Axion Build Pipeline — Complete Reference

Scenario	Time
Full compile (cold, no cache)	~180s
Code change (few files)	~30s
No-change rebuild	~5s

Target	Factories Kept	CMD
runtime	all (base dispatcher)	entrypoint.sh
report	core, export, field, formlayout, text, report, pages, web, service	ServeReport.py
webhook	core, export, field, formlayout, text, webhook, pages, web, service	ServeWebHook.py
web	core, export, field, formlayout, text, pages, web, report, service	ServeWebsite.py
workflow	core, export, field, formlayout, text, workflow, web, service	ServeWorkflow.py
go	core, field, formlayout, text, pages, web	ServeGo.py
scheduler	core, export, field, formlayout, text, workflow, service	ServeScheduler.py
mqtt	core, export, field, formlayout, text, service	ServeMqtt.py
import	core, export, field, formlayout, text, import, service	ServeImport.py
conversation	core, export, field, formlayout, text, conversation, web, service	ServeConversation.py
ai	core, text, ai, web, learn, service	ServeAI.py
monitor	core, export, field, formlayout, text, service	ServeMonitor.py
sms	core, export, field, formlayout, text, sms, service	ServeSms.py

Mode	Command	What it finds
deps	`trivy fs --scanners vuln .`	CVEs in Python dependencies
config	`trivy config resource.docker/`	Dockerfile/Helm misconfigurations
secrets	`trivy fs --scanners secret .`	Leaked credentials in source
image	`trivy image <tag>`	Container image CVEs

File	Purpose
`helm/{package}/values.yaml`	Image, services, infra, env_overrides
`helm/{package}/Chart.yaml`	Helm chart metadata
`helm/{package}/templates/deployment.yaml`	Per-service deployments
`helm/{package}/templates/service.yaml`	ClusterIP/NodePort services
`helm/{package}/templates/infra-*.yaml`	MongoDB, Redis, RabbitMQ, etc.
`caddyfile/{package}.generated.Caddyfile`	Reverse proxy routing
`config.template/registries.yaml`	K3s registry mirror config

Parent Branch	Version	Example
develop	meridian	`meridian-report-homechoice:latest`
main	axion	`axion-report-homechoice:latest`
helix	helix	`helix-report-homechoice:latest`
other	prism	`prism-report-homechoice:latest`
ARM-only build	+suffix	`meridian-report-homechoice-arm:latest`

Table	Rows per build	Content
`log_build_run`	1	GUID, package, status, timing, host arch/OS, platform
`log_build_step`	11	Per-step status, timing, errors, result detail
`log_build_compile`	~838	Per-module compile success/failure
`log_build_compile_set`	~19	Per-factory-set timing summary
`log_build_scan`	1	Trivy CVE counts by severity
`log_build_image`	13	Image size per target
`log_audit`	4	Audit results per mode

Component	Location	Purpose
Registry	`registry.technocore.co.za` (LXC 136, 10.0.10.5)	Harbor container registry
Builder	LXC 136 (24 cores, 64GB) via SSH	Remote buildx for ARM
K3s cluster	swarm1-4 (10.0.10.41-44)	Deployment target
Pipeline	LXC 109 (10.0.10.68)	CI/CD webhook runner
Caddy	anchor.technocore.co.za	TLS proxy for registry + K3s
Proxmox	hypervisor (10.0.10.18)	LXC host

Dependency	Required by
factory.core	ALL services
factory.field + factory.formlayout	field always needs formlayout
factory.text	most services (template rendering)
factory.export	services that produce data exports
factory.service	services that run calculations/API calls
factory.report	report service + web (report rendering)
factory.pages	web, go, webhook (page templates)
factory.web	services with HTTP endpoints
factory.workflow	workflow + scheduler

What you want to change	Where to change it	NOT here
Service port, replicas	`config.yaml base.services`	values.yaml
NodePort exposure	`config.yaml base.services.{svc}.node_port`	service.yaml
Infra image (mongo:4.4)	`ObjBuildRunnerBase.yaml infra_services`	values.yaml
Infra credentials	`config.yaml terraform.{service}`	values.yaml
Infra env vars (MONGO_INITDB)	`ObjBuildRunnerBase.yaml infra_services.{svc}.env_map`	infra-statefulset.yaml
App env vars (AXION_MQTT_HOST)	`ObjBuildRunnerK3s.py generate_deploy_config()`	deployment.yaml
Factory stripping list	`ObjBuildRunnerBase.yaml service_factories`	Dockerfile
Requirements tier	`ObjBuildRunnerBase.yaml service_requirements`	Dockerfile
Deployment template structure	`ObjBuildRunnerK3s.py _deployment_tpl()`	deployment.yaml
Service template structure	`ObjBuildRunnerK3s.py _service_tpl()`	service.yaml
Infra template structure	`ObjBuildRunnerK3s.py _infra_statefulset_tpl()`	infra-statefulset.yaml
Volume mounts	`config.yaml deployment.volumes`	deployment.yaml
Registry config	`config.yaml deployment.registry`	values.yaml
Timezone	`config.yaml system.timezone`	deployment.yaml
Caddy routing	`ObjBuildRunnerK3s.py generate_caddy()`	Caddyfile
Registries mirrors	`config.yaml deployment.registry.mirrors`	registries.yaml

File	Purpose
`factory.deploy/ObjBuild.py`	Pipeline orchestrator + CLI
`factory.deploy/ObjBuild.yaml`	DB schemas + SQL queries
`factory.deploy/ObjAudit.py`	Security audit module
`factory.deploy/extend.build/ObjCompile.py`	Cython compiler
`factory.deploy/extend.build/ObjBuildDocker.py`	Docker build/push
`factory.deploy/extend.build/ObjBuildHelm.py`	Helm install/upgrade
`factory.deploy/extend.build/ObjConfig.py`	Config validation/trim
`factory.deploy/extend.runner/ObjBuildRunnerBase.py`	Loads maps from YAML
`factory.deploy/extend.runner/ObjBuildRunnerBase.yaml`	Source of truth: infra, factories, tiers, routes
`factory.deploy/extend.runner/ObjBuildRunnerK3s.py`	K3s scaffold/deploy + template generators
`factory.deploy/extend.substrate/ObjDocker.py`	Docker daemon + image naming
`factory.report/package.core/ObjReportBuild.py`	Email report renderer
`factory.webhook/ObjHookBuild.py`	Webhook build trigger
`resource.docker/dockerfile/axion.dockerfile`	Generic multi-stage Dockerfile (all packages)
`resource.docker/strip_factories.sh`	Factory stripping script
`resource.docker/helm/{package}/`	GENERATED by scaffold — do not edit
`resource.config/requirements-*.txt`	Per-tier pip requirements
`resource.config/requirements-build.txt`	Build-only packages (Cython, docker, pygit2)
`resource.config/requirements-apt.txt`	System package dependencies
`resource.notes/futures/`	Product roadmap (25 plans)

File	Tier	Services	~Size
`requirements-minimal.txt`	minimal	mqtt, sms, monitor, scheduler, conversation	40 MB
`requirements-web.txt`	web	webhook, go	80 MB
`requirements-report.txt`	report	report, web (website)	200 MB
`requirements-io.txt`	io	import	240 MB
`requirements-ai-service.txt`	ai	ai	500 MB
`requirements.txt`	full	workflow, runtime	1.7 GB
`requirements-build.txt`	build-only	compiler stage (Cython, docker, pygit2)	—
`requirements-ai.txt`	GPU	torch, transformers (optional)	4.5 GB

¶ Axion Build Pipeline — Complete Reference

¶ Overview

¶ Quick Start

¶ Pipeline Steps in Detail

¶ Step 1: Config Validation

¶ Step 2: PEM Keys

¶ Step 3: Compile (Cython)

¶ Step 4: Image Build (All Targets)

¶ Step 5: Security Scan (Harbor / Trivy)

¶ Step 6: Security Audit

¶ Step 7: Push

¶ Step 8: Topology

¶ Step 9: Scaffold

¶ Step 10: Deploy

¶ Step 11: Verify

¶ Image Naming Convention

¶ Database Tracking

¶ Email Report

¶ Config as Single Source of Truth

¶ CLI Commands

¶ Webhook Trigger

¶ Infrastructure

¶ Harbor Registry

¶ Docker Build Stages

¶ Factory Stripping

¶ CRITICAL: Source of Truth Hierarchy

¶ The Golden Rule

¶ Data Flow (one-way, never backwards)

¶ Where to make changes

¶ Common mistakes and how to avoid them

¶ After any change: the correct sequence

¶ Docker Build Stages (Updated)

¶ Requirements Files

¶ Pip (Python packages)

¶ Apt (system packages)

¶ Per-Package Feature Flags

¶ RACI Notifications

¶ Axion Build Pipeline — Complete Reference

¶ Overview

¶ Quick Start

¶ Pipeline Steps in Detail

¶ Step 1: Config Validation

¶ Step 2: PEM Keys

¶ Step 3: Compile (Cython)

¶ Step 4: Image Build (All Targets)

¶ Step 5: Security Scan (Harbor / Trivy)

¶ Step 6: Security Audit

¶ Step 7: Push

¶ Step 8: Topology

¶ Step 9: Scaffold

¶ Step 10: Deploy

¶ Step 11: Verify

¶ Image Naming Convention

¶ Database Tracking

¶ Email Report

¶ Config as Single Source of Truth

¶ CLI Commands

¶ Webhook Trigger

¶ Infrastructure

¶ Harbor Registry

¶ Docker Build Stages

¶ Factory Stripping

¶ CRITICAL: Source of Truth Hierarchy

¶ The Golden Rule

¶ Data Flow (one-way, never backwards)

¶ Where to make changes

¶ Common mistakes and how to avoid them

¶ After any change: the correct sequence

¶ Docker Build Stages (Updated)

¶ Related Files

¶ Requirements Files

¶ Pip (Python packages)

¶ Apt (system packages)

¶ Per-Package Feature Flags

¶ RACI Notifications