From ef42e3d9228993ce1389b623dca970ddb79949aa Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 02:15:32 +0100 Subject: [PATCH] =?UTF-8?q?plan=20=C2=A74.1:=20trigger=20is=20webhook-OR-p?= =?UTF-8?q?oll=20(mutually=20exclusive,=20flag-selected),=20+=20collaborat?= =?UTF-8?q?or=20check?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Record the trigger design: webhook (default/primary, confirmed working) and polling (kept but disabled behind a flag) are mutually exclusive — only one runs at a time, so no cross-path dedupe. Poll is the fallback when webhook delivery fails. Also note the commenter-auth check must count recipe-maintainers org members/admins, not just repo collaborators (the bot is org admin and was being rejected). Co-Authored-By: Claude Opus 4.7 (1M context) --- cc-ci-plan/plan.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/cc-ci-plan/plan.md b/cc-ci-plan/plan.md index 2bdbd94..760e558 100644 --- a/cc-ci-plan/plan.md +++ b/cc-ci-plan/plan.md @@ -329,6 +329,19 @@ Bridge posts/updates a Gitea PR comment with the run URL and (on completion) pas - The bridge is a tiny service (Go or Python+FastAPI). Keep it dependency-light; it's a NixOS systemd service behind Traefik at e.g. `ci.commoninternet.net/hook` (§4.0). +- **Trigger mode: webhook OR poll, mutually exclusive, flag-selected (SETTLED).** Two + implementations exist, but **only one runs at a time**, chosen by env (e.g. `BRIDGE_TRIGGER_MODE= + webhook|poll`): (1) the Gitea `issue_comment` **webhook** — the default/primary, low-latency push + path (confirmed working); (2) **polling** the Gitea API for new `!testme` comments — kept in the + codebase but **disabled by default**, the fallback you flip on when webhook delivery isn't arriving + (e.g. a gateway/network hiccup, as bit M3 early on). Polling reverses direction (cc-ci → + git.autonomic.zone, outbound — the reliably-working path) at ≤60s to satisfy D1. Because the modes + are exclusive, no cross-path dedupe is needed; just don't re-fire already-seen comments when poll + mode is switched on. Either mode alone satisfies D1. +- **Collaborator check must count org access.** The commenter-authorization step rejects + non-collaborators (correct, per §6) — but it must treat `recipe-maintainers` **org members/admins** + as authorized (the bot is org admin; a naive repo-collaborator check rejects it). Verify real + maintainers pass; don't gate legitimate `!testme` on a too-narrow collaborator lookup. - Enrollment = registering the Gitea webhook on a recipe repo (script in `runner/` or documented in `enroll-recipe.md`) + ensuring a `tests//` dir exists. The `autonomic-bot` account is **admin on the `recipe-maintainers` org**, so it can create repos there and add webhooks to any