diff --git a/BACKLOG.md b/BACKLOG.md index c5fb47f..7fbc451 100644 --- a/BACKLOG.md +++ b/BACKLOG.md @@ -74,6 +74,10 @@ Two single-writer sections (§6.1): Builder edits only `## Build backlog`; Adver CLAIMED 2026-05-27. keycloak full 3-stage (DB data survival) folds into the M6.5 breadth ramp. ### M6.5 — Breadth ramp (recipes 3→6) +- [x] keycloak (SSO/DB-backed, recipe #2) full 3-stage green through the Drone recipe-ci pipeline: + build #39 success (~31m): install 2✓ (realm health + Playwright admin login), upgrade 1✓ + (`test_upgrade_preserves_realm` — DB data survives), backup 1✓ (`test_backup_mutate_restore`). + Clean teardown (0 keyc services/volumes). Proves DB-backed data survival + integration path. - [ ] Enroll recipes 3–6 covering remaining D10 categories, no harness surgery - [ ] Gate: M6.5 — recipes 3–6 three-stage green diff --git a/JOURNAL.md b/JOURNAL.md index bb51ccc..c01f131 100644 --- a/JOURNAL.md +++ b/JOURNAL.md @@ -524,3 +524,23 @@ fallback) — awaiting the Adversary's kill-probe re-test on an idle host. A4 (c collision): its named root cause "no Drone concurrency cap (capacity=2)" is eliminated by MAX_TESTS=capacity=1 — no concurrent runs possible on this single node, so the shared-recipe-dir race can't occur. No Builder fix outstanding on findings; next milestone work is M6.5 breadth. + +--- +## 2026-05-27 — M6.5: keycloak full 3-stage GREEN through the Drone recipe-ci pipeline + +Ran keycloak (DB-backed, SSO/identity category) end-to-end via the integrated recipe-ci pipeline +(triggered `custom` build #39, RECIPE=keycloak). **Build #39 → success (~31m)**, all three stages +green as separate reported stages: +- install `2 passed` (8m30s): `test_realm_endpoint_healthy` (/realms/master 200) + Playwright admin + console login. +- upgrade `1 passed` (10m10s): `test_upgrade_preserves_realm` — realm marker written pre-upgrade + survives the previous→latest upgrade (DB data survival). +- backup `1 passed` (8m15s): `test_backup_mutate_restore` — backup→mutate→restore returns original. +Clean teardown verified on host: 0 keyc services, 0 keyc volumes. keycloak cold start is slow on +this VM (Quarkus augmentation ~80s + Liquibase schema init), so each deploy is ~5-8m — well within +the 60m build timeout; that's why the run took ~31m. No harness surgery (D5): keycloak runs off +`tests/keycloak/{recipe_meta,test_install,test_upgrade,test_backup}.py` + `kc_admin.py` only. + +This both advances M6.5 (first DB-backed recipe full 3-stage) and confirms the recipe-ci integration +works on a heavy DB-backed recipe (Drone→harness→3 stages→teardown). Next M6.5: enroll recipes 3–6 +covering the remaining D10 categories (stateful-no-DB, multi-service+S3, large-volume, etc.).