review(redfix-M2): PASS 6/6 — discourse re-verified level=5 (F-redfix-1 CLOSED); all 6 canon-sweep fixes cold-verified; node clean; no VETO; Builder cleared to DONE
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
autonomic-bot
@ -55,7 +55,15 @@ hold). Concrete fix designs from M1 evidence:
|
||||
|
||||
(Adversary-owned — do not edit.)
|
||||
|
||||
### [adversary] F-redfix-1 — discourse migration INCOMPLETE: dangling image-less `sidekiq` in compose.smtpauth.yml (R011 lint regression + breaks SMTP-auth deploys) — OPEN
|
||||
### [adversary] F-redfix-1 — discourse migration INCOMPLETE: dangling image-less `sidekiq` in compose.smtpauth.yml (R011 lint regression + breaks SMTP-auth deploys) — **CLOSED @2026-06-18T07:06Z**
|
||||
|
||||
**CLOSED by Adversary re-test.** Builder fixed in PR #4 @9ff5e19 (force-pushed onto 53ba0910): removed the
|
||||
orphaned `sidekiq:` block from compose.smtpauth.yml; the `app:` service retains the smtp env + secret (SMTP
|
||||
auth preserved — official image runs sidekiq internally). My re-verify: (1) exact lint.py repro @9ff5e19 →
|
||||
**R011 ✅** (R003/R004 also clean; `grep -c sidekiq compose*.yml` = 0); (2) my own full cold run
|
||||
`/tmp/adv-discourse-m2v2.log` → **level=5 of 5**, all 5 tiers pass, `lint rung: pass`, both overlay tests
|
||||
(`test_head_runs_official_image_not_bitnamilegacy`, `test_sidekiq_service_dropped_by_head`) still PASS. The
|
||||
fix is minimal + correct (no test change, smtp preserved). Regression resolved.
|
||||
|
||||
**Severity:** blocks M2 (discourse not "verified green"). Fix-introduced regression on a recipe PR meant to be merged.
|
||||
|
||||
|
||||
@ -292,3 +292,44 @@ breaks SMTP-auth deploys (F-redfix-1). The Builder's "all 6 FIXED + verified gre
|
||||
for discourse. **M2 cannot be marked DONE until F-redfix-1 is fixed and discourse re-verified to
|
||||
level=5.** No VETO needed — this FAIL blocks the handshake; I will re-verify discourse on the Builder's
|
||||
rework. The other 5 components are solid and need no re-run unless their fixes change.
|
||||
|
||||
- 2026-06-18T07:06Z — **discourse RE-VERIFIED PASS (F-redfix-1 CLOSED).** Builder reworked discourse PR #4
|
||||
@9ff5e19 (force-pushed onto 53ba0910). I inspected the diff: it removes ONLY the orphaned image-less
|
||||
`sidekiq:` block from `compose.smtpauth.yml`; the `app:` service keeps `DISCOURSE_SMTP_PASSWORD_FILE` env
|
||||
+ `smtp_password` secret (SMTP auth preserved — sidekiq is internal to the official image). No test
|
||||
change. Re-verify: (1) exact `harness/lint.py` repro flow @9ff5e19 → **R011 ✅** (R003/R004 clean too;
|
||||
`grep -c sidekiq compose*.yml` = 0); (2) my OWN full cold run (`/tmp/adv-discourse-m2v2.log`, RECIPE=
|
||||
discourse @9ff5e19) → **RUN SUMMARY level=5 of 5**, all 5 tiers pass (install/upgrade/backup/restore/
|
||||
custom), `lint rung: pass` (lint.txt status=pass, R011 ✅), and the two upgrade-overlay tests STILL pass.
|
||||
Regression gone. Node clean: no discourse canonical (M1 baseline), recipe reset to published tag
|
||||
0.8.1+3.5.0. (6/6)
|
||||
|
||||
## REVIEW VERDICT — Gate M2: **PASS** @ 2026-06-18T07:06Z (supersedes the 06:42Z FAIL)
|
||||
|
||||
All 6 canon-sweep failures FIXED and independently cold-verified by my own runs / chaos-deploys, one
|
||||
recipe at a time, no concurrent load — each two-sided where applicable (M1 failure reproduced first-hand,
|
||||
M2 fix proven):
|
||||
1. **keycloak** (harness) — WC5 promote at the collision-free `warm-canon-keycloak` domain; live shared
|
||||
`warm-keycloak` SSO UNDISTURBED (app up 4d, service Updated 2026-06-13, /realms/master 200 throughout);
|
||||
all cold tiers pass. Collision-free routing affects ONLY keycloak (sole WARM_DOMAINS member) — zero
|
||||
blast radius on the other 15 canonicals.
|
||||
2. **mumble** (harness) — handshake test PASS in 10.3s (load-flake confirmed: fast in isolation); budget
|
||||
widening 60s→180s is pure headroom, asserts unchanged (non-weakening). level=5.
|
||||
3. **gitea** (recipe PR #2 @a0f2db8) — chaos-deploy onto retained idle 3.5.3 volumes (genuine pre-fix
|
||||
0-byte app.ini): NO read-only crash (M1 signature gone), app.ini seeded 0→1862B (INSTALL_LOCK=true),
|
||||
`/api/v1/version` 200 {1.24.2}, healthz 200, retained data adopted; canonical UNCHANGED 3.5.3 e6a1cc79
|
||||
(no false promote). Merge-gating honest (published 3.6.0=357926f ≠ fix).
|
||||
4. **bluesky-pds** (recipe PR #4 @4987ba9) — chaos-deploy: caddy resolves its OWN app via the FQ swarm
|
||||
name (10.0.5.5 internal) while bare `app` → 10.10.0.12 foreign (the M1 collision); cert obtained, 0
|
||||
connection-refused; external `/xrpc/_health` 200 {0.4.219} (M1 was 000).
|
||||
5. **mattermost-lts** (recipe PR #1 @4ca7f418) — cold run all 5 tiers pass incl restore; the M1-failing
|
||||
`test_restore_returns_state` PASSES (pg_backup.sh + restore.post-hook round-trips the dump). level=5.
|
||||
6. **discourse** (recipe PR #4 @9ff5e19) — official-image migration; both upgrade-overlay tests pass AND
|
||||
the F-redfix-1 regression (image-less sidekiq in compose.smtpauth.yml) is fixed → level=5, lint R011 ✅.
|
||||
|
||||
No standing exceptions. gitea/bluesky end-to-end canonical advance is operator-merge-gated (the fix is
|
||||
proven by chaos-deploy; the published tags don't carry it pre-merge) — consistent with the phase's
|
||||
"nothing merged" constraint, NOT a shrug. Node left clean: only infra + live warm-keycloak (200); gitea
|
||||
idle 3.5.3 canonical unchanged; mattermost/discourse/bluesky no canonical (M1 baseline); no test/warm
|
||||
stacks, no run procs; all 6 recipes at their published tags. No open Adversary findings (F-redfix-1
|
||||
CLOSED). **No VETO.** The Builder is cleared to write `## DONE` to STATUS-redfix.md.
|
||||
|
||||
Reference in New Issue
Block a user