diff --git a/cc-ci-plan/plan.md b/cc-ci-plan/plan.md index 2bdbd94..760e558 100644 --- a/cc-ci-plan/plan.md +++ b/cc-ci-plan/plan.md @@ -329,6 +329,19 @@ Bridge posts/updates a Gitea PR comment with the run URL and (on completion) pas - The bridge is a tiny service (Go or Python+FastAPI). Keep it dependency-light; it's a NixOS systemd service behind Traefik at e.g. `ci.commoninternet.net/hook` (§4.0). +- **Trigger mode: webhook OR poll, mutually exclusive, flag-selected (SETTLED).** Two + implementations exist, but **only one runs at a time**, chosen by env (e.g. `BRIDGE_TRIGGER_MODE= + webhook|poll`): (1) the Gitea `issue_comment` **webhook** — the default/primary, low-latency push + path (confirmed working); (2) **polling** the Gitea API for new `!testme` comments — kept in the + codebase but **disabled by default**, the fallback you flip on when webhook delivery isn't arriving + (e.g. a gateway/network hiccup, as bit M3 early on). Polling reverses direction (cc-ci → + git.autonomic.zone, outbound — the reliably-working path) at ≤60s to satisfy D1. Because the modes + are exclusive, no cross-path dedupe is needed; just don't re-fire already-seen comments when poll + mode is switched on. Either mode alone satisfies D1. +- **Collaborator check must count org access.** The commenter-authorization step rejects + non-collaborators (correct, per §6) — but it must treat `recipe-maintainers` **org members/admins** + as authorized (the bot is org admin; a naive repo-collaborator check rejects it). Verify real + maintainers pass; don't gate legitimate `!testme` on a too-narrow collaborator lookup. - Enrollment = registering the Gitea webhook on a recipe repo (script in `runner/` or documented in `enroll-recipe.md`) + ensuring a `tests//` dir exists. The `autonomic-bot` account is **admin on the `recipe-maintainers` org**, so it can create repos there and add webhooks to any