recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1eb720e95a2fcb999a12d678980ac26b9f99c19a
cc-ci-orchestrator/cc-ci-plan/plan-phase-mailu-backup.md
autonomic-bot 327b9f4efe plan: phases dstamp, mailu, kuma, drone (queued after bsky) + journal 
- dstamp: attribute + fix the discourse abra-stamp drift (env change 06-05→
  06-10, harness-neutral, currently pinning discourse at L1); blast-radius
  sweep; HC1 keeps its teeth
- mailu: backupbot v2 labels recipe PR, restore proven on real seeded mail,
  backup rung earned instead of skipped (operator approved re-entry)
- kuma: uptime-kuma first-run wizard + create-a-monitor functional test
  (Socket.IO or Playwright, real probe evidence, flake-checked)
- drone: gitea-dep enrollment, maximal subset per Phase-2 scoping;
  P0 /etc/timezone host deploy is orchestrator-owned (3bde76f committed)
2026-06-11 11:43:03 +00:00

74 lines
4.3 KiB
Markdown
Raw Blame History

# Phase `mailu` — add backupbot labels to the mailu recipe (backup/restore coverage)
**Mission (operator-approved 2026-06-11 — the DEFERRED re-entry trigger "operator
approves a cc-ci-authored mailu backupbot recipe-PR" has fired):** mailu ships no
`backupbot.backup` labels, so its backup/restore rung is a structural skip. Author a
recipe-mirror PR adding proper backupbot coverage, prove backup→wipe→restore data
integrity green in real CI at the PR head, and flip mailu's backup rung from
intentional-skip to genuinely earned.
State files: `STATUS-mailu.md`, `BACKLOG-mailu.md`, `REVIEW-mailu.md`,
`JOURNAL-mailu.md`. DECISIONS.md shared.
## 1. Starting facts
- DEFERRED entry (2026-05-29): no `backupbot.backup` label on any service →
`backup_capable=False`, tiers cleanly SKIP. Durable fix = recipe-PR adding labels for
the admin DB (sqlite at /data) + the `mailu` mail volume, "mirroring the immich
Q3.5/Q3.2b pattern".
- mailu install + upgrade + functional (create-mailbox, IMAP login, send/receive
mail-flow) are already covered and green — only backup/restore is missing.
- Backupbot label syntax: use the **backupbot v2** syntax (a v1-vs-v2 syntax mistake
burned the plausible work once — see machine-docs history; verify against the
backupbot docs/other recipes' current labels, e.g. immich's merged pattern).
- Under the new level semantics, mailu currently climbs past backup as an intentional
skip; after this phase it must EARN the rung instead (and its declared-skip meta in
tests/mailu must be updated accordingly — that change is part of this phase).
## 2. Work requirements
1. **Research the recipe's real data layout before labeling:** which services hold
state (admin sqlite, mail store, redis?, certificates?), what must be quiesced or is
safe to copy live, and how the published mailu recipe + upstream docs define the
durable set. Justify every labeled path in the PR description; don't label caches.
2. **Recipe-mirror PR** (NEVER push main, NEVER merge): backupbot v2 labels + any
minimal compose plumbing they need + recipe version label bump per conventions.
3. **cc-ci side:** update tests/mailu meta (backup capability declaration) and ensure
the restore tier's data-integrity seed/verify actually exercises MAIL data (a seeded
mailbox + message that survives backup→wipe→restore — extend the existing functional
helpers if the current seed is too shallow; never weaken anything).
4. **Prove at PR head via real CI:** full lifecycle green incl. the now-active
backup/restore rung and lint (L5 expected if all rungs pass); ≥1 drone `!testme` run.
Record the before/after level (intentional-skip climb → earned rung).
5. **Close records:** tick the DEFERRED entry with PR + run pointers; operator handoff
in STATUS-mailu.md (what the PR adds, what to expect post-merge).
## 3. Gates
**M1 — PR open + green.** Root data-layout research documented; mirror PR open with
justified labels; full lifecycle green at PR head incl. restore data-integrity on real
seeded mail data; cc-ci meta/test changes minimal and unweakened. Adversary verifies the
labeled set against upstream docs (nothing durable missed, nothing junk included), the
restore proof is genuine (data actually survives a wipe), and the drone path ran.
**M2 — Operator handoff.** Fresh Adversary cold pass (independent re-trigger at PR head,
restore integrity re-checked); levels reconciled; DEFERRED closed; STATUS-mailu.md
operator summary. `## DONE` with the PR left OPEN for the operator.
## 4. Guardrails (binding)
- Recipe mirrors: PR only. No gate weakening — the restore tier's assertions may only
get STRONGER. Mail data in test fixtures must be synthetic (never real addresses
beyond test domains; no secrets in logs/commits/PR text).
- Real-CI etiquette: ≤2-3 concurrent deploys; teardown every dev deploy on every exit
path; never touch `~/.abra/recipes/mailu` during its builds.
- Commit author `autonomic-bot <autonomic-bot@noreply.git.autonomic.zone>`; push every
commit. CI host: no python3 on default PATH.
## 5. Definition of Done
Mirror PR open with evidence-justified backupbot v2 labels; backup→wipe→restore proven
on real seeded mail data at PR head incl. drone path; mailu's backup rung earned (not
skipped) with levels reconciled; DEFERRED closed; M1+M2 fresh Adversary PASSes; PR
unmerged for the operator.
Reference in New Issue View Git Blame Copy Permalink