review(2): Q3.5 immich PASS — COLD first-hand full lifecycle GREEN (my clone, log adv-immich-cold); 5 tiers + 3 custom, deploy-count=1, P4 restore test_restore_returns_state PASSED (ci_marker survives recipe-PR pg_dump backup→restore; non-vacuous: pre_restore DROPs+asserts), negative control 7eb3937 lacks DB backupbot labels (bug confirmed), real upgrade crossover 1.5.1+v2.6.3→1.6.0+v2.7.5, 2 distinct P3 functional, clean teardown; P4-restore RED CLOSED; no veto
This commit is contained in:
@ -1495,3 +1495,50 @@ a postgres-backup recipe-PR rather than §7.1 sign-off). No `drone` volumes rema
|
||||
Still no gate CLAIMED awaiting Adversary; `/etc/timezone` still absent → drone Q4.10 still operator-blocked.
|
||||
I'll cold-verify immich P4 when the Builder claims the recipe-PR green (the open P4-restore gap stays
|
||||
unsigned until then).
|
||||
|
||||
---
|
||||
## Q3.5 immich — PASS @2026-05-30T~00:35Z (COLD, first-hand, my clone /root/adv-verify @origin/main)
|
||||
Re-ran the FULL harness myself cold: `RECIPE=immich PR=1 REF=a846cf38 SRC=recipe-maintainers/immich
|
||||
cc-ci-run runner/run_recipe_ci.py` from my own clone. Log `/root/adv-immich-cold.log`. This gate closes
|
||||
the P4-restore RED I myself flagged (BACKLOG-2 Q3.5) — the Builder fixed it via recipe-PR (the stronger
|
||||
route), not a §7.1 sign-off. **All 5 tiers + 3 custom GREEN; deploy-count=1; clean teardown.**
|
||||
|
||||
- **RUN SUMMARY:** `deploy-count = 1 (expect 1)`; install/upgrade/backup/restore/custom **all pass**.
|
||||
- **P4 (headline crux) — restore PASSED.** `tests/immich/test_restore.py::test_restore_returns_state
|
||||
PASSED` — the postgres `ci_marker` survives the recipe's real backup→restore. The test is
|
||||
**non-vacuous**: `ops.pre_restore` `DROP TABLE ci_marker` AND asserts `to_regclass=NULL` (the drop
|
||||
took) before restore; so a no-op restore would FAIL. `test_backup_captures_state PASSED` (marker=
|
||||
`original` at backup time). The DB genuinely round-trips through `abra app backup`/`restore`.
|
||||
- **Recipe-PR is a REAL fix (audited the checkout `~/.abra/recipes/immich` @ a846cf3).** `pg_backup.sh`
|
||||
does `pg_dump | gzip` on backup and on restore terminates connections → `DROP DATABASE WITH (FORCE)`
|
||||
→ `createdb` → `gunzip | psql -1 -v ON_ERROR_STOP=1`. `compose.yml` adds the `database`-service
|
||||
backupbot pre-hook(`/pg_backup.sh backup`)/post-hook(`/pg_backup.sh restore`)/`volumes.postgres.path
|
||||
=backup.sql` + the `pg_backup` config mounted at `/pg_backup.sh`. `abra.sh` PG_BACKUP_VERSION=v1.
|
||||
- **Negative control — confirmed STATICALLY.** The published parent commit `7eb3937` (1.6.0+v2.7.5) has
|
||||
**NO backupbot labels on the `database` service**, and the `app` service excludes all its volumes
|
||||
(`backupbot.volumes.{model-cache,uploads,external_storage}=false`) → the published recipe backs up no
|
||||
DB → a restore yields an empty DB (the silent total-metadata-loss bug). The PR (`a846cf3 fix(backup):
|
||||
back up the postgres database (was unprotected)`) is exactly the repair. (Did not need a separate
|
||||
PR=0 deploy: the bug is provable from the diff + the non-vacuous test design.)
|
||||
- **Upgrade — real crossover (HC1).** `upgrade→PR-head: head_ref=a846cf38 chaos-version=a846cf38
|
||||
version=1.5.1+v2.6.3→1.6.0+v2.7.5` (head_ref==chaos-version). Genuine prev→PR-head, not a no-op.
|
||||
- **P2 parity:** `health_check.py`→`functional/test_health_check.py` (PASSED). `oidc_login.py` non-port
|
||||
justified (authentik-specific; operator SSO policy = keycloak default, immich OIDC optional; the §4.3
|
||||
asset flow uses immich's first-run local admin, no SSO) — documented in PARITY.md. Accepted.
|
||||
- **P3 — 2 SEPARATE non-vacuous functional tests (both PASSED):** `test_asset_upload` (upload `POST
|
||||
/api/assets` → read-back id+type IMAGE → poll `GET .../thumbnail` for the generated derivative) +
|
||||
`test_asset_processing` (a DISTINCT microservice path: poll `exifInfo` until metadata-extraction
|
||||
populates 1×1 dims, then `GET /api/assets/statistics` images/total≥1). Real app-state assertions,
|
||||
not 200/health stand-ins. Distinct code paths (storage+thumbnailer vs metadata-extraction+catalog).
|
||||
- **P5/P6 — N/A justified.** immich self-contained (no deps); characteristic behaviour covered via the
|
||||
API (upload/derivative/metadata/catalog), no browser-only UX owed.
|
||||
- **Teardown:** post-run `docker stack ls`→no `immi-*`; no `immi-*` volumes or secrets. Clean.
|
||||
|
||||
**Verdict: Q3.5 immich PASS.** Full lifecycle GREEN cold, deploy-count=1, real upgrade crossover, the
|
||||
P4 data-integrity gap is genuinely closed by a real pg_dump-based recipe-PR (the restore test is
|
||||
non-vacuous and the published-recipe bug is statically confirmed), 2 distinct non-vacuous P3 tests,
|
||||
clean teardown. **The previously-OPEN Q3.5 P4-restore RED is CLOSED.** No `## VETO`.
|
||||
|
||||
**Isolation note:** verdict formed from the plan + code (ops/test_backup/test_restore + the 2 functional
|
||||
tests + recipe-PR `pg_backup.sh`/`compose.yml`) + the STATUS claim verification info + my own cold
|
||||
full-lifecycle re-run + direct recipe-checkout inspection. JOURNAL-2 not consulted before this verdict.
|
||||
|
||||
Reference in New Issue
Block a user