From 191ebde4661837807947061465c2214fe0d779ec Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 03:05:39 +0100 Subject: [PATCH] fix(2w): W2 --quick live-proof fixes (time import + stale-TYPE reset) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 3 bugs found by the live PASS+FAIL proof on the custom-html canonical: - import time (run_quick._wait_undeployed used it → the FAIL rollback crashed with NameError before restore ran). - canonical.deploy_canonical now resets .env TYPE=: before redeploy, so a stale TYPE left by a prior --quick upgrade (pointing at a since-removed broken PR commit) can't FATAL abra 'unable to resolve '. - run_quick FAIL rollback resets TYPE to known-good after restore (idle .env agrees with the registry). LIVE PROOF (custom-html canonical), ALL PASS: (A) PASS quick run → undeploy keep-volume, known-good UNCHANGED, marker intact; (B) FAIL quick run (broken image) → 'rolling back' → 'restored known-good data; canonical idle' → exit 1, known-good UNCHANGED, DATA RESTORED. Canonical left clean (idle, 1.11.0+1.29.0). 61 unit pass; cold path untouched. Co-Authored-By: Claude Opus 4.8 (1M context) --- runner/harness/canonical.py | 6 +++++- runner/run_recipe_ci.py | 11 +++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/runner/harness/canonical.py b/runner/harness/canonical.py index 308cb0b..d8a5df1 100644 --- a/runner/harness/canonical.py +++ b/runner/harness/canonical.py @@ -100,7 +100,11 @@ def deploy_canonical(recipe: str, timeout: int = 900) -> None: if not rec: raise RuntimeError(f"no canonical registry for {recipe} — seed one first (cold run)") domain, version = rec["domain"], rec["version"] - # The .env + retained volume already exist; redeploy the recorded version (idempotent with -f). + # The .env + retained volume already exist; redeploy the recorded known-good version. Reset the + # recorded TYPE=: FIRST so abra can resolve the "current deployment" even if a + # prior --quick upgrade left TYPE pointing at a since-removed/broken PR commit (otherwise abra + # FATALs "unable to resolve "). Then checkout the tag + idempotent (-f) redeploy. + abra.env_set(domain, "TYPE", f"{recipe}:{version}") abra.recipe_checkout(recipe, version) r = subprocess.run( ["abra", "app", "deploy", domain, version, "-o", "-n", "-f"], diff --git a/runner/run_recipe_ci.py b/runner/run_recipe_ci.py index c8b24b8..2768f17 100644 --- a/runner/run_recipe_ci.py +++ b/runner/run_recipe_ci.py @@ -37,6 +37,7 @@ import shutil import subprocess import sys import tempfile +import time ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) sys.path.insert(0, os.path.join(ROOT, "runner")) @@ -132,6 +133,12 @@ def fetch_recipe(recipe: str, ref: str | None, src: str | None) -> None: recipes_dir = os.path.expanduser("~/.abra/recipes") os.makedirs(recipes_dir, exist_ok=True) dest = os.path.join(recipes_dir, recipe) + # CCCI_SKIP_FETCH=1: use the local recipe clone as-is (lets a test/Adversary stage a fake/broken + # ref — e.g. a simulated broken PR head for the --quick rollback proof — without it being clobbered + # by a re-fetch). Never set in production CI. + if os.environ.get("CCCI_SKIP_FETCH") == "1": + print(f"[fetch] CCCI_SKIP_FETCH=1 — using local {recipe} recipe clone as-is", flush=True) + return if src and ref: url = f"https://git.autonomic.zone/{src}.git" git = ["git"] @@ -549,6 +556,10 @@ def run_quick(recipe: str, ref: str | None, head_ref: str | None, repo_local: st abra.undeploy(domain) _wait_undeployed(domain) warmsnap.restore(recipe, domain) + # reset recorded version to the known-good (the failed upgrade set TYPE to the broken + # PR commit) so the idle canonical's .env agrees with the registry + re-warms cleanly. + if reg.get("version"): + abra.env_set(domain, "TYPE", f"{recipe}:{reg['version']}") canonical._set_status(recipe, "idle") # noqa: SLF001 rolled_back = True print(" quick FAIL → restored known-good data; canonical idle (NOT promoted)",