From f0716764db9cf249d2d59ceb18d3d663c8cf979d Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 5 Jun 2026 01:28:27 +0000 Subject: [PATCH] feat(recipe-upgrade): upstream release-notes registry + recipe-README read (recipe-maintainer parity) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Close the two gaps vs recipe-maintainer's recipe-upgrade-plan: - Per-recipe release-notes registry at cc-ci-plan/upstream/.md (discover the source repo + releases/changelog URL for each image once, persist+commit, reuse) — fetch release notes FROM those URLs instead of rediscovering ad-hoc each run. Format doc + cryptpad seed included. - Explicitly read the recipe's README for shipped upgrade/migration notes. Co-Authored-By: Claude Opus 4.8 --- .claude/skills/recipe-upgrade/SKILL.md | 17 +++++++++++---- cc-ci-plan/upstream/README.md | 30 ++++++++++++++++++++++++++ cc-ci-plan/upstream/cryptpad.md | 12 +++++++++++ 3 files changed, 55 insertions(+), 4 deletions(-) create mode 100644 cc-ci-plan/upstream/README.md create mode 100644 cc-ci-plan/upstream/cryptpad.md diff --git a/.claude/skills/recipe-upgrade/SKILL.md b/.claude/skills/recipe-upgrade/SKILL.md index f21c3a5..4e50f4e 100644 --- a/.claude/skills/recipe-upgrade/SKILL.md +++ b/.claude/skills/recipe-upgrade/SKILL.md @@ -1,6 +1,6 @@ --- name: recipe-upgrade -description: Upgrade ONE Co-op Cloud recipe end-to-end and verify it on the cc-ci CI server. Researches available upstream upgrades, plans them (breaking changes, migrations, config), implements the bump (image tags + recipe version label + config), opens a recipe PR, and verifies it by posting `!testme` on the PR (real CI; results visible in the PR; iterates up to 3×). DEFAULT: recipe PR only, using existing tests — if a test fails because it is genuinely stale, it leaves an explanatory COMMENT on the PR for the operator (does NOT touch tests). With `--with-tests`: also opens + verifies a PR to update the stale cc-ci test. NEVER merges. The per-recipe worker behind /upgrade-all. Invoke as /recipe-upgrade [--with-tests]. +description: Upgrade ONE Co-op Cloud recipe end-to-end and verify it on the cc-ci CI server. Researches available upstream upgrades — fetching each image's release notes via a persisted per-recipe registry (cc-ci-plan/upstream/.md) + the recipe README — plans them (breaking changes, migrations, config), implements the bump (image tags + recipe version label + config), opens a recipe PR, and verifies it by posting `!testme` on the PR (real CI; results visible in the PR; iterates up to 3×). DEFAULT: recipe PR only, using existing tests — if a test fails because it is genuinely stale, it leaves an explanatory COMMENT on the PR for the operator (does NOT touch tests). With `--with-tests`: also opens + verifies a PR to update the stale cc-ci test. NEVER merges. The per-recipe worker behind /upgrade-all. Invoke as /recipe-upgrade [--with-tests]. --- # recipe-upgrade @@ -79,9 +79,18 @@ ssh cc-ci 'export PATH=/run/current-system/sw/bin:$PATH; R=; \ - **No upgrades available → stop** (status `SKIPPED — up-to-date`) — after the reconcile above. - Check `git log HEAD..origin/main` and upstream PRs (`git.coopcloud.tech/coop-cloud//pulls`) — if someone already started the bump, **re-plan from the tip of `origin/main`**, not from scratch. -- For each service with an upgrade, fetch upstream **release notes** (WebFetch) between current and - target versions and call out **breaking changes / required migrations / new-or-renamed config / - dependency bumps** in an "Operator Action Required" section. +- **Release-notes registry (discover once, reuse — parity with recipe-maintainer's `upstream.md`).** + Read `cc-ci-plan/upstream/.md` — a per-image map of source repo + releases/changelog URL. If + it's missing, or an image in `compose.yml` isn't covered (new/renamed service), discover the upstream + project + releases page for each uncovered image (WebSearch the image → its GitHub/source repo → + releases/changelog), **write/update** `cc-ci-plan/upstream/.md` and commit it + (`git -C /srv/cc-ci-orch add cc-ci-plan/upstream/.md && git -C /srv/cc-ci-orch commit -m "upstream(): release-notes sources" && git -C /srv/cc-ci-orch push`). + Format + how it's used: `cc-ci-plan/upstream/README.md`. +- **For each service with an upgrade, fetch the release notes from the registry URLs** (WebFetch) + between current → target versions, and call out **breaking changes / required migrations / new-or- + renamed config / dependency version requirements** in an "Operator Action Required" section. +- **Read the recipe's README** (`~/.abra/recipes//README.md`, if present) for upgrade-specific + instructions, migration steps, or breaking-change notes shipped with the recipe itself. - Write the plan to `/srv/cc-ci/.cc-ci-logs/upgrades/-upgrade-.md`: goal, image tag table (service / current → new), recipe version bump (+ semver reasoning), required compose/ config changes, risks. (No human review gate — proceed straight to implement.) diff --git a/cc-ci-plan/upstream/README.md b/cc-ci-plan/upstream/README.md new file mode 100644 index 0000000..2e08698 --- /dev/null +++ b/cc-ci-plan/upstream/README.md @@ -0,0 +1,30 @@ +# Upstream release-notes registry + +Per-recipe maps of **where each image's release notes / changelog live**. This is the cc-ci analog of +recipe-maintainer's `recipe-info//upstream.md`: the `/recipe-upgrade` skill reads +`cc-ci-plan/upstream/.md` so it doesn't have to rediscover the upstream source for every image +on every weekly run — discover once, persist, reuse. + +## How `/recipe-upgrade` uses it (step 1) +1. Read `cc-ci-plan/upstream/.md`. +2. If it's **missing**, or an image in the recipe's `compose.yml` **isn't covered** (new/renamed + service), discover the upstream project + releases page for each uncovered image (WebSearch the + image → its GitHub/source repo → its releases/changelog page), then **write/update** this file and + commit it (`git -C /srv/cc-ci-orch add cc-ci-plan/upstream/.md && commit && push`). +3. Fetch the release notes **from these URLs** between the current → target version of each service. + +## Format (one file per recipe) +```markdown +# Upstream sources — + +| service | image | source repo | releases / changelog | +|---------|-------|-------------|----------------------| +| app | cryptpad/cryptpad | https://github.com/cryptpad/cryptpad | https://github.com/cryptpad/cryptpad/releases | +| web | nginx | https://github.com/nginx/nginx | https://nginx.org/en/CHANGES | + +## Standing notes +- +``` +Keep URLs canonical (the project's own releases/CHANGES page, not a mirror). Add a **Standing notes** +section for migration gotchas you only want to learn once. diff --git a/cc-ci-plan/upstream/cryptpad.md b/cc-ci-plan/upstream/cryptpad.md new file mode 100644 index 0000000..2192bef --- /dev/null +++ b/cc-ci-plan/upstream/cryptpad.md @@ -0,0 +1,12 @@ +# Upstream sources — cryptpad + +| service | image | source repo | releases / changelog | +|---------|-------|-------------|----------------------| +| app | cryptpad/cryptpad | https://github.com/cryptpad/cryptpad | https://github.com/cryptpad/cryptpad/releases | +| web | nginx | https://github.com/nginx/nginx | https://nginx.org/en/CHANGES | + +## Standing notes +- `abra recipe upgrade` cannot parse the `version-YYYY.M.D` tag format of the cryptpad/cryptpad image, + so the app image is bumped by hand; the nginx sidecar is what `abra recipe upgrade` actually moves. +- nginx is HTTP/1.1-only here (sidecar on :8083, `proxy_http_version 1.1`), so HTTP/2/3 CVE changes in + nginx releases generally don't affect this recipe — but still note them.