M4: harness + green install stage (custom-html + Playwright); guaranteed teardown; M4 CLAIMED

run_recipe_ci.py + conftest + abra/lifecycle wrappers + Nix python/playwright env.
deploy_app forces LETS_ENCRYPT_ENV='' (addresses A1). Short per-run domain scheme
for the 64-char swarm name limit. 2 passed; teardown leaves zero orphans.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/conftest.py

@@ -0,0 +1,53 @@
+"""Shared pytest fixtures for recipe CI (plan §4.3).
+
+A run is parameterized by env: RECIPE, REF (PR head sha), PR, SRC (head repo). The harness
+computes a unique app domain per run so concurrent runs never collide, and GUARANTEES teardown
+(undeploy + volume + secret removal) via a finalizer, even on failure.
+"""
+from __future__ import annotations
+
+import hashlib
+import os
+import sys
+import time
+
+import pytest
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "runner"))
+from harness import lifecycle  # noqa: E402
+
+
+def _short(s: str, n: int = 8) -> str:
+    return "".join(c for c in s if c.isalnum())[:n] or "local"
+
+
+@pytest.fixture(scope="session")
+def recipe() -> str:
+    return os.environ.get("RECIPE", "custom-html")
+
+
+@pytest.fixture(scope="session")
+def app_domain(recipe) -> str:
+    # Docker swarm config/secret names = <stackname>_<res>_<ver> must be <= 64 chars, and
+    # stackname is the sanitized domain. ".ci.commoninternet.net" alone is 22 chars, so the
+    # subdomain label must stay short. Use <recipe[:4]>-<6hex(recipe|pr|ref)> — unique per run,
+    # collision-safe across recipes (full recipe in the hash), readable context lives in the
+    # Drone build params + PR comment. (Deviation from plan §4.0 long name; see DECISIONS.md.)
+    pr = os.environ.get("PR", "0")
+    ref = os.environ.get("REF", "local" + str(int(time.time())))
+    tag = _short(recipe, 4).lower()
+    h = hashlib.sha1(f"{recipe}|{pr}|{ref}".encode()).hexdigest()[:6]
+    return f"{tag}-{h}.ci.commoninternet.net"
+
+
+@pytest.fixture(scope="session")
+def deployed_app(recipe, app_domain):
+    """Install stage: deploy the recipe and wait until healthy; tear down at session end."""
+    version = os.environ.get("VERSION") or None
+    lifecycle.janitor()  # sweep orphans from crashed runs first
+    try:
+        lifecycle.deploy_app(recipe, app_domain, version=version, secrets=True)
+        lifecycle.wait_healthy(app_domain)
+        yield app_domain
+    finally:
+        lifecycle.teardown_app(app_domain)

tests/custom-html/test_install.py

@@ -0,0 +1,30 @@
+"""custom-html — install stage (recipe #1, simple/stateless). D2 install + D3 Playwright."""
+import sys
+import os
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
+from harness import lifecycle  # noqa: E402
+
+
+def test_http_reachable(deployed_app):
+    """The deployed app answers 200 over real HTTPS through the gateway."""
+    status = lifecycle.http_get(deployed_app, "/")
+    assert status == 200, f"expected 200 from {deployed_app}, got {status}"
+
+
+def test_playwright_page(deployed_app):
+    """A real browser (Playwright/Chromium) loads the live app and sees served content."""
+    from playwright.sync_api import sync_playwright
+
+    url = f"https://{deployed_app}/"
+    with sync_playwright() as p:
+        browser = p.chromium.launch(args=["--no-sandbox"])
+        try:
+            ctx = browser.new_context(ignore_https_errors=True)
+            page = ctx.new_page()
+            resp = page.goto(url, wait_until="load", timeout=30000)
+            assert resp is not None and resp.status == 200, f"page status {resp and resp.status}"
+            body = page.content()
+            assert "nginx" in body.lower() or "<html" in body.lower(), "no served HTML content"
+        finally:
+            browser.close()