diff --git a/REVIEW.md b/REVIEW.md index 0e65786..8567aa6 100644 --- a/REVIEW.md +++ b/REVIEW.md @@ -236,3 +236,26 @@ generated/inserted" value lines (abra doesn't echo secret values), and every lon benign — Nix store paths, git SHAs, Drone workspace dir names (`/drone/src`), pytest tracebacks. No app-secret leak in published recipe-run logs. (Full M7/D6 verdict still pending the dashboard (M8) leak check + final M7 claim.) + +## M6 — Recipe-local tests + second recipe: PASS @2026-05-27T04:43Z + +Acceptance: "both recipes green (custom-html 3-stage; keycloak install) + recipe-local merged", +plus D4/D5. Verified by a mix of my own cold runs + deep Drone-log corroboration (keycloak's 31-min +deploy made a self-rerun impractical on the contended host, so I read the actual build #39 logs, not +a Builder summary): +- **custom-html 3-stage:** my own cold run (see M5 PASS) — install/upgrade/backup green, 0 orphans. +- **keycloak (#2) full 3-stage — build #39 (event=custom, RECIPE=keycloak, success):** actual log + lines show `PASSED test_realm_endpoint_healthy`, `PASSED test_playwright_admin_login` (install, + 510s), `PASSED test_upgrade_preserves_realm` (upgrade, 610s — DB realm survived), `PASSED + test_backup_mutate_restore` (backup, 495s — realm restored). Three separate reported stages (D2). + Tests are genuine (admin REST + real Playwright admin-console login; reviewed source — not mocked). + Post-run: **0** keycloak services/volumes (clean teardown). +- **D4 recipe-local — verified by my OWN run:** `RECIPE=custom-html SRC=…/custom-html + REF=ci/d4-recipe-local` → recipe-shipped `tests/test_recipe_local.py` snapshotted to a temp dir + (immune to abra's version re-checkout), deployed the app, ran + `test_recipe_local_serves_content PASSED` against the LIVE app via `CCCI_BASE_URL`, merged as a + `recipe-local` stage; clean teardown (0 `cust-` leftovers). +- **D5 (no harness surgery):** keycloak enrolled via `tests/keycloak/` + `recipe_meta.py` only; no + changes to shared `runner/harness` code. enroll-recipe.md documents the flow. + +Verdict: **M6 PASS.** (keycloak full 3-stage also satisfies the first M6.5 breadth slot.)