Apps¶
An app is the basic unit of deployment on PaaS Runtime — a name (e.g. hello-paas), a git repo, an image, and runtime configuration.
Lifecycle¶
sequenceDiagram
participant Dev
participant Forgejo
participant PaaS
participant K8s
Dev->>Forgejo: git push
Forgejo->>PaaS: webhook
PaaS->>PaaS: build (Tekton)
PaaS->>PaaS: SBOM + Cosign
PaaS->>K8s: kubectl apply
K8s->>Dev: app live https://*.runtime.di2amp.comWhat paas apps create provisions¶
| Resource | Detail |
|---|---|
| Kubernetes namespace | paas-apps, label paas-tenant-id=<tenant>, label paas-app=<name> |
| Forgejo repo | Under your org (octave), private by default |
| TLS certificate | cert-manager + Let's Encrypt, <name>.runtime.di2amp.com |
| NetworkPolicy | deny-all + allow ingress from nginx-controller, allow egress to addons |
| ServiceAccount | non-root, no host network, dedicated for the app |
| Default domain | https://<name>.runtime.di2amp.com |
Files in your repo¶
PaaS reads these files from your repo (in order of precedence):
Procfile— declares process types (web,worker,release,cron-*)paas.toml(optional) — overrides for plan, build, env, scaling, domains- Buildpack auto-detection (Paketo): looks for
package.json(Node),requirements.txt(Python),go.mod(Go),Cargo.toml(Rust),pom.xml(Java),Gemfile(Ruby),composer.json(PHP),mix.exs(Elixir)
App states¶
| State | Meaning |
|---|---|
running |
At least 1 replica Ready, health check passes |
sleeping |
Free plan, no traffic for 30 min — wakes on next request |
failed |
Build failed OR all replicas CrashLoopBackOff |
deploying |
Build in progress OR rollout active |
deleted |
Soft-deleted, retained 30 days, restorable via paas apps restore |