diff --git a/cc-ci-plan/plan-mirror-enroll-all-recipes.md b/cc-ci-plan/plan-mirror-enroll-all-recipes.md new file mode 100644 index 0000000..74480a8 --- /dev/null +++ b/cc-ci-plan/plan-mirror-enroll-all-recipes.md @@ -0,0 +1,87 @@ +# Plan — mirror + enroll ALL recipes (then resume per-recipe debugging) + +**Status:** PROPOSED — awaiting operator go-ahead on the live-host deploy (Phase 4). +**Owner:** orchestrator (can delegate authoring to a Builder/upgrader session). +**Created:** 2026-06-02. **Author:** Claude Sonnet 4.6 orchestrator session. + +## Goal & rationale + +Get **every** recipe mirrored in `recipe-maintainers/` AND enrolled in the `!testme` bridge, +so all of them are CI-triggerable, **before** resuming debugging of individual recipes (matrix-synapse +re-run failure, ghost backup PR, etc.). Operator directive: "make sure all recipes are mirrored and +enrolled before we continue debugging particular recipes." + +Target end-state: **19 recipes** — the 18 with `tests/` coverage today, **plus hedgedoc** (operator +chose "add a test suite" for it) — each mirrored, enrolled in `POLL_REPOS`, and test-covered. + +## Current state (surveyed 2026-06-02) + +Canonical set = recipes with a `tests//` dir = **18**: +`bluesky-pds, cryptpad, custom-html, custom-html-tiny, discourse, ghost, immich, keycloak, +lasuite-docs, lasuite-drive, lasuite-meet, mailu, matrix-synapse, mattermost-lts, mumble, n8n, +plausible, uptime-kuma`. (+ hedgedoc, enrolled but no tests — see Phase 2.) + +| Dimension | State | +|---|---| +| **Enrolled** in bridge `POLL_REPOS` (9) | custom-html, custom-html-tiny, keycloak, cryptpad, matrix-synapse, lasuite-docs, lasuite-meet, n8n, uptime-kuma (+ hedgedoc, + cc-ci) | +| **NOT enrolled** (9) | bluesky-pds, discourse, ghost, immich, lasuite-drive, mailu, mattermost-lts, mumble, plausible | +| **Mirror missing** (3) | lasuite-drive, mailu, mumble (all real recipes — verified) | +| **Enrolled but untested** | hedgedoc (mirror+enrollment exist, no `tests/hedgedoc/`) | + +Where things live: +- Bridge enrollment: `recipe-maintainers/cc-ci` → `nix/modules/bridge.nix`, the `POLL_REPOS=` CSV (~line 43). +- Tests: `recipe-maintainers/cc-ci` → `tests//` (template: `recipe_meta.py`, `functional/test_*.py`, `PARITY.md`). +- Mirror create + main-sync logic: `recipe-upgrade/open-recipe-pr.sh` (create at lines 53-70, force-sync at 75-77). +- Live deploy target: `nixos-rebuild switch --flake .#cc-ci` on the cc-ci host (now safe — `be4f451` mapped `#cc-ci` → the Hetzner host config). + +## Phases + +### Phase 0 — pre-flight (no writes) +- Confirm each of `lasuite-drive, mailu, mumble` resolves via `abra recipe fetch ` on the cc-ci + host (upstream exists). All three have `tests/` so they were exercised in phase 2; expected to pass. +- Snapshot current `POLL_REPOS` and the live bridge unit state for rollback reference. + +### Phase 1 — create the 3 missing mirrors +For each of `lasuite-drive, mailu, mumble`: create `recipe-maintainers/` (Gitea API) and +force-sync its `main` to true upstream `main`. Reuse the create+sync path in `open-recipe-pr.sh` +(run on the cc-ci host with bot creds), or `--reconcile-only` after the repo exists. **No PRs opened.** + +### Phase 2 — author the hedgedoc test suite +hedgedoc is enrolled+mirrored but has no `tests/hedgedoc/`. Author one mirroring a simple recipe +(template = `tests/uptime-kuma/`): `recipe_meta.py`, `functional/test_*.py` (health-check + a +content/branding probe at minimum), `PARITY.md`. Open a cc-ci PR for the new suite; verify it green +via `!testme` before relying on it. (This is the larger sub-task; can be delegated to a Builder session.) + +### Phase 3 — enroll the 9 unenrolled recipes +Edit `nix/modules/bridge.nix` `POLL_REPOS` to add: `bluesky-pds, discourse, ghost, immich, +lasuite-drive, mailu, mattermost-lts, mumble, plausible`. Confirm each has a `tests//` (all 9 +do). Commit to the cc-ci product repo. Final `POLL_REPOS` = cc-ci + all 19 recipes. + +### Phase 4 — deploy to the live cc-ci host ⚠️ OPERATOR GO-AHEAD GATE +`cd /root/cc-ci && nixos-rebuild switch --flake .#cc-ci` on the cc-ci host (or the repo's deploy path). +Restarts the bridge with the new poll set. **This is the one high-impact step** (live CI server); do +not run without explicit go-ahead. Note: `/root/cc-ci` on the host is an operator-synced copy — confirm +it's at the committed head first (this was a noted gap: no self-service host rebuild path). + +### Phase 5 — verify `!testme` triggerability +For 2-3 newly-enrolled recipes, post `!testme` on an open PR (or a scratch PR) and confirm a Drone +build starts and reports back. Spot-check the bridge poll log shows all 19 repos. + +### Phase 6 — resume per-recipe debugging (was blocked on the above) +Only after Phases 1-5: pick up the deferred per-recipe work — matrix-synapse upgrade re-run failure, +ghost backup PRs (#1 reopened, #2 upgrade), discourse bitnamilegacy re-pin, immich/mattermost/plausible +backup fixes, etc. (See `DEFERRED.md` + the build-audit summary.) + +## Risks & rollback +- **Live-host rebuild (Phase 4):** mitigated now that `#cc-ci` → Hetzner config (`be4f451`); still the + highest-risk step. Rollback = `nixos-rebuild switch --rollback` or redeploy the prior generation. +- **Bridge poll widening:** more repos polled = more API calls; negligible at 19 repos. A bad recipe + enrollment can't break others (per-recipe runs are isolated). +- **hedgedoc tests (Phase 2):** authoring risk only; gated by its own `!testme`-green PR before trust. + +## Open items / decisions +- hedgedoc: **author tests** (operator-chosen). Scope it as its own PR. +- `bluesky-pds #1` open PR looks like a `recipe-create-pr` smoke-test artifact — close separately + (flagged to @notplants). +- Host self-service rebuild path for cc-ci is still a gap (Phase 4 depends on an operator-synced + `/root/cc-ci`); worth a durable fix later.