[codex] reshape onboarding tutorials#167
Conversation
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
Signed-off-by: Jeremi Joslin <jeremi@joslin.fr>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a7869fac45
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| relay: include_relay.then_some(RelaySection { | ||
| config: "relay/config.yaml", | ||
| metadata: "relay/metadata.yaml", | ||
| metadata: None, |
There was a problem hiding this comment.
Preserve split metadata on existing Relay projects
When registryctl add notary --from local-relay is run against a project generated before this change, the existing relay/config.yaml still points at /etc/registry-relay/metadata.yaml, but add_notary_from_local_relay does not rewrite that config. Emitting metadata: None here drops the manifest hint that doctor uses to rewrite the host path, and the new compose template also no longer mounts the metadata file, so upgraded projects fail registryctl doctor or registryctl start after adding Notary. Preserve the existing Relay metadata path or migrate the config before removing it.
Useful? React with 👍 / 👎.
| legacy `OPENFN_*` variable names for this DHIS2 sidecar. To point the profile at another DHIS2 | ||
| environment, set these values before you run the profile: |
There was a problem hiding this comment.
Mention the DHIS2 allow-list when changing hosts
When users follow this section for any DHIS2 host other than the public play instance, these exports are not sufficient: the sidecar still has allowed_base_urls pinned to https://play.im.dhis2.org/stable-2-43-0-1 in lab/config/source-adapter/dhis2-health-sidecar.yaml, so a private OPENFN_DHIS2_HOST_URL is rejected unless that allow-list is edited too. Add that requirement next to the environment-variable instructions so the private-deployment path actually works.
Useful? React with 👍 / 👎.
| outcome="Registry Notary evaluating DHIS2 Tracker claims locally, with a programme participation SD-JWT VC issued from the evaluated results." | ||
| time="About 15 minutes after the container images build" | ||
| level="Existing system integration" | ||
| prerequisites={['Docker Compose 2.20+', 'just', 'A Registry Lab checkout with submodules', 'Network access to the DHIS2 play instance']} |
There was a problem hiding this comment.
Add missing generation tool prerequisites
This tutorial sends a fresh checkout through just generate, but the prerequisite list omits the tools that target requires: lab/justfile runs uv run scripts/generate-fixtures.py, and the generated-secret script runs under Python and shells out to openssl. Users who have Docker and just but not uv, python3, or openssl fail before any DHIS2 service starts, so list the same generation tools that the full lab tutorial already requires.
Useful? React with 👍 / 👎.
Summary
This PR reshapes the Registry Stack onboarding ladder around a smaller Supabase-style local flow:
registryctlsample into a three-table benefits workbook and aligns Relay config, smoke checks, Bruno generation, and generated READMEs with that modelopenfnreferences are marked as legacy runtime/CLI names where the lab still requires themValidation
cargo fmt --all --checkcargo test -p registryctl --lockednpm ci --ignore-scriptsnpm run generatenpm run check:contentnpm run check:markdownnpm run check:tutorial:dry-runnpm run check:config-vocabularynpm run check:docsetnpm run buildnpm run check:openapi(passed with existing OpenAPI lint warnings)npm run check:llms:builtnpm run check:svgnpm run check:links:builtgit diff --cached --checkKnown follow-ups / risks
OPENFN_*,openfn-dhis2-sidecar, andoutput/dhis2-openfn/because renaming runnable lab artifacts is a separate cleanup.npm run check:style,npm run check:style:fixtures, andnpm run build:archiveswere not completed because Vale/archive generation hung in this environment.npm run check:seo:builtwas not counted as passed because archived HTML was not built.npm run checkwas not completed due to those Vale/archive blockers.