diff --git a/BACKLOG.md b/BACKLOG.md index c73021b..df5e6ce 100644 --- a/BACKLOG.md +++ b/BACKLOG.md @@ -42,10 +42,14 @@ Two single-writer sections (§6.1): Builder edits only `## Build backlog`; Adver Org-membership auth verified (bot/trav/notplants 204, non-member 404 at read level). ### Bridge→Drone→harness integration (connects M3 trigger to M4/M5 recipe CI; blocks D2/D10 via !testme) -- [ ] Add a recipe-CI pipeline to `.drone.yml` keyed on the `RECIPE` build param: runs - `cc-ci-run runner/run_recipe_ci.py` with STAGES=install,upgrade,backup, `CCCI_JANITOR_MAX_AGE=0` - (safe at capacity=1), `concurrency:{limit:1}`. Keep the existing `self-test` pipeline for pushes. -- [ ] Verify a real `!testme` on a recipe PR runs the full 3-stage CI through Drone (not the self-test). +- [x] Add a recipe-CI pipeline to `.drone.yml` keyed on `event=custom`: runs + `cc-ci-run runner/run_recipe_ci.py` STAGES=install,upgrade,backup, `CCCI_JANITOR_MAX_AGE=0`, + `concurrency:{limit:1}`, `HOME=/root`. Self-test pipeline now `event=push`. (commits 9d51cb6+) +- [x] Verify a recipe build runs the full 3-stage CI through Drone (not self-test): **build #33 → + success**, install/upgrade/backup all green, clean teardown (0 orphans). HOME + backup `-C -o` + + clean-reclone fixes applied. +- [ ] Full single-comment E2E: enroll a recipe in the bridge `POLL_REPOS` + open a recipe PR → + `!testme` → full 3-stage CI + PR comment outcome (folds into M6.5/M10 breadth). ### M4 — Harness + install stage - [x] run_recipe_ci.py + conftest + harness (abra wrappers, lifecycle) + Nix python/playwright env diff --git a/JOURNAL.md b/JOURNAL.md index e23f5e3..466483e 100644 --- a/JOURNAL.md +++ b/JOURNAL.md @@ -487,3 +487,32 @@ build runs the self-test, NOT `runner/run_recipe_ci.py`. M4/M5 ran the orchestra **M3 CLAIMED** (gate). Trigger + auth + comment-back demoed live; the webhook-delivery blocker is moot now that polling is primary. + +--- +## 2026-05-27 — Bridge→Drone→harness integration (recipe-ci pipeline) wired & green + +Closed the gap where a bridge-triggered build ran only the self-test. Split `.drone.yml` into two +event-filtered exec pipelines (commits 9d51cb6, bc8baae, 7aa0346): +- `self-test` — `trigger.event: [push]` (M2 sanity on pushes). +- `recipe-ci` — `trigger.event: [custom]` (bridge fires event=custom builds): runs + `cc-ci-run runner/run_recipe_ci.py` with STAGES=install,upgrade,backup, `CCCI_JANITOR_MAX_AGE=0` + (safe at capacity=1), `concurrency:{limit:1}`, and `HOME=/root` (the exec runner otherwise points + HOME at an empty per-build workspace → abra `FATA directory is empty: .../.abra/servers`). + +Verified by triggering a `custom` build (RECIPE=custom-html, as the bridge does) via the Drone API: +- **Build #31** got past `abra app new` (HOME fix) but failed at backup: + `abra app backup create … FATA … authentication required: Unauthorized` — backup/restore weren't + passing `-C -o`, so abra fetched recipe tags from the (private) remote. Also `recipe versions` + found no tags (contaminated recipe dir: private-mirror origin, no tags) → upgrade stage SKIPPED. +- Fixes: `abra.py` backup_create/restore now pass `-C -o`; `fetch_recipe` catalogue path rm's the + recipe dir first so a leftover private-mirror clone can't poison version resolution. +- **Build #33 → SUCCESS (124s)**, all three stages green through Drone: + install `2 passed` (real deploy + Playwright), upgrade `1 passed` (real — tags restored by the + clean re-clone, no longer skipped), backup `1 passed` (the -C -o fix). Post-run on host: + 0 run-app services, 0 run-app volumes; traefik/drone/bridge infra intact. Event filtering works + (only recipe-ci ran, not self-test). + +So the full D1→D2 path is wired and proven in two verified halves: poll-trigger→Drone (build #26, +RECIPE param correct) and Drone→harness 3-stage CI (build #33, green + clean teardown). Remaining for +full single-comment E2E on a *recipe* PR: enroll the recipe in the bridge POLL_REPOS + open a recipe +PR (M6.5/M10 breadth work). diff --git a/STATUS.md b/STATUS.md index 9cf4b90..e5d0003 100644 --- a/STATUS.md +++ b/STATUS.md @@ -1,10 +1,10 @@ # STATUS — cc-ci Builder -**Phase:** M0/M1/M2/M4/M5 PASS; M3 + M6 CLAIMED (awaiting Adversary). M3 trigger now UNBLOCKED & -verified (polling primary — see M3 gate). Next: wire bridge→Drone recipe-CI pipeline (`.drone.yml` -integration gap), then M6.5 (breadth ramp), M7, M8. -**In-flight:** Bridge→Drone integration (recipe-CI pipeline) + M6.5 keycloak full 3-stage, then -enroll recipes covering remaining D10 categories. +**Phase:** M0/M1/M2/M4/M5 PASS; M3 + M6 CLAIMED (awaiting Adversary). M3 trigger UNBLOCKED & verified +(polling primary). Bridge→Drone→harness integration DONE (recipe-ci pipeline, build #33 green through +Drone). Next: M6.5 (breadth ramp — enroll recipes in POLL_REPOS + full single-comment E2E), M7, M8. +**In-flight:** M6.5 — keycloak full 3-stage (DB survival) + enroll recipes covering remaining D10 +categories; full single-`!testme`-on-a-recipe-PR E2E (needs recipe in POLL_REPOS + open recipe PR). **Last updated:** 2026-05-27 (trigger redesign: polling primary + org-membership auth, M3 verified; resource safety: MAX_TESTS=1 + 60m timeout)