style(1b): auto-format + lint-clean the whole codebase (RL1)

Mechanical, semantics-preserving cleanup so the codebase passes the new lint stage:
- ruff format: all 32 Python files (wraps long signatures, normalizes quotes/blank lines).
- nixpkgs-fmt: modules/drone-runner.nix.
- shfmt (-i 2 -ci): scripts/*.sh.

Lint fixes (reviewed, behavior-preserving — no test weakened):
- ruff SIM105: try/except-pass -> contextlib.suppress (abra.py app_config rm; lifecycle.py janitor).
- ruff SIM115: open().read() -> with open() (run_recipe_ci.py redaction-values + gitea-token).
- statix: merge repeated sops `secrets.*` keys into one `secrets = { ... }` (comments kept);
  empty fn pattern `{ ... }:` -> `_:` (packages.nix).
- deadnix: drop unused lambda args (flake `self`; configuration.nix `lib`; overlay `final` -> `_`).

Verified on cc-ci: `scripts/lint.sh` -> lint: PASS; nixosConfigurations.cc-ci evaluates;
all Python byte-compiles. The deployed bridge/dashboard/runner source changes hash (reformat),
so cc-ci will be rebuilt to the new closure in W2 before the cold D1-D10 re-verification.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/conftest.py

@@ -4,6 +4,7 @@ A run is parameterized by env: RECIPE, REF (PR head sha), PR, SRC (head repo). T
 computes a unique app domain per run so concurrent runs never collide, and GUARANTEES teardown
 (undeploy + volume + secret removal) via a finalizer, even on failure.
 """
+
 from __future__ import annotations
 
 import os
@@ -24,8 +25,12 @@ def _recipe_meta(recipe: str) -> dict:
     A recipe may ship tests/<recipe>/recipe_meta.py with any of: HEALTH_PATH (str),
     HEALTH_OK (tuple of status codes), DEPLOY_TIMEOUT (int), HTTP_TIMEOUT (int)."""
     path = os.path.join(os.path.dirname(__file__), recipe, "recipe_meta.py")
-    meta = {"HEALTH_PATH": "/", "HEALTH_OK": (200, 301, 302),
-            "DEPLOY_TIMEOUT": 600, "HTTP_TIMEOUT": 300}
+    meta = {
+        "HEALTH_PATH": "/",
+        "HEALTH_OK": (200, 301, 302),
+        "DEPLOY_TIMEOUT": 600,
+        "HTTP_TIMEOUT": 300,
+    }
     if os.path.exists(path):
         ns: dict = {}
         with open(path) as fh:
@@ -57,8 +62,13 @@ def meta(recipe) -> dict:
 
 
 def _wait_healthy(domain, meta):
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
 
 
 @pytest.fixture

tests/cryptpad/test_backup.py

@@ -3,6 +3,7 @@ backup, mutate, restore, assert the restored state matches the pre-mutation (bac
 
 The cryptpad `app` service is labelled `backupbot.backup=true`, so its volumes (incl. cryptpad_data)
 are backed up. Marker is checked via `exec_in_app` (data isn't HTTP-served)."""
+
 import os
 import sys
 
@@ -26,7 +27,13 @@ def test_backup_mutate_restore(deployed, meta):
 
     # 3) restore -> state returns to the backed-up "original"
     lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
-    assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "original", \
-        "restore did not return the pre-mutation state"
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
+    assert (
+        lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "original"
+    ), "restore did not return the pre-mutation state"

tests/cryptpad/test_install.py

@@ -1,4 +1,5 @@
 """cryptpad — install stage (recipe #3, stateful/no-DB). D2 install + D3 Playwright."""
+
 import os
 import sys
 
@@ -23,7 +24,10 @@ def test_playwright_loads_cryptpad(deployed_app):
             ctx = browser.new_context(ignore_https_errors=True)
             page = ctx.new_page()
             resp = page.goto(url, wait_until="load", timeout=60000)
-            assert resp is not None and resp.status in (200, 304), f"page status {resp and resp.status}"
+            assert resp is not None and resp.status in (
+                200,
+                304,
+            ), f"page status {resp and resp.status}"
             body = page.content().lower()
             assert "cryptpad" in body or "<html" in body, "no cryptpad content served"
         finally:

tests/cryptpad/test_upgrade.py

@@ -3,6 +3,7 @@ persistent volume, upgrade to current/$REF, assert the app stays healthy and the
 
 cryptpad data isn't HTTP-served as a static file (it's an encrypted datastore), so the marker is
 written into the cryptpad_data volume and read back via `exec_in_app` (docker exec), not HTTP."""
+
 import os
 import sys
 
@@ -22,8 +23,13 @@ def old_app(recipe, app_domain, meta, request):
     lifecycle.janitor()
     request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
     lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
     return app_domain, prev
 
 
@@ -35,10 +41,16 @@ def test_upgrade_preserves_data(old_app, meta):
 
     # upgrade previous -> current/$REF
     lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
 
     # app healthy and the data written before the upgrade is still there
     assert lifecycle.http_get(domain, "/") in (200, 301, 302)
-    assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives", \
-        "data did not survive the upgrade"
+    assert (
+        lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives"
+    ), "data did not survive the upgrade"

tests/custom-html/test_backup.py

@@ -1,5 +1,6 @@
 """custom-html — backup/restore stage (D2): backup, mutate state, restore, assert the restored
 state matches the pre-mutation (backed-up) state."""
+
 import os
 import sys
 
@@ -24,5 +25,6 @@ def test_backup_mutate_restore(deployed):
     # 3) restore -> state returns to the backed-up "original"
     lifecycle.restore_app(domain)
     lifecycle.wait_healthy(domain)
-    assert lifecycle.http_body(domain, "/ci-marker.txt").strip() == "original", \
-        "restore did not return the pre-mutation state"
+    assert (
+        lifecycle.http_body(domain, "/ci-marker.txt").strip() == "original"
+    ), "restore did not return the pre-mutation state"

tests/custom-html/test_install.py

@@ -1,6 +1,7 @@
 """custom-html — install stage (recipe #1, simple/stateless). D2 install + D3 Playwright."""
-import sys
+
 import os
+import sys
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
 from harness import lifecycle  # noqa: E402

tests/custom-html/test_upgrade.py

@@ -1,5 +1,6 @@
 """custom-html — upgrade stage (D2): deploy the previous published version, write data, upgrade
 to the current/$REF version, and assert the app stays healthy and data survives."""
+
 import os
 import sys
 
@@ -35,5 +36,6 @@ def test_upgrade_preserves_data(old_app):
 
     # app healthy and the data written before the upgrade is still there
     assert lifecycle.http_get(domain, "/") == 200
-    assert lifecycle.http_body(domain, "/ci-marker.txt").strip() == "upgrade-survives", \
-        "data did not survive the upgrade"
+    assert (
+        lifecycle.http_body(domain, "/ci-marker.txt").strip() == "upgrade-survives"
+    ), "data did not survive the upgrade"

tests/keycloak/kc_admin.py

@@ -1,5 +1,6 @@
 """Recipe-specific keycloak admin-API helpers (not harness). Used by the upgrade/backup stages to
 write a real data marker (a realm) into mariadb and verify it survives upgrade / backup-restore."""
+
 import json
 import ssl
 import sys
@@ -21,12 +22,20 @@ def admin_password(domain: str) -> str:
 
 
 def admin_token(domain: str, password: str, user: str = "admin") -> str:
-    data = urllib.parse.urlencode({
-        "grant_type": "password", "client_id": "admin-cli", "username": user, "password": password,
-    }).encode()
+    data = urllib.parse.urlencode(
+        {
+            "grant_type": "password",
+            "client_id": "admin-cli",
+            "username": user,
+            "password": password,
+        }
+    ).encode()
     req = urllib.request.Request(
-        f"https://{domain}/realms/master/protocol/openid-connect/token", data=data,
-        headers={"Content-Type": "application/x-www-form-urlencoded"}, method="POST")
+        f"https://{domain}/realms/master/protocol/openid-connect/token",
+        data=data,
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+        method="POST",
+    )
     with urllib.request.urlopen(req, timeout=30, context=_CTX) as r:
         return json.load(r)["access_token"]
 
@@ -36,8 +45,9 @@ def _admin(domain, token, path, method="GET", body=None):
     headers = {"Authorization": "Bearer " + token}
     if data:
         headers["Content-Type"] = "application/json"
-    req = urllib.request.Request(f"https://{domain}/admin{path}", data=data, headers=headers,
-                                 method=method)
+    req = urllib.request.Request(
+        f"https://{domain}/admin{path}", data=data, headers=headers, method=method
+    )
     try:
         with urllib.request.urlopen(req, timeout=30, context=_CTX) as r:
             return r.status

tests/keycloak/recipe_meta.py

@@ -1,6 +1,6 @@
 # Per-recipe harness config for keycloak (DB-backed: keycloak + mariadb). Read by the shared
 # conftest — enrolling this recipe needs NO change to runner/harness code (D5).
-HEALTH_PATH = "/realms/master"          # 200 JSON once keycloak is up (not "/", which redirects)
+HEALTH_PATH = "/realms/master"  # 200 JSON once keycloak is up (not "/", which redirects)
 HEALTH_OK = (200,)
-DEPLOY_TIMEOUT = 600                     # JVM + DB migration are slow on a 2-vCPU VM
+DEPLOY_TIMEOUT = 600  # JVM + DB migration are slow on a 2-vCPU VM
 HTTP_TIMEOUT = 600

tests/keycloak/test_backup.py

@@ -1,11 +1,12 @@
 """keycloak — backup/restore stage (D2): create a realm, backup, delete it (mutate), restore,
 assert the realm is back (mariadb restored to the backed-up state)."""
+
 import os
 import sys
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
-from harness import lifecycle  # noqa: E402
 import kc_admin  # noqa: E402
+from harness import lifecycle  # noqa: E402
 
 
 def test_backup_mutate_restore(deployed):
@@ -24,7 +25,8 @@ def test_backup_mutate_restore(deployed):
 
     # 3) restore -> realm returns
     lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, path="/realms/master", ok_codes=(200,),
-                           deploy_timeout=600, http_timeout=600)
+    lifecycle.wait_healthy(
+        domain, path="/realms/master", ok_codes=(200,), deploy_timeout=600, http_timeout=600
+    )
     tok2 = kc_admin.admin_token(domain, pw)
     assert kc_admin.marker_realm_exists(domain, tok2), "restore did not bring back the realm"

tests/keycloak/test_install.py

@@ -1,4 +1,5 @@
 """keycloak — install stage (recipe #2, DB-backed SSO; D2 install + D3 Playwright)."""
+
 import os
 import sys
 
@@ -23,6 +24,8 @@ def test_playwright_admin_login(deployed_app):
             page.goto(url, wait_until="domcontentloaded", timeout=45000)
             # admin console redirects to the login form; wait for a username field to render
             page.wait_for_selector("input#username, input[name='username']", timeout=30000)
-            assert "keycloak" in page.content().lower() or page.locator("input#username").count() > 0
+            assert (
+                "keycloak" in page.content().lower() or page.locator("input#username").count() > 0
+            )
         finally:
             browser.close()

tests/keycloak/test_upgrade.py

@@ -1,13 +1,14 @@
 """keycloak — upgrade stage (D2): deploy previous version, create a realm (DB data), upgrade to
 current/$REF, assert the app is healthy and the realm survived (mariadb data preserved)."""
+
 import os
 import sys
 
 import pytest
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
-from harness import lifecycle  # noqa: E402
 import kc_admin  # noqa: E402
+from harness import lifecycle  # noqa: E402
 
 
 @pytest.fixture
@@ -18,8 +19,13 @@ def old_app(recipe, app_domain, meta, request):
     lifecycle.janitor()
     request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
     lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
     return app_domain, prev
 
 
@@ -31,8 +37,13 @@ def test_upgrade_preserves_realm(old_app, meta):
     assert kc_admin.marker_realm_exists(domain, tok), "marker realm not created"
 
     lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
 
     # re-auth (token from the old instance is fine, but get a fresh one post-upgrade) and verify
     tok2 = kc_admin.admin_token(domain, pw)

tests/lasuite-docs/test_backup.py

@@ -3,6 +3,7 @@ dumps the DB), mutate (drop it), restore (post-hook reloads), assert the restore
 
 Exercises the recipe's real DB-dump backup hook (postgres + minio are both backupbot-labelled); the
 postgres marker is the meaningful Docs-metadata data path."""
+
 import os
 import sys
 
@@ -18,16 +19,28 @@ def _psql(domain, sql):
 def test_backup_mutate_restore(deployed, meta):
     domain = deployed
 
-    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
-                  "INSERT INTO ci_marker VALUES('original');")
+    _psql(
+        domain,
+        "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+        "INSERT INTO ci_marker VALUES('original');",
+    )
     assert _psql(domain, "SELECT v FROM ci_marker;") == "original"
     lifecycle.backup_app(domain)
 
     _psql(domain, "DROP TABLE ci_marker;")
-    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in ("", "NULL"), "drop did not take"
+    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in (
+        "",
+        "NULL",
+    ), "drop did not take"
 
     lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
-    assert _psql(domain, "SELECT v FROM ci_marker;") == "original", \
-        "restore did not return the pre-mutation postgres state"
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "original"
+    ), "restore did not return the pre-mutation postgres state"

tests/lasuite-docs/test_install.py

@@ -4,6 +4,7 @@ minio + nginx) converges and serves the app over real HTTPS through the gateway.
 
 Login is OIDC-gated (no live OIDC provider in CI), so the functional assertion is that the frontend
 SPA is served (unauthenticated landing), not an authenticated flow."""
+
 import os
 import sys
 
@@ -27,7 +28,11 @@ def test_playwright_loads_frontend(deployed_app):
             ctx = browser.new_context(ignore_https_errors=True)
             page = ctx.new_page()
             resp = page.goto(url, wait_until="domcontentloaded", timeout=60000)
-            assert resp is not None and resp.status in (200, 301, 302), f"page status {resp and resp.status}"
+            assert resp is not None and resp.status in (
+                200,
+                301,
+                302,
+            ), f"page status {resp and resp.status}"
             assert "<html" in page.content().lower(), "no HTML served by the frontend"
         finally:
             browser.close()

tests/lasuite-docs/test_upgrade.py

@@ -3,6 +3,7 @@ upgrade to current/$REF, assert the app stays healthy and the postgres data surv
 
 Docs metadata lives in postgres, so the marker is a row in a dedicated `ci_marker` table (the app's
 own Django migrations don't touch it), read back via `psql` in the `db` service."""
+
 import os
 import sys
 
@@ -25,21 +26,35 @@ def old_app(recipe, app_domain, meta, request):
     lifecycle.janitor()
     request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
     lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
     return app_domain, prev
 
 
 def test_upgrade_preserves_data(old_app, meta):
     domain, prev = old_app
-    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
-                  "INSERT INTO ci_marker VALUES('upgrade-survives');")
+    _psql(
+        domain,
+        "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+        "INSERT INTO ci_marker VALUES('upgrade-survives');",
+    )
     assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
 
     lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
 
     assert lifecycle.http_get(domain, "/") in (200, 301, 302)
-    assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives", \
-        "postgres data did not survive the upgrade"
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
+    ), "postgres data did not survive the upgrade"

tests/matrix-synapse/recipe_meta.py

@@ -1,7 +1,7 @@
 # Per-recipe harness config for matrix-synapse (recipe #4 — DB + media store; the large-volume /
 # DB-backed category). Base recipe = synapse `app` + postgres `db` + nginx `web`. server_name is
 # DOMAIN (set by abra), so no EXTRA_ENV needed. Synapse + postgres startup is slow -> long timeouts.
-HEALTH_PATH = "/_matrix/client/versions"   # 200 JSON once synapse is serving the client API
+HEALTH_PATH = "/_matrix/client/versions"  # 200 JSON once synapse is serving the client API
 HEALTH_OK = (200,)
 DEPLOY_TIMEOUT = 600
 HTTP_TIMEOUT = 600

tests/matrix-synapse/test_backup.py

@@ -4,6 +4,7 @@ reloads the dump), assert the restored DB matches the pre-mutation state.
 
 This exercises the real DB-dump backup hook (backupbot.backup.pre-hook / restore.post-hook), not a
 plain volume copy — the meaningful data path for a postgres-backed app."""
+
 import os
 import sys
 
@@ -20,18 +21,30 @@ def test_backup_mutate_restore(deployed, meta):
     domain = deployed
 
     # 1) establish original state in postgres, then back up (pg_backup.sh dumps the DB)
-    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
-                  "INSERT INTO ci_marker VALUES('original');")
+    _psql(
+        domain,
+        "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+        "INSERT INTO ci_marker VALUES('original');",
+    )
     assert _psql(domain, "SELECT v FROM ci_marker;") == "original"
     lifecycle.backup_app(domain)
 
     # 2) mutate: drop the marker table (diverge from the backup)
     _psql(domain, "DROP TABLE ci_marker;")
-    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in ("", "NULL"), "drop did not take"
+    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in (
+        "",
+        "NULL",
+    ), "drop did not take"
 
     # 3) restore -> the dumped DB (with the marker) is reloaded
     lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
-    assert _psql(domain, "SELECT v FROM ci_marker;") == "original", \
-        "restore did not return the pre-mutation postgres state"
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "original"
+    ), "restore did not return the pre-mutation postgres state"

tests/matrix-synapse/test_install.py

@@ -1,6 +1,7 @@
 """matrix-synapse — install stage (recipe #4, DB + media store). D2 install: the synapse client API
 answers 200 over real HTTPS through the gateway (nginx -> synapse). The base recipe has no browser
 UI (element-web is an addon), so the functional assertion is the JSON client API, not Playwright."""
+
 import json
 import os
 import sys
@@ -18,4 +19,6 @@ def test_client_api_advertises_versions(deployed_app):
     """The client-API version document is real synapse JSON (proves the app, not just a proxy 200)."""
     body = lifecycle.http_body(deployed_app, "/_matrix/client/versions")
     doc = json.loads(body)
-    assert isinstance(doc.get("versions"), list) and doc["versions"], "no matrix client versions advertised"
+    assert (
+        isinstance(doc.get("versions"), list) and doc["versions"]
+    ), "no matrix client versions advertised"

tests/matrix-synapse/test_upgrade.py

@@ -3,6 +3,7 @@ upgrade to current/$REF, assert the app stays healthy and the postgres data surv
 
 Matrix data lives in postgres, so the marker is a row in a dedicated `ci_marker` table (synapse's
 own schema migrations don't touch it), read back via `psql` in the `db` service."""
+
 import os
 import sys
 
@@ -25,24 +26,38 @@ def old_app(recipe, app_domain, meta, request):
     lifecycle.janitor()
     request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
     lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
     return app_domain, prev
 
 
 def test_upgrade_preserves_data(old_app, meta):
     domain, prev = old_app
     # write a marker row into postgres (independent of synapse's own tables)
-    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
-                  "INSERT INTO ci_marker VALUES('upgrade-survives');")
+    _psql(
+        domain,
+        "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+        "INSERT INTO ci_marker VALUES('upgrade-survives');",
+    )
     assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
 
     # upgrade previous -> current/$REF
     lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
 
     # app healthy and the data written before the upgrade is still there
     assert lifecycle.http_get(domain, meta["HEALTH_PATH"]) == 200
-    assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives", \
-        "postgres data did not survive the upgrade"
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
+    ), "postgres data did not survive the upgrade"

tests/n8n/test_backup.py

@@ -3,6 +3,7 @@ mutate, restore, assert the restored state matches the pre-mutation state.
 
 The n8n `app` service is labelled `backupbot.backup=true` with `backupbot.backup.path=/home/node/.n8n`,
 so a marker file there is backed up; checked via `exec_in_app`."""
+
 import os
 import sys
 
@@ -23,7 +24,13 @@ def test_backup_mutate_restore(deployed, meta):
     assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "mutated"
 
     lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
-    assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "original", \
-        "restore did not return the pre-mutation state"
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
+    assert (
+        lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "original"
+    ), "restore did not return the pre-mutation state"

tests/n8n/test_install.py

@@ -1,4 +1,5 @@
 """n8n — install stage (recipe #6, workflow automation). D2 install + D3 Playwright."""
+
 import os
 import sys
 
@@ -22,7 +23,10 @@ def test_playwright_loads_editor(deployed_app):
             ctx = browser.new_context(ignore_https_errors=True)
             page = ctx.new_page()
             resp = page.goto(url, wait_until="domcontentloaded", timeout=60000)
-            assert resp is not None and resp.status in (200, 304), f"page status {resp and resp.status}"
+            assert resp is not None and resp.status in (
+                200,
+                304,
+            ), f"page status {resp and resp.status}"
             body = page.content().lower()
             assert "n8n" in body or "<html" in body, "no n8n content served"
         finally:

tests/n8n/test_upgrade.py

@@ -3,6 +3,7 @@ persistent /home/node/.n8n volume, upgrade to current/$REF, assert health + data
 
 n8n state lives in the .n8n volume (sqlite + config); the marker is a file there, read back via
 `exec_in_app` (not HTTP-served)."""
+
 import os
 import sys
 
@@ -22,8 +23,13 @@ def old_app(recipe, app_domain, meta, request):
     lifecycle.janitor()
     request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
     lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
     return app_domain, prev
 
 
@@ -33,9 +39,15 @@ def test_upgrade_preserves_data(old_app, meta):
     assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives"
 
     lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
 
     assert lifecycle.http_get(domain, meta["HEALTH_PATH"]) == 200
-    assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives", \
-        "data did not survive the upgrade"
+    assert (
+        lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives"
+    ), "data did not survive the upgrade"