style(1b): auto-format + lint-clean the whole codebase (RL1)

Mechanical, semantics-preserving cleanup so the codebase passes the new lint stage: - ruff format: all 32 Python files (wraps long signatures, normalizes quotes/blank lines). - nixpkgs-fmt: modules/drone-runner.nix. - shfmt (-i 2 -ci): scripts/*.sh. Lint fixes (reviewed, behavior-preserving — no test weakened): - ruff SIM105: try/except-pass -> contextlib.suppress (abra.py app_config rm; lifecycle.py janitor). - ruff SIM115: open().read() -> with open() (run_recipe_ci.py redaction-values + gitea-token). - statix: merge repeated sops `secrets.*` keys into one `secrets = { ... }` (comments kept); empty fn pattern `{ ... }:` -> `_:` (packages.nix). - deadnix: drop unused lambda args (flake `self`; configuration.nix `lib`; overlay `final` -> `_`). Verified on cc-ci: `scripts/lint.sh` -> lint: PASS; nixosConfigurations.cc-ci evaluates; all Python byte-compiles. The deployed bridge/dashboard/runner source changes hash (reformat), so cc-ci will be rebuilt to the new closure in W2 before the cold D1-D10 re-verification. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 20:52:05 +01:00
parent a0ea2f0aa9
commit 2cede01ed7
35 changed files with 431 additions and 185 deletions
--- a/tests/keycloak/kc_admin.py
+++ b/tests/keycloak/kc_admin.py
@ -1,5 +1,6 @@
 """Recipe-specific keycloak admin-API helpers (not harness). Used by the upgrade/backup stages to
 write a real data marker (a realm) into mariadb and verify it survives upgrade / backup-restore."""
+
 import json
 import ssl
 import sys
@ -21,12 +22,20 @@ def admin_password(domain: str) -> str:


 def admin_token(domain: str, password: str, user: str = "admin") -> str:
-    data = urllib.parse.urlencode({
-        "grant_type": "password", "client_id": "admin-cli", "username": user, "password": password,
-    }).encode()
+    data = urllib.parse.urlencode(
+        {
+            "grant_type": "password",
+            "client_id": "admin-cli",
+            "username": user,
+            "password": password,
+        }
+    ).encode()
    req = urllib.request.Request(
-        f"https://{domain}/realms/master/protocol/openid-connect/token", data=data,
-        headers={"Content-Type": "application/x-www-form-urlencoded"}, method="POST")
+        f"https://{domain}/realms/master/protocol/openid-connect/token",
+        data=data,
+        headers={"Content-Type": "application/x-www-form-urlencoded"},
+        method="POST",
+    )
    with urllib.request.urlopen(req, timeout=30, context=_CTX) as r:
        return json.load(r)["access_token"]

@ -36,8 +45,9 @@ def _admin(domain, token, path, method="GET", body=None):
    headers = {"Authorization": "Bearer " + token}
    if data:
        headers["Content-Type"] = "application/json"
-    req = urllib.request.Request(f"https://{domain}/admin{path}", data=data, headers=headers,
-                                 method=method)
+    req = urllib.request.Request(
+        f"https://{domain}/admin{path}", data=data, headers=headers, method=method
+    )
    try:
        with urllib.request.urlopen(req, timeout=30, context=_CTX) as r:
            return r.status