FigJam Diagram: GitHub Actions Dashboard — Workflow Run Viewer (expires 2026-04-13)
Org-wide GitHub Actions workflow run viewer with historical tracking. Deployed as an internal tool on the cluster.
| URL | https://gha.k3s.internal.strommen.systems |
| Namespace | gha-dashboard |
| Image | python:3.12-alpine (inline app — source in ConfigMap) |
| Auth | Internal LAN/VPN only — no Authentik middleware |
zolty-mat org reposThe entire app is embedded inline in the ConfigMap gha-dashboard-app. No Harbor image — uses python:3.12-alpine with stdlib only (no pip dependencies).
Source mounted at /app/app.py. Frontend HTML in gha-dashboard-html ConfigMap, mounted at /app/static/index.html.
| Env Var | Value | Source |
|---|---|---|
GITHUB_ORG |
zolty-mat |
Hardcoded |
GITHUB_TOKEN |
— | Secret gha-dashboard-github-token / github_token |
POLL_INTERVAL |
30 (seconds) |
Hardcoded |
DB_PATH |
/data/gha.db |
Hardcoded |
PORT |
8080 |
Hardcoded |
| Secret | Keys | Purpose |
|---|---|---|
gha-dashboard-github-token |
github_token |
GitHub PAT with repo + read:org scopes |
Bootstrap:
kubectl create secret generic gha-dashboard-github-token \
--namespace gha-dashboard \
--from-literal=github_token=<PAT>
The PAT needs repo scope (for workflow run data) and read:org scope.
| Volume | Type | Size | Purpose |
|---|---|---|---|
gha-dashboard-data |
Longhorn RWO | 1Gi | SQLite database persistence |
| Container port | 8080 |
| Service port | 80 → 8080 |
| CPU | request 10m / limit 200m |
| Memory | request 64Mi / limit 256Mi |
| Security | runAsNonRoot, runAsUser: 1000, seccompProfile: RuntimeDefault, all capabilities dropped |
| Metrics | No Prometheus metrics — not scraped |
| Pod security | restricted (namespace-level) |
kubernetes/apps/gha-dashboard/
gha-dashboard.yaml -- Namespace, ConfigMaps (app + HTML), PVC, Deployment, Service, Ingress