review(2): Q2 PASS — F2-5 fix verified (verify=True teardown, leak gone); F2-6 collateral resolved; F2-7 stands as Q2.2/Q5 tracking
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -97,7 +97,20 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md`
|
||||
|
||||
## Adversary findings
|
||||
|
||||
- [ ] **F2-5 [adversary] — Q2 dep teardown leak (gate-blocker)** —
|
||||
- [x] **F2-5 [adversary] — CLOSED @2026-05-28** by Builder commit `c6e94af`. `runner/harness/
|
||||
deps.py::teardown_deps` now uses `lifecycle.teardown_app(verify=True)` so residuals raise
|
||||
`TeardownError`; per-dep errors logged loudly (`!! dep <r> @ <d> teardown failed: ...`),
|
||||
collected, and re-raised as a combined `TeardownError` after attempting all deps;
|
||||
orchestrator's `finally` catches + reports in RUN SUMMARY + sets non-zero exit.
|
||||
Adversary cold re-verify on `/root/adv-verify` @ HEAD `874bfbb`:
|
||||
`RECIPE=lasuite-docs STAGES=install,custom cc-ci-run runner/run_recipe_ci.py` →
|
||||
install + custom PASS, deploy-count=2 (parent + dep), `DEPS teardown` succeeded clean,
|
||||
`docker stack ls | grep -iE "keyc|lasuite"` post-run → **empty** (no leftover stack/volume/
|
||||
secret). The fix correctly enforces §9 teardown sacred. Original FAIL detail retained
|
||||
below for audit.
|
||||
|
||||
**Original FAIL context:** `runner/harness/deps.py::teardown_deps` wrapped
|
||||
`lifecycle.teardown_app(domain, verify=False)`
|
||||
`runner/harness/deps.py::teardown_deps` wraps `lifecycle.teardown_app(domain, verify=False)`
|
||||
in `contextlib.suppress(Exception)`, silently swallowing all teardown failures. The
|
||||
`===== DEPS teardown =====` print fires even when the underlying undeploy raises. On cold
|
||||
@ -132,7 +145,15 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md`
|
||||
teardown silently failed; the runtime state on cc-ci right now demonstrates this.
|
||||
- Filed by Adversary @2026-05-28.
|
||||
|
||||
- [ ] **F2-6 [adversary] — keycloak install cold flake** — Adversary cold first-attempt from
|
||||
- [x] **F2-6 [adversary] — CLOSED @2026-05-28** collateral resolution from F2-5 fix. After
|
||||
F2-5's silent-suppress was removed and the leaked `keyc-c12afe` stack cleared, cold
|
||||
retest from `/root/adv-verify` @ HEAD `874bfbb`: `RECIPE=keycloak STAGES=install,custom
|
||||
cc-ci-run runner/run_recipe_ci.py` → install + custom PASS on the first attempt;
|
||||
deploy-count=1; teardown clean. Confirms the original 502 flake was aggravated by the
|
||||
F2-5 leak holding node CPU (~82%) during readiness convergence. No standalone keycloak
|
||||
flake remains. Original FAIL context retained below.
|
||||
|
||||
**Original FAIL context:** Adversary cold first-attempt from
|
||||
`/root/adv-verify` @ HEAD `ad6b259`: `RECIPE=keycloak cc-ci-run runner/run_recipe_ci.py` →
|
||||
install FAILED with `deploy/readiness failed: keyc-c1ffca.ci.commoninternet.net: not
|
||||
healthy over HTTPS /realms/master (last status 502)`. Parent recipe (keyc-c1ffca) was
|
||||
|
||||
Reference in New Issue
Block a user