recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1eb720e95a2fcb999a12d678980ac26b9f99c19a
cc-ci-orchestrator/cc-ci-plan/plan-phase-mailu-backup.md
autonomic-bot 327b9f4efe plan: phases dstamp, mailu, kuma, drone (queued after bsky) + journal 
- dstamp: attribute + fix the discourse abra-stamp drift (env change 06-05→
  06-10, harness-neutral, currently pinning discourse at L1); blast-radius
  sweep; HC1 keeps its teeth
- mailu: backupbot v2 labels recipe PR, restore proven on real seeded mail,
  backup rung earned instead of skipped (operator approved re-entry)
- kuma: uptime-kuma first-run wizard + create-a-monitor functional test
  (Socket.IO or Playwright, real probe evidence, flake-checked)
- drone: gitea-dep enrollment, maximal subset per Phase-2 scoping;
  P0 /etc/timezone host deploy is orchestrator-owned (3bde76f committed)
2026-06-11 11:43:03 +00:00

4.3 KiB
Raw Blame History

Phase mailu — add backupbot labels to the mailu recipe (backup/restore coverage)

Mission (operator-approved 2026-06-11 — the DEFERRED re-entry trigger "operator approves a cc-ci-authored mailu backupbot recipe-PR" has fired): mailu ships no backupbot.backup labels, so its backup/restore rung is a structural skip. Author a recipe-mirror PR adding proper backupbot coverage, prove backup→wipe→restore data integrity green in real CI at the PR head, and flip mailu's backup rung from intentional-skip to genuinely earned.

State files: STATUS-mailu.md, BACKLOG-mailu.md, REVIEW-mailu.md, JOURNAL-mailu.md. DECISIONS.md shared.

1. Starting facts

  • DEFERRED entry (2026-05-29): no backupbot.backup label on any service → backup_capable=False, tiers cleanly SKIP. Durable fix = recipe-PR adding labels for the admin DB (sqlite at /data) + the mailu mail volume, "mirroring the immich Q3.5/Q3.2b pattern".
  • mailu install + upgrade + functional (create-mailbox, IMAP login, send/receive mail-flow) are already covered and green — only backup/restore is missing.
  • Backupbot label syntax: use the backupbot v2 syntax (a v1-vs-v2 syntax mistake burned the plausible work once — see machine-docs history; verify against the backupbot docs/other recipes' current labels, e.g. immich's merged pattern).
  • Under the new level semantics, mailu currently climbs past backup as an intentional skip; after this phase it must EARN the rung instead (and its declared-skip meta in tests/mailu must be updated accordingly — that change is part of this phase).

2. Work requirements

  1. Research the recipe's real data layout before labeling: which services hold state (admin sqlite, mail store, redis?, certificates?), what must be quiesced or is safe to copy live, and how the published mailu recipe + upstream docs define the durable set. Justify every labeled path in the PR description; don't label caches.
  2. Recipe-mirror PR (NEVER push main, NEVER merge): backupbot v2 labels + any minimal compose plumbing they need + recipe version label bump per conventions.
  3. cc-ci side: update tests/mailu meta (backup capability declaration) and ensure the restore tier's data-integrity seed/verify actually exercises MAIL data (a seeded mailbox + message that survives backup→wipe→restore — extend the existing functional helpers if the current seed is too shallow; never weaken anything).
  4. Prove at PR head via real CI: full lifecycle green incl. the now-active backup/restore rung and lint (L5 expected if all rungs pass); ≥1 drone !testme run. Record the before/after level (intentional-skip climb → earned rung).
  5. Close records: tick the DEFERRED entry with PR + run pointers; operator handoff in STATUS-mailu.md (what the PR adds, what to expect post-merge).

3. Gates

M1 — PR open + green. Root data-layout research documented; mirror PR open with justified labels; full lifecycle green at PR head incl. restore data-integrity on real seeded mail data; cc-ci meta/test changes minimal and unweakened. Adversary verifies the labeled set against upstream docs (nothing durable missed, nothing junk included), the restore proof is genuine (data actually survives a wipe), and the drone path ran.

M2 — Operator handoff. Fresh Adversary cold pass (independent re-trigger at PR head, restore integrity re-checked); levels reconciled; DEFERRED closed; STATUS-mailu.md operator summary. ## DONE with the PR left OPEN for the operator.

4. Guardrails (binding)

  • Recipe mirrors: PR only. No gate weakening — the restore tier's assertions may only get STRONGER. Mail data in test fixtures must be synthetic (never real addresses beyond test domains; no secrets in logs/commits/PR text).
  • Real-CI etiquette: ≤2-3 concurrent deploys; teardown every dev deploy on every exit path; never touch ~/.abra/recipes/mailu during its builds.
  • Commit author autonomic-bot <autonomic-bot@noreply.git.autonomic.zone>; push every commit. CI host: no python3 on default PATH.

5. Definition of Done

Mirror PR open with evidence-justified backupbot v2 labels; backup→wipe→restore proven on real seeded mail data at PR head incl. drone path; mailu's backup rung earned (not skipped) with levels reconciled; DEFERRED closed; M1+M2 fresh Adversary PASSes; PR unmerged for the operator.