diff --git a/cc-ci-plan/JOURNAL.md b/cc-ci-plan/JOURNAL.md index b9752ac..20b7718 100644 --- a/cc-ci-plan/JOURNAL.md +++ b/cc-ci-plan/JOURNAL.md @@ -274,3 +274,31 @@ to focus on) + a 🔒 Security Bulletin of critical-CVE upgrades FIRST, then nee the comprehensive table ("the full wire"). survey now feeds opus each recipe's upgrade_notes_md (breaking-change/CVE analysis). orchestrator `6cf5913`. First v2 (opus) live + verified — it led with the nginx 1.29→1.31 CVE batch (custom-html, cryptpad) and even noted live state past the morning summary. + +### Event 2026-06-09 ~19:50 — Orchestrator handover (assistant session): concurrent-CI fixes + immich/plausible drive +Operator promoted the cc-ci-assistant session (immich upgrade one-shot) to ORCHESTRATOR: "work on these +fixes to concurrent runs, then drive immich and plausible to green; autonomous; track in this repo." +**Immich (PR https://git.autonomic.zone/recipe-maintainers/immich/pulls/2, head a92b28d):** upgrade to +1.7.0+v2.7.5 (postgres pin HELD at 14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357… — what +immich-server v2.7.5 pins; abra FATA'd on tag+digest so surveyed upstream directly, registry persisted +at cc-ci-plan/upstream/immich.md) + backup/restore fix: `pg_dump --clean --if-exists` no-DROP restore +(**DROP DATABASE PANICs pgvecto.rs** → postgres signal 6 — confirmed in CI 225 logs + dev) + immich-docs +search_path sed. **Verified GREEN end-to-end in dev via real abra backup/restore path**; dev-immich torn +down, zero leakage. 6 !testme runs RED so far; 229/230 root cause (drone sqlite log extraction): +`/pg_backup.sh: No such file or directory` — the harness chaos-deployed a tree WITHOUT the config, +suspected shared-checkout race (my repro scripts flipped ~/.abra/recipes/immich during the builds). +**Queue findings (operator: "queue is getting blocked"):** build 231 (plausible !testme) was doomed — +cc-ci main lacks assistant3's UPGRADE_BASE_VERSION=3.0.1 pin (branch test/plausible-upgrade-base-3.0.1; +its push build 233 failed LINT, not content); canceled 231+232 (232=immich; drone cancel LEAKED the +python child — killed by hand; its immi-ad3e33 orphan reaped manually). **Push-build lint has been RED +since ≥ build 209** (repo-wide format drift + shellcheck + statix + 17 ruff errors) — nothing can land +green. **Parallel-CI unsafety confirmed in .drone.yml on main:** CCCI_JANITOR_MAX_AGE=0 (a starting +build reaps ANY in-flight run app), concurrency.limit=1 vs DRONE_RUNNER_CAPACITY=2 (live since 18:35), +shared HOME=/root + shared ~/.abra/recipes/ checkout — all annotated "safe because capacity=1". +**Plan in flight:** (1) lint-green commit (subagent on /home/loops/work/cc-ci-fix); (2) concurrency +safety: per-recipe flock in run_recipe_ci.py + janitor pidfile/age scoping + concurrency.limit=2 + +comment updates; (3) merge plausible pin; (4) re-!testme immich alone → green; (5) plausible green is +assistant3's lane (its verify: upgrade/backup tiers PASSED, restore post-hook failed `gzip: +/postgres.dump.gz: No such file` — pre-hook never produced the dump in the snapshot) — coordinating via +tmux, not duplicating. Siblings: cc-ci-assistant3 (plausible), cc-ci-upgrader (told to review plausible +failure). Memories moved INTO this repo at memory/ (542ed0a) — auto-memory path is a symlink now.