solstice-ci/docs/ai/decisions/001-runner-only-architecture.md

ADR-001: Runner-Only Architecture

Date: 2026-04-09 Status: Accepted Deciders: Till Wegmueller

Context

Solstice CI started as a full CI/CD system with webhook receivers, a custom log storage service, and platform-specific integration layers. This resulted in 7+ services to maintain, a custom log viewer that was worse than GitHub/Forgejo's native UI, and security/multi-tenancy challenges around log access control, webhook secrets, and artifact storage.

The system's unique value is VM orchestration for non-Linux operating systems (illumos, omnios, OpenIndiana) — something no other CI runner handles well.

Decision

Act exclusively as a native runner for GitHub and Forgejo. Retire all webhook ingestion, log storage, and custom status reporting. Let the platforms handle everything except job execution.

Consequences

Positive

• 7 services reduced to 3: orchestrator, forgejo-runner, github-runner
• Security solved by delegation: log access, webhook secrets, artifacts, user auth all handled by the platform
• Better UX: logs appear in GitHub/Forgejo native UI instead of a custom dashboard
• Standard workflow format: users write GitHub Actions YAML, not custom KDL
• Lower maintenance burden: no custom dashboard, no log retention policy, no artifact storage

Negative

• No custom KDL workflows for external users: KDL remains as internal superset but external users must use Actions YAML
• Feature limitations: can only execute run steps, not uses actions (no container support, no marketplace actions)
• Platform dependency: tied to GitHub/Forgejo runner protocols
• GitHub runner protocol complexity: significantly more complex than Forgejo's connect-rpc (RSA JWT, OAuth tokens, heartbeats)

Neutral

• Internal projects can still use .solstice/workflow.kdl for setup scripts and multi-OS abstractions
• RabbitMQ remains as the internal job buffer between runners and orchestrator