From 14aa785f555c38478823748c5ede15c612d188a0 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Sun, 31 May 2026 09:37:21 +0000 Subject: [PATCH] =?UTF-8?q?journal(3):=20U3=20live-demo=20start=20?= =?UTF-8?q?=E2=80=94=20Drone=20DB=20reset=20discovered,=20repo=20reactivat?= =?UTF-8?q?ed;=20validating=20pipeline=20(build=20#1=20running)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/JOURNAL-3.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/machine-docs/JOURNAL-3.md b/machine-docs/JOURNAL-3.md index 8df6a8e..023861d 100644 --- a/machine-docs/JOURNAL-3.md +++ b/machine-docs/JOURNAL-3.md @@ -181,3 +181,26 @@ Verification (live, post-roll): 200. Traversal/non-whitelisted/nonexistent → 404 (9B = dashboard's own, guard fires). - 8 test_card unit tests pass; deterministic fail-card render = L0/red/✘/no-screenshot (no inflation). - `/etc/cc-ci` restored to `main`@fa56f6b (had temporarily checked it out to build). + +## 2026-05-31T09:35Z — U3 live demo: discovered Drone DB reset (repo inactive), reactivated + +Resuming U3 (bridge code already built+deployed @9a47aa2; deployed bridge image tag `6377f9571f3b` +== sha256(bridge.py), confirmed; dashboard do_HEAD live → A3-1 CLOSED by Adversary @8807240). + +To run the U3 live demo (`!testme` → image-forward PR comment) I first validated the trigger path and +hit a real blocker: the bridge log showed `drone trigger failed 404`, and `GET /api/repos/ +recipe-maintainers/cc-ci` → 404. Diagnosis: the Drone admin **token is valid** (`/api/user` → 200, +autonomic-bot admin=true) but the **repo was inactive** — Drone's DB was reset (the Hetzner migration; +`created`/`synced` timestamps are all recent ~1780220000). In Phase 1 the repo was activated once via +`POST /api/repos/recipe-maintainers/cc-ci` (JOURNAL.md:258); that activation is NOT Nix-declared +(drone.nix only PATCHes the timeout, which itself assumes the repo is already active), so a DB reset +silently de-registers it and the bridge can't trigger. + +Action (in-scope reconfig of my own CI, reversible): `POST /api/user/repos?async=false` (sync, 200) → +`POST /api/repos/recipe-maintainers/cc-ci` → **active=true**, config_path=.drone.yml, timeout=60. The +`trusted` flag stays false — irrelevant for the `type: exec` pipeline (trusted only gates privileged +*docker* pipelines). Validated by triggering a custom build directly (same params the bridge sends): +build **#1 → running** within ~10s (exec runner picked it up). Watching it produce /runs/1/ artifacts. + +NOTE for hardening backlog (U5/operator): repo activation should be folded into the drone reconcile so +a future DB reset self-heals (`POST /api/repos/` before the timeout PATCH). Filing in BACKLOG-3.