GitOps Image Pipeline Implementation

[jmgilman]

Overview

Implement a GitOps-driven pipeline that manages source images (ISOs, raw, qcow2) and distributes them to the lab via NAS/NFS.

Design Document: docs/design/image-pipeline.md

Goals

• Input: Declarative YAML configuration defining image sources, validation rules, and optional file updates
• Output: Validated images in iDrive e2 (S3-compatible), synced to Synology NAS via Cloud Sync
• Key Constraint: Downstream builds (Packer) are triggered via Git changes, not direct invocation

Architecture

Source Images → labctl images sync → iDrive e2 → Synology Cloud Sync → NAS
                      ↓
               updateFile changes → PR → Mergify auto-merge
                                              ↓
                                    Packer workflow triggered
                                              ↓
                                    Built image → e2 → NAS

Components

1. labctl images CLI - Go CLI tool for image management (sync, validate, list, prune, upload)
2. GitHub Actions workflows - CI/CD for sync and Packer builds
3. Mergify configuration - Auto-merge bot PRs after CI passes
4. SOPS-encrypted credentials - Secure storage for e2 and SSH credentials

Sub-issues

This epic is broken into 4 sequential issues:

1. CLI foundation - Go module, config parsing, credentials, S3 store
2. Command implementations - sync, validate, list, prune, upload commands
3. Bootstrap files - SOPS config, encrypted credentials, initial manifest
4. GitHub Actions + Mergify - CI/CD workflows

[linear]

HOM-18