style(1b): auto-format + lint-clean the whole codebase (RL1)

Mechanical, semantics-preserving cleanup so the codebase passes the new lint stage: - ruff format: all 32 Python files (wraps long signatures, normalizes quotes/blank lines). - nixpkgs-fmt: modules/drone-runner.nix. - shfmt (-i 2 -ci): scripts/*.sh. Lint fixes (reviewed, behavior-preserving — no test weakened): - ruff SIM105: try/except-pass -> contextlib.suppress (abra.py app_config rm; lifecycle.py janitor). - ruff SIM115: open().read() -> with open() (run_recipe_ci.py redaction-values + gitea-token). - statix: merge repeated sops `secrets.*` keys into one `secrets = { ... }` (comments kept); empty fn pattern `{ ... }:` -> `_:` (packages.nix). - deadnix: drop unused lambda args (flake `self`; configuration.nix `lib`; overlay `final` -> `_`). Verified on cc-ci: `scripts/lint.sh` -> lint: PASS; nixosConfigurations.cc-ci evaluates; all Python byte-compiles. The deployed bridge/dashboard/runner source changes hash (reformat), so cc-ci will be rebuilt to the new closure in W2 before the cold D1-D10 re-verification. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 20:52:05 +01:00
parent a0ea2f0aa9
commit 2cede01ed7
35 changed files with 431 additions and 185 deletions
--- a/tests/matrix-synapse/recipe_meta.py
+++ b/tests/matrix-synapse/recipe_meta.py
@ -1,7 +1,7 @@
 # Per-recipe harness config for matrix-synapse (recipe #4 — DB + media store; the large-volume /
 # DB-backed category). Base recipe = synapse `app` + postgres `db` + nginx `web`. server_name is
 # DOMAIN (set by abra), so no EXTRA_ENV needed. Synapse + postgres startup is slow -> long timeouts.
-HEALTH_PATH = "/_matrix/client/versions"   # 200 JSON once synapse is serving the client API
+HEALTH_PATH = "/_matrix/client/versions"  # 200 JSON once synapse is serving the client API
 HEALTH_OK = (200,)
 DEPLOY_TIMEOUT = 600
 HTTP_TIMEOUT = 600
--- a/tests/matrix-synapse/test_backup.py
+++ b/tests/matrix-synapse/test_backup.py
@ -4,6 +4,7 @@ reloads the dump), assert the restored DB matches the pre-mutation state.

 This exercises the real DB-dump backup hook (backupbot.backup.pre-hook / restore.post-hook), not a
 plain volume copy — the meaningful data path for a postgres-backed app."""
+
 import os
 import sys

@ -20,18 +21,30 @@ def test_backup_mutate_restore(deployed, meta):
    domain = deployed

    # 1) establish original state in postgres, then back up (pg_backup.sh dumps the DB)
-    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
-                  "INSERT INTO ci_marker VALUES('original');")
+    _psql(
+        domain,
+        "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+        "INSERT INTO ci_marker VALUES('original');",
+    )
    assert _psql(domain, "SELECT v FROM ci_marker;") == "original"
    lifecycle.backup_app(domain)

    # 2) mutate: drop the marker table (diverge from the backup)
    _psql(domain, "DROP TABLE ci_marker;")
-    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in ("", "NULL"), "drop did not take"
+    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in (
+        "",
+        "NULL",
+    ), "drop did not take"

    # 3) restore -> the dumped DB (with the marker) is reloaded
    lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
-    assert _psql(domain, "SELECT v FROM ci_marker;") == "original", \
-        "restore did not return the pre-mutation postgres state"
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "original"
+    ), "restore did not return the pre-mutation postgres state"
--- a/tests/matrix-synapse/test_install.py
+++ b/tests/matrix-synapse/test_install.py
@ -1,6 +1,7 @@
 """matrix-synapse — install stage (recipe #4, DB + media store). D2 install: the synapse client API
 answers 200 over real HTTPS through the gateway (nginx -> synapse). The base recipe has no browser
 UI (element-web is an addon), so the functional assertion is the JSON client API, not Playwright."""
+
 import json
 import os
 import sys
@ -18,4 +19,6 @@ def test_client_api_advertises_versions(deployed_app):
    """The client-API version document is real synapse JSON (proves the app, not just a proxy 200)."""
    body = lifecycle.http_body(deployed_app, "/_matrix/client/versions")
    doc = json.loads(body)
-    assert isinstance(doc.get("versions"), list) and doc["versions"], "no matrix client versions advertised"
+    assert (
+        isinstance(doc.get("versions"), list) and doc["versions"]
+    ), "no matrix client versions advertised"
--- a/tests/matrix-synapse/test_upgrade.py
+++ b/tests/matrix-synapse/test_upgrade.py
@ -3,6 +3,7 @@ upgrade to current/$REF, assert the app stays healthy and the postgres data surv

 Matrix data lives in postgres, so the marker is a row in a dedicated `ci_marker` table (synapse's
 own schema migrations don't touch it), read back via `psql` in the `db` service."""
+
 import os
 import sys

@ -25,24 +26,38 @@ def old_app(recipe, app_domain, meta, request):
    lifecycle.janitor()
    request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
    lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        app_domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )
    return app_domain, prev


 def test_upgrade_preserves_data(old_app, meta):
    domain, prev = old_app
    # write a marker row into postgres (independent of synapse's own tables)
-    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
-                  "INSERT INTO ci_marker VALUES('upgrade-survives');")
+    _psql(
+        domain,
+        "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+        "INSERT INTO ci_marker VALUES('upgrade-survives');",
+    )
    assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"

    # upgrade previous -> current/$REF
    lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
-                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    lifecycle.wait_healthy(
+        domain,
+        ok_codes=tuple(meta["HEALTH_OK"]),
+        path=meta["HEALTH_PATH"],
+        deploy_timeout=meta["DEPLOY_TIMEOUT"],
+        http_timeout=meta["HTTP_TIMEOUT"],
+    )

    # app healthy and the data written before the upgrade is still there
    assert lifecycle.http_get(domain, meta["HEALTH_PATH"]) == 200
-    assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives", \
-        "postgres data did not survive the upgrade"
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
+    ), "postgres data did not survive the upgrade"