style(1b): auto-format + lint-clean the whole codebase (RL1)

Mechanical, semantics-preserving cleanup so the codebase passes the new lint stage: - ruff format: all 32 Python files (wraps long signatures, normalizes quotes/blank lines). - nixpkgs-fmt: modules/drone-runner.nix. - shfmt (-i 2 -ci): scripts/*.sh. Lint fixes (reviewed, behavior-preserving — no test weakened): - ruff SIM105: try/except-pass -> contextlib.suppress (abra.py app_config rm; lifecycle.py janitor). - ruff SIM115: open().read() -> with open() (run_recipe_ci.py redaction-values + gitea-token). - statix: merge repeated sops `secrets.*` keys into one `secrets = { ... }` (comments kept); empty fn pattern `{ ... }:` -> `_:` (packages.nix). - deadnix: drop unused lambda args (flake `self`; configuration.nix `lib`; overlay `final` -> `_`). Verified on cc-ci: `scripts/lint.sh` -> lint: PASS; nixosConfigurations.cc-ci evaluates; all Python byte-compiles. The deployed bridge/dashboard/runner source changes hash (reformat), so cc-ci will be rebuilt to the new closure in W2 before the cold D1-D10 re-verification. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 20:52:05 +01:00
parent a0ea2f0aa9
commit 2cede01ed7
35 changed files with 431 additions and 185 deletions
--- a/tests/cryptpad/test_backup.py
+++ b/tests/cryptpad/test_backup.py
@ -3,6 +3,7 @@ backup, mutate, restore, assert the restored state matches the pre-mutation (bac

 The cryptpad `app` service is labelled `backupbot.backup=true`, so its volumes (incl. cryptpad_data)
 are backed up. Marker is checked via `exec_in_app` (data isn't HTTP-served)."""
+
 import os
 import sys

@ -26,7 +27,13 @@ def test_backup_mutate_restore(deployed, meta):

    # 3) restore -> state returns to the backed-up "original"
    lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
-    assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "original", \
-        "restore did not return the pre-mutation state"
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
+    assert (
+        lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "original"
+    ), "restore did not return the pre-mutation state"
--- a/tests/cryptpad/test_install.py
+++ b/tests/cryptpad/test_install.py
@ -1,4 +1,5 @@
 """cryptpad — install stage (recipe #3, stateful/no-DB). D2 install + D3 Playwright."""
+
 import os
 import sys

@ -23,7 +24,10 @@ def test_playwright_loads_cryptpad(deployed_app):
            ctx = browser.new_context(ignore_https_errors=True)
            page = ctx.new_page()
            resp = page.goto(url, wait_until="load", timeout=60000)
-            assert resp is not None and resp.status in (200, 304), f"page status {resp and resp.status}"
+            assert resp is not None and resp.status in (
+                200,
+                304,
+            ), f"page status {resp and resp.status}"
            body = page.content().lower()
            assert "cryptpad" in body or "<html" in body, "no cryptpad content served"
        finally:
--- a/tests/cryptpad/test_upgrade.py
+++ b/tests/cryptpad/test_upgrade.py
@ -3,6 +3,7 @@ persistent volume, upgrade to current/$REF, assert the app stays healthy and the

 cryptpad data isn't HTTP-served as a static file (it's an encrypted datastore), so the marker is
 written into the cryptpad_data volume and read back via `exec_in_app` (docker exec), not HTTP."""
+
 import os
 import sys

@ -22,8 +23,13 @@ def old_app(recipe, app_domain, meta, request):
    lifecycle.janitor()
    request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
    lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
    return app_domain, prev


@ -35,10 +41,16 @@ def test_upgrade_preserves_data(old_app, meta):

    # upgrade previous -> current/$REF
    lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )

    # app healthy and the data written before the upgrade is still there
    assert lifecycle.http_get(domain, "/") in (200, 301, 302)
-    assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives", \
-        "data did not survive the upgrade"
+    assert (
+        lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives"
+    ), "data did not survive the upgrade"