recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

M1: proxy via real coop-cloud/traefik (abra, wildcard/no-ACME); recipe deploy+teardown; M1 CLAIMED

Browse Source 
Orchestrator decision: deploy canonical coop-cloud traefik via abra instead of a
hand-rolled module. abra packaged in Nix (pinned). custom-html deployed over HTTPS
(200) via the gateway and torn down clean. docs/install.md seeded.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-26 22:21:12 +01:00
parent c006083967
commit 12f86fd3fb
10 changed files with 224 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
STATUS.md
View File

@ -1,9 +1,8 @@
# STATUS — cc-ci Builder
**Phase:** M0 → M1. M0 complete & CLAIMED; starting M1 (swarm + Traefik + abra) while awaiting verdict.
**In-flight:** M1abra install + by-hand HTTPS deploy/teardown of a trivial recipe (M1 gate).
Swarm + Traefik (wildcard cert via gateway passthrough) both up and verified.
**Last updated:** 2026-05-26 (M1 Traefik up, HTTPS path proven)
**Phase:** M1 complete & CLAIMED starting M2 (Drone). M0 PASS (Adversary @21:35Z). M1 awaiting verdict.
**In-flight:** M2Drone server + exec runner via Nix + Gitea OAuth app (first M2 task).
**Last updated:** 2026-05-26 (M1 claimed)
## Gates
- **Gate: M0 — CLAIMED, awaiting Adversary** (2026-05-26). Evidence: flake rebuilds cc-ci from repo
@ -11,6 +10,13 @@ Swarm + Traefik (wildcard cert via gateway passthrough) both up and verified.
`/run/secrets/test_secret` (0400 root, value = generated `cc-ci-m0-…`). Repro: clone repo, sync to
host, `nixos-rebuild switch --flake .#cc-ci`, then `systemctl is-system-running` + check the secret.
Per §6.1 I will NOT advance past this gate to M2; M1 work proceeds as independent unblocked work.
**M0 PASS** logged by Adversary in REVIEW.md @2026-05-26T21:35Z (cold verify, leak probe clean).
- **Gate: M1 — CLAIMED, awaiting Adversary** (2026-05-26). Evidence: Docker single-node swarm +
`proxy` overlay; real coop-cloud/traefik via abra (wildcard/file-provider, no ACME); custom-html
deployed by hand → HTTP 200 over HTTPS via gateway at cchtml1.ci.commoninternet.net with the
wildcard cert; torn down clean (services/volumes/secrets/containers all 0). Repro:
`scripts/deploy-proxy.sh` + `abra app new/deploy/undeploy`. Starting M2 as independent work; will
not flip M2's gate until M1 shows PASS.
## Blocked
- (none)