recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

recipe-upgrade: cross-check upstream when abra is blind (immich tag+digest skip)

Browse Source 
abra recipe upgrade is the first approach, but it silently contributes no
candidate for tag+digest pins (FATA: tag and digest not supported), digest-only
pins, and non-semver tags. immich kept getting skipped this way. Before
concluding SKIPPED — up-to-date, do a direct upstream tag check for every image
abra could not cleanly evaluate; only skip when BOTH agree nothing is newer.
This commit is contained in:
autonomic-bot
2026-06-19 11:51:37 +00:00
parent 68bbfc72f2
commit ce5d2e22cf
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.claude/skills/recipe-upgrade/SKILL.md
View File

@ -82,7 +82,24 @@ the real current recipe, not a stale mirror.
```
Skip a recipe as `SKIPPED — dirty-worktree` **only if it is still dirty with TRACKED changes after the
stash** (real local edits), not for the untracked overlay.
- **No upgrades available → stop** (status `SKIPPED — up-to-date`) — after the reconcile above.
- **abra says no upgrades → do NOT conclude `up-to-date` yet; cross-check upstream directly first.**
`abra recipe upgrade` is the **first** approach, but it is **blind to images abra can't evaluate** —
most importantly **tag+digest pins** (`image:tag@sha256:`), where abra FATAs `Docker references with
both a tag and digest are currently not supported` and silently contributes **no** candidate (this is
exactly how **immich** kept getting skipped). A digest-only pin or a non-semver tag can likewise yield
nothing. So **before** writing `SKIPPED — up-to-date`, do a **direct upstream check** for every service
whose image abra did **not** produce a clean upgrade decision for (any tag+digest / digest-only /
abra-FATA / abra-returned-nothing image):
1. Read `cc-ci-plan/upstream/<recipe>.md` (per-image releases/changelog URLs; discover + write it per
the registry bullet below if missing).
2. For each such image, list the **upstream registry tags** and pick the newest tag the app version
supports (the §2 "list the registry tags, pick the newest one the app supports — don't blindly take
the max" method), and compare it to the **currently pinned** tag.
3. If any service has a newer supported upstream tag than what's pinned → there **is** an upgrade:
proceed to plan/implement it (per §2, preserving any digest pin).
- **Only conclude `SKIPPED — up-to-date` when BOTH agree** there is nothing newer: abra found no bump
**and** the direct upstream check finds no newer supported tag for any abra-blind image. A
`tag and digest … not supported` FATA is a **trigger for the upstream check, never a skip on its own.**
- Check `git log HEAD..origin/main` and upstream PRs (`git.coopcloud.tech/coop-cloud/<recipe>/pulls`)
— if someone already started the bump, **re-plan from the tip of `origin/main`**, not from scratch.
- **Release-notes registry (discover once, reuse — parity with recipe-maintainer's `upstream.md`).**