feat(iac): scaffold orca-platform layout (M1.1)

Lands manifests/, overlays/, dns/, scripts/, Makefile per M1.1. Bundles yourplatform.com→breakpilot.com rename. vms/ removed (out-of-scope for Orca).

Refs: M1.1

.gitea/workflows/ci.yaml

@@ -1,5 +1,6 @@
-# CI for orca-platform (IaC). `shared` always runs; `validate` activates
-# when at least one Orca manifest lands.
+# CI for orca-platform (IaC).
+# `shared` always runs (commitlint + gitleaks + trivy fs).
+# `validate` always runs (parses every manifest + overlay + vm spec).
 name: ci
 
 on:
@@ -53,18 +54,18 @@ jobs:
           TRIVY_VERSION=0.70.0
           curl -fsSL "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" \
             | tar -xz -C /tmp trivy
-          /tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs node_modules,target,dist .
+          /tmp/trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --skip-dirs node_modules,target,dist,.orca-out .
 
   validate:
     runs-on: docker
-    if: hashFiles('**/*.orca.yaml','**/*.orca.yml','manifests/**') != ''
     steps:
       - uses: actions/checkout@v4
 
-      - name: install orca
+      - name: setup python
+        shell: bash
         run: |
-          curl -fsSL https://orca.meghsakha.com/install.sh | sh
-          orca version
+          which python3
+          python3 --version
 
-      - name: orca validate
-        run: orca validate ./
+      - name: make validate
+        run: make validate

.gitea/workflows/release.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: docker
     environment:
       name: production           # Gitea Environments — requires sign-off per branch protection
-      url: https://yourplatform.com
+      url: https://breakpilot.com
     steps:
       - uses: actions/checkout@v4
         with: { fetch-depth: 0 }
@@ -22,7 +22,7 @@ jobs:
 
       - name: verify stage soak (>= 24h on this image)
         run: |
-          IMG=registry.yourplatform.com/${{ github.event.repository.name }}:env-stage
+          IMG=registry.breakpilot.com/${{ github.event.repository.name }}:env-stage
           SOAK_SECONDS=$(orca image-age --env=stage --image $IMG)
           if [ "$SOAK_SECONDS" -lt 86400 ]; then
             echo "Stage soak only $SOAK_SECONDS s, < 24h. Aborting."
@@ -34,12 +34,12 @@ jobs:
       - name: re-tag image as semver + env-prod
         uses: docker/login-action@v3
         with:
-          registry: registry.yourplatform.com
+          registry: registry.breakpilot.com
           username: ${{ secrets.REGISTRY_USER }}
           password: ${{ secrets.REGISTRY_PASS }}
 
       - run: |
-          IMG=registry.yourplatform.com/${{ github.event.repository.name }}
+          IMG=registry.breakpilot.com/${{ github.event.repository.name }}
           docker pull $IMG:env-stage
           docker tag  $IMG:env-stage $IMG:v${{ steps.v.outputs.version }}
           docker tag  $IMG:env-stage $IMG:env-prod