1.1 What Orbnetes Is 1.2 Who It Is For 1.3 What Problem It Solves 1.4 Core Platform Principles (control, traceability, speed)
1.5.1 Install Docker Image 1.5.2 Install Host App
2.1 First 30 Minutes Setup 2.2 Create Project 2.3 Register First Agent 2.4 Add Release Source / Storage 2.5 Create First Blueprint 2.6 Launch First Run and First Release 2.7 Quick Start Completion Checklist
3.1 Control Plane vs Agent Execution Plane 3.2 Project Scope Model 3.3 Data Flow: Source -> Release -> Pipeline -> Logs/Artifacts 3.4 Runtime Configuration Layers (global / project / environment) 3.5 Pipeline Execution Semantics 3.6 Release Governance Path 3.7 Rollback Architecture (Policy-driven) 3.8 Security and Trust Boundaries 3.9 State and Persistence Model 3.10 Scalability Model 3.11 Failure Modes and Recovery Patterns 3.12 Why This Architecture Works in Practice
4.1 Deployment Activity 4.2 Current Versions by Environment 4.3 Agent Health 4.4 Queue and Live Operations 4.5 Interpreting Status Widgets
5.1 Project Concept and Boundaries 5.2 Project Settings 5.3 Allowed Agents 5.4 Project Members 5.5 Project-level Notifications and Defaults
6.1 Agent Lifecycle (create, register, online/offline) 6.2 Install Instructions (Linux / macOS / Windows) 6.3 Tags and Job Routing 6.4 Agent Update Mechanism 6.5 Agent Archives and Binary Management 6.6 Agent Status, Metrics, and Troubleshooting
7.1 Global Configuration Overview 7.2 Notifications Settings 7.3 OAuth Login Settings (GitHub/GitLab) 7.4 SMTP/Email Notes 7.5 Operational Security Defaults
8.1 Project Secrets 8.2 Project Variables 8.3 Environment Secrets 8.4 Environment Variables 8.5 Global Secrets & Variables 8.6 Priority Resolution Rules 8.7 Best Practices for Sensitive Data
9.1 Release Sources (GitHub, GitLab, URL, Storage) 9.2 Tag and Asset Selection Model 9.3 Internal Release Storage 9.4 File Upload and Webhook Upload 9.5 Checksum / Integrity Considerations
11.1 Standalone Runs vs Pipelines 11.2 Launch Flows 11.3 Pipeline Graph (DAG) 11.4 Live Job Pages 11.5 Rerun Strategies (all / failed) 11.6 Artifacts and Outputs
12.1 Release Creation Flow 12.2 Environments and Deployment Modes 12.3 Source + Blueprint Binding 12.4 Launch Inputs in Release Context 12.5 Release Status Lifecycle 12.6 Release Detail Page Anatomy
13.1 Approval Model 13.2 Approver Selection Rules 13.3 Pending Approval Behavior 13.4 Approve / Comment / Cancel 13.5 Notification Behavior in Approval Flow
14.1 Rollback Policy Overview 14.2 Check Target (all pipeline vs specific job) 14.3 Delay and Trigger Rules 14.4 Modes (last successful / selected release / selected version) 14.5 Rollback Traceability and Linked Releases 14.6 Anti-loop and Safety Recommendations
15.1 Live Console Features 15.2 Step Timeline and Search 15.3 Log Download Scopes (job / pipeline) 15.4 Status and Duration Interpretation 15.5 Common Failure Patterns
16.1 User Model and Profile 16.2 Project Permissions 16.3 Global Permissions 16.4 API Keys 16.5 Access Approval for New OAuth Users 16.6 2FA Enforcement
17.1 User-level Notification Preferences 17.2 Project-level Notification Policies 17.3 Event Types (release, run, approval, comments, cancel/rerun) 17.4 Delivery Channels and Operational Notes
18.1 API Authentication 18.2 Project-Scoped API Usage 18.3 Blueprints API 18.4 Releases API 18.5 Pipelines and Job Runs API 18.6 Integration Patterns (portal, bots, external orchestrators)
19.1 Audit Log Model 19.2 Action Types and Filters 19.3 Soft Delete Behavior 19.4 Operational Traceability Patterns
20.1 Standard App Deployment 20.2 Multi-Environment Rollout 20.3 Approval-Gated Production Release 20.4 Rollback Execution Playbook 20.5 Incident Triage with Graph + Live Logs
21.1 Agent Not Claiming Jobs 21.2 Release Source / Asset Not Loading 21.3 Secrets/Variables Not Applied 21.4 Approval Flow Not Starting Deploy 21.5 Pipeline Rerun Behavior 21.6 Common UI/Validation Issues
22.1 Terms and Definitions 22.2 Status Vocabulary (release, deployment, pipeline, job)
23.1 Example Blueprints 23.2 Example API Requests/Responses 23.3 Recommended Naming Conventions 23.4 Versioning and Changelog Guidance

10.3 Jobs, Steps, Needs, If, Allow Failure

Orbnetes deployment and release orchestration documentation for operators and platform teams.

Jobs

A job is a pipeline stage with its own tags, conditions, and steps.

Steps

A step is one command block executed in selected shell. Use multiple small steps instead of one giant command block for better observability.

Needs

needs defines DAG dependencies between jobs.

  • Enables serial safety where required.
  • Enables parallel execution where possible.

If

if controls conditional execution for job or step.

  • Job-level if: gate whole stage.
  • Step-level if: gate command subset.

Allow Failure

allow_failure: true marks a job as non-blocking if it fails. Use only for genuinely optional checks.

Operational strategy:

  • critical path jobs (backup, deploy, migration) should be strict.
  • optional diagnostics/reporting can be allow-failure.

Jobs, Needs, Conditions

Use DAG pipelines for prepare/build/test/deploy flow. Jobs can run in parallel by dependency graph, and you can control behavior on failure using needs_policy, allow_failure, and step-level when.

jobs:
  test:
    needs: [build]
    needs_policy: all_done          # success | all_done
    if: ${{ vars.APP_MODE }} == demo
    allow_failure: true
    steps:
      - name: run-tests
        shell: bash
        run: ./scripts/test.sh

      - name: notify-on-failure
        when: on_failure            # on_success | on_failure | always
        run: echo "tests failed"

      - name: cleanup
        when: always
        run: rm -rf .tmp || true

Artifacts Between Jobs

Artifacts are the standard way to pass files between jobs/agents. Build job uploads output; downstream job reads via needs.<job_key>.artifacts.*.

jobs:
  build:
    steps:
      - name: build
        run: |
          mkdir -p out
          echo "build $(date -u +%Y-%m-%dT%H:%M:%SZ)" > out/build.txt
    artifacts:
      name: build-output
      retention_days: 7
      paths:
        - out/**

  verify:
    needs: [build]
    steps:
      - name: check
        run: |
          ls -la "${{ needs.build.artifacts.dir }}"
          cat "${{ needs.build.artifacts.dir }}/out/build.txt"

Container Execution

Container mode gives isolated, reproducible runtime with resource and security limits. Use for deterministic builds and safer script execution.

jobs:
  smoke:
    tags: [linux]
    container:
      image: alpine:3.20
      pull_policy: if-not-present
      network: bridge
      cpu: "1.0"
      memory: "512m"
      read_only: true
      no_new_privileges: true
      cap_drop: [ALL]
      tmpfs:
        - /tmp:size=64m
    steps:
      - name: ping
        shell: bash
        run: |
          apk add --no-cache iputils
          ping -c 1 1.1.1.1 || true

Timeouts, Retry, Concurrency

Production baseline for stable operations: per-job timeout, per-step timeout/retry, cleanup hooks, and concurrency groups to avoid parallel deploy races to same environment/service.

concurrency:
  group: deploy-prod
  cancel_in_progress: true

jobs:
  deploy:
    timeout_sec: 1800
    teardown_timeout_sec: 120
    steps:
      - name: migrate
        timeout_sec: 300
        retry: 2
        retry_delay_sec: 15
        run: php artisan migrate --force

      - name: restart-workers
        when: always
        run: php artisan horizon:terminate || true