recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3a572e4b9588cfd3eb4fa1f6e0479975ebe2baf
cc-ci-orchestrator/cc-ci-plan/IDEAS.md
autonomic-bot 36a6c9872a orchestrator: reboot-resilience + session auto-resume + full session plan/tooling 
Reboot survival for the Pi orchestrator host:
- systemd unit cc-ci-plan/systemd/cc-ci-loops.service (installed + enabled): on boot
  records the reboot, starts loops+watchdog (RESUME_PHASE=1), and resumes the
  orchestrator session.
- reboot-log.sh: boot_id-gated reboot record -> REBOOTS.md (manual restarts don't count).
- launch-orchestrator.sh: injects an AGENTS.md startup nudge so an auto-resumed
  orchestrator announces itself (PushNotification) + reports reboots.
- AGENTS.md: on-startup notify routine documented.

Plans/tooling accumulated this session:
- plan-phase1d (generic suite), 1e (harness corrections), phase4 (final review),
  sso-dep-testing, orchestrator-migration (parked), test-e2e-testme-acceptance.
- launch.sh: 1d/1e/2/2b/3/4 phase sequence, machine-docs-aware state resolution,
  limit-stall re-nudge, INBOX side-channel detection.
- plan.md §6.1/§7: artifact-layer isolation, INBOX, 5-min long-run polling, DEFERRED.
- prompts: isolation discipline + INBOX + pacing.
- .gitignore: harden (.sops/, cc-ci-secrets/, .claude/, *.tmp.*).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-28 20:28:10 +01:00

36 lines
2.8 KiB
Markdown
Raw Blame History

# Deferred ideas / future enhancements (orchestrator-tracked)
Post-DONE or "revisit later" ideas that are intentionally **out of scope** for the current build
(§2 Definition of Done). Not active work — parked here so they aren't lost. The loops may pull an
item into the project `BACKLOG.md` as `[idea]` if/when it becomes relevant.
- [ ] **Optional `--extra-tests` flag for heavy / operational tests (opt-in heavy suite).**
Some recipe tests are "more than needed" for the default CI signal — state-management /
long-running-instance / load / helper-script operational tests that don't fit the ephemeral
per-run-deploy model cheaply but are useful occasionally. Today they're deferred to
`cc-ci/machine-docs/DEFERRED.md` (e.g. matrix-synapse `compress_state.sh`,
`test_complexity_limit.sh`, `test_purge.sh`) and don't run.
*Idea:* add an **opt-in `--extra-tests` flag** (e.g. `!testme --extra-tests` on a PR comment, or
a `STAGES=extra` / `EXTRA_TESTS=1` Drone build parameter) that the orchestrator passes through;
recipes declare an `extra/` test dir or mark tests with `@pytest.mark.extra`; on opt-in the
orchestrator runs them **alongside** the default tiers (still one deploy, still teardown). Default
off so default CI stays fast; the operator can ask for the heavy suite when reviewing a PR that
touches an extra-covered area (e.g. matrix-synapse's abra helpers). When implemented, each
matching DEFERRED entry can be CLOSED by porting its test into the recipe's `extra/` and noting
the commit in DEFERRED.md. *Why deferred for now:* default coverage is sufficient; this is a
later breadth/depth knob, not a critical-path feature. *Added:* 2026-05-28.
- [ ] **Optional webhook self-registration (admin-access environments).**
We deliberately made **polling the primary trigger** and require the CI server/bot to run on
**read-level** access only — so the server does **not** auto-register Gitea webhooks (that needs
repo-admin), and webhook setup is a documented manual admin task (§4.1, `docs/enroll-recipe.md`).
*Later*, for environments where the CI server **does** hold admin on the recipe repos (or an
org-level admin token is available), consider adding an **opt-in, off-by-default** feature
(e.g. `WEBHOOK_AUTOREGISTER=1`) that auto-registers and **idempotently reconciles** the
`issue_comment` webhook (URL, events, HMAC secret) on enrolled repos — matching our
declarative-reconcile pattern (§9) — giving low-latency push triggering with zero manual setup.
Must stay off by default and fall back to manual-doc + polling when admin isn't available, so the
least-privilege (read-only) default is preserved. *Why deferred:* polling already satisfies D1 and
the read-only posture is the goal; this is a convenience optimization for a different deployment
profile. *Added:* 2026-05-27.
Reference in New Issue View Git Blame Copy Permalink