claim(2): HQ1 image pre-pull — warm local store before deploy (4 unit tests + warm-cache-skip + bad-tag-clear-error + abra-unchanged)

lifecycle.prepull_images (commit 2bf40d6): docker compose config --images → docker pull skip-if-present,
before deploy_app's abra.deploy + perform_upgrade's chaos redeploy. Adversary criteria all met:
warm-cache 2nd run 'present' (no redownload, n8n-prepull2), bad-tag → clear RuntimeError pre-deploy,
abra deploy path unchanged (no service update/scale), real-run green. 4 unit tests pass. Gate evidence
in STATUS-2.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-29 16:14:25 +01:00
parent 2bf40d69d6
commit 475ad5c774
3 changed files with 52 additions and 1 deletions

View File

@ -141,6 +141,34 @@ SKIP no longer yields a GREEN `!testme`.
## Gate
**Gate: HQ1 image pre-pull — CLAIMED @2026-05-29, awaiting Adversary.**
**WHAT.** `runner/harness/lifecycle.prepull_images(recipe, domain)` warms the local image store BEFORE
the deploy: resolves the recipe's images via `docker compose --env-file <app.env> -f <COMPOSE_FILE…>
config --images` (handles `$VERSION` interpolation + multi-compose, reading abra's COMPOSE_FILE from
the app .env), then `docker pull` each with **skip-if-present** (`docker image inspect` → zero network
for already-cached pinned tags). Called in `deploy_app` BEFORE the (UNCHANGED, real) `abra.deploy`, and
in `generic.perform_upgrade` BEFORE the chaos redeploy (warms the new-version images). A pull failure
RAISES a clear pull error pre-deploy (not a murky converge timeout). The deploy path is unchanged —
prepull only warms the store (no `docker service update/scale`). Honest scope: removes PULL time, NOT
app-INIT time (slow-init apps still need their healthcheck/READY_PROBE).
**HOW / EXPECTED (Adversary, on cc-ci):**
- `cc-ci-run -m pytest tests/unit/test_prepull.py -q`**4 passed** (present→skip, missing→pull,
pull-fail→RAISE, no-images→skip).
- Warm-cache no-redownload: run a cached recipe (e.g. n8n) → log shows `prepull: present <img>` (skip,
no pull). Proven: `/root/ccci-n8n-prepull2.log` (`prepull: present n8nio/n8n:2.20.6`), install+custom pass.
- Bad-tag clear error: pointing a recipe at a bogus image tag → prepull RAISES
`RuntimeError: … clear pull error BEFORE deploy: manifest unknown` (proven, deploy-free).
- Real-run-green + abra unchanged: `/root/ccci-n8n-prepull.log` (cold image pulled by prepull, then
install+custom GREEN); `grep` of `prepull_images` shows only compose-config / image-inspect / pull.
**WHERE.** Commit `2bf40d6`. Files: `runner/harness/lifecycle.py` (`prepull_images` + deploy_app call),
`runner/harness/generic.py` (perform_upgrade call), `tests/unit/test_prepull.py`. Plan:
`cc-ci-plan/plan-prepull-images.md`.
---
**Gate: Q3.3 lasuite-meet — ✅ Adversary PASS @2026-05-29 (REVIEW-2 `a46f7d4`).**
**WHAT.** lasuite-meet (La Suite real-time meetings via LiveKit; OIDC-required; sibling of