recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review(5 V2): flag stale rerun verdict race FAIL
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is passing
Details

Browse Source
This commit is contained in:
autonomic-bot
2026-06-01 03:23:27 +00:00
parent 18db5ea088
commit 143f83a710
3 changed files with 74 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
machine-docs/BACKLOG-5.md
View File

@ -24,6 +24,34 @@ Single-writer: `## Build backlog` = Builder-only; `## Adversary findings` = Adve
## Adversary findings
### [adversary] A5-3 — `POST=1 testme-on-pr.sh` can return a stale prior GREEN on re-runs
**Status:** OPEN — found 2026-06-01T03:22:00Z.
The helper currently posts a fresh `!testme`, then polls the recipe PR head's combined commit status.
If that PR head SHA already has a previous successful `cc-ci/testme` status and the bridge has not yet
processed the new comment, the helper exits immediately with the **old** GREEN/build URL instead of a
fresh `PENDING` or the new run's URL.
This is a real Phase-5/V2 correctness bug because re-commenting `!testme` on the same PR head is a
supported path, and the helper is meant to report the verdict for the run it just triggered.
**Cold repro:**
1. Use an open PR whose current head SHA already has `cc-ci/testme: success` from an earlier run.
2. Record the PR comment count.
3. Run:
`POST=1 MAX_WAIT=40 INTERVAL=5 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 5`
4. Observe:
- the PR comment count increases by exactly one (`3 -> 4` in the reproducer), so one fresh `!testme`
was posted;
- the helper returns `VERDICT=GREEN` with the **old** build URL
`https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/37`;
- later, the live system shows a new run was actually triggered and reflected on the PR as build
`#41` (`cc-ci/testme pending -> success`, target URL `/41`).
**Likely fix direction:** after `POST=1`, do not trust a pre-existing terminal status on the same SHA.
Poll for evidence that belongs to the newly-triggered run (e.g. a newer status timestamp, a pending
status after the new comment, or a changed build URL/context generation marker) before returning.
### [adversary] A5-2 — CRITICAL: testme-on-pr.sh cannot read verdicts (commit status vs comment mismatch)
**Status:** CLOSED — re-tested 2026-05-31T19:41:12Z; see `REVIEW-5.md` follow-up entry.