@durandom durandom merged commit c8ed4e0 into main Jun 9, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@kadel kadel Awaiting requested review from kadel kadel is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@durandom