recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

claim(M2): dashboard redeployed (image 15addbc7bf45 -> 11ac2a1e6c07), live full per-recipe history verified
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source 
bluesky-pds 8 rows in exact host ts order (753 556 435 427 423 ab-* m2rr-* m2r-*),
plausible 30 (capped from 33), ghost 24; overview+badges 200; service 1/1.
Deploy via path: flake (git-flake drops secrets/ submodule). Retention: no trim
job on /var/lib/cc-ci-runs (439 dirs / 17 days) — adequate.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-06-17 16:37:21 +00:00
parent 84ac65f6d2
commit 4c0b289881
3 changed files with 61 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
machine-docs/BACKLOG-dash.md
View File

@ -7,11 +7,11 @@
`finished`, capped at HISTORY_CAP, malformed/empty dirs skipped, security/other routes unchanged. `finished`, capped at HISTORY_CAP, malformed/empty dirs skipped, security/other routes unchanged.
- [x] M1: unit test for local sourcing (count/order/cap/skip) + full-fixture verify vs real data. - [x] M1: unit test for local sourcing (count/order/cap/skip) + full-fixture verify vs real data.
- [ ] M1: awaiting Adversary PASS in REVIEW-dash.md. - [ ] M1: awaiting Adversary PASS in REVIEW-dash.md.
- [ ] M2: deploy. Procedure (host flake source = `/etc/cc-ci` git clone): - [x] M2: deployed. Procedure (host flake source = `/etc/cc-ci` git clone):
`ssh cc-ci 'git -C /etc/cc-ci pull && systemd-run --no-block --unit=ccci-dash-sw --collect `ssh cc-ci 'git -C /etc/cc-ci pull && systemd-run --no-block --unit=ccci-dash-sw --collect
--property=Type=oneshot nixos-rebuild switch --flake /etc/cc-ci#cc-ci'`. Content-hash image tag --property=Type=oneshot nixos-rebuild switch --flake /etc/cc-ci#cc-ci'`. Content-hash image tag
rolls dashboard.py change: current deployed `15addbc7bf45` → expected new `11ac2a1e6c07` rolls dashboard.py change: current deployed `15addbc7bf45` → expected new `11ac2a1e6c07`
(`sha256sum dashboard/dashboard.py | cut -c1-12`). Then verify live on `/recipe/bluesky-pds` (`sha256sum dashboard/dashboard.py | cut -c1-12`). Then verify live on `/recipe/bluesky-pds`
(8 runs) + ≥2 recipes, overview + badges still 200, deploy-dashboard active, host health after. (8 runs) + ≥2 recipes, overview + badges still 200, deploy-dashboard active, host health after.
- [ ] M2: confirm retention does not trim `/var/lib/cc-ci-runs` (record in DECISIONS if a cap needed). - [x] M2: retention confirmed — no trim job; does not trim `/var/lib/cc-ci-runs` (record in DECISIONS if a cap needed).
- [ ] DONE: both gates Adversary-PASS in REVIEW-dash.md → write `## DONE` in STATUS-dash.md. - [ ] DONE: both gates Adversary-PASS in REVIEW-dash.md → write `## DONE` in STATUS-dash.md.

14
machine-docs/JOURNAL-dash.md
View File

@ -42,3 +42,17 @@ during M2 and record in DECISIONS if a cap is ever needed (none needed now).
against all 308 real `results.json` + injected malformed/empty/no-recipe dirs: bluesky-pds=8 in exact against all 308 real `results.json` + injected malformed/empty/no-recipe dirs: bluesky-pds=8 in exact
timestamp order, plausible capped 30 (newest kept), 308 total grouped, edge dirs skipped without timestamp order, plausible capped 30 (newest kept), 308 total grouped, edge dirs skipped without
raising, security guards (`_RUN_ID_RE`, `_results_for`, `serve_run_file`) all still reject traversal. raising, security guards (`_RUN_ID_RE`, `_results_for`, `serve_run_file`) all still reject traversal.
## 2026-06-17 — M2 deploy + live verify
**Deploy gotcha (recorded):** `nixos-rebuild switch --flake /etc/cc-ci#cc-ci` FAILED:
`error: path '…/secrets/secrets.yaml' does not exist`. A git-flake build copies only the top repo's
git-tracked files; `secrets/` is a submodule gitlink, so its working-tree contents (the sops file)
are excluded unless `?submodules=1`. The documented canonical approach builds a `path:` flake of the
synced tree (which includes the on-disk submodule files, no remote submodule fetch / creds). Did:
tar `/etc/cc-ci` minus `.git``/root/ccci-build``nixos-rebuild switch --flake path:/root/ccci-build#cc-ci`.
Build OK (24s), deploy-dashboard reconcile rolled the service `15addbc7bf45 → 11ac2a1e6c07`.
**Live verify:** service 1/1 on new tag; `/recipe/bluesky-pds` shows 8 rows in the EXACT host
timestamp order (incl. named ids landing in their slots); plausible 30 (capped from 33), ghost 24;
overview + badge still 200. Retention: no module trims `/var/lib/cc-ci-runs`; 439 dirs over 17 days.

46
machine-docs/STATUS-dash.md
View File

@ -62,7 +62,51 @@ runs out of view, so most recipes showed 1 run). Overview (`/`), `/badge/<recipe
- Status pill derived from the per-stage `results` map (`results.json` has no top-level status): - Status pill derived from the per-stage `results` map (`results.json` has no top-level status):
any `fail`/`error` → failure; all `pass`/`skip` → success; else unknown. any `fail`/`error` → failure; all `pass`/`skip` → success; else unknown.
## Gate: M2 — NOT STARTED (deploy + live verify; begins after M1 PASS) ## Gate: M2 CLAIMED, awaiting Adversary
**WHAT** — the dashboard service is rebuilt + redeployed with the M1 fix; the LIVE per-recipe
history page now shows the full (display-capped) local-artifact history. Verified on `bluesky-pds`
(8 runs) + `plausible` (30, capped from 33) + `ghost` (24); overview + badges + host health intact.
**WHERE** —
- Deployed image: `cc-ci-dashboard:11ac2a1e6c07` (content hash of the M1 dashboard.py; rolled FROM
`15addbc7bf45`). Source built from commit `84ac65f`+ (origin/main; this push adds the M2 status).
- Deploy: host flake clone `/etc/cc-ci` pulled, then `nixos-rebuild switch` from a `path:` flake of
the synced working tree (`path:/root/ccci-build#cc-ci`) — a plain git-flake build drops the
`secrets/` submodule (gitlink), the `path:` copy includes the on-disk `secrets/secrets.yaml`. The
`deploy-dashboard` reconcile rolled the swarm service on the new content-hash tag.
- Live: `https://ci.commoninternet.net/recipe/<recipe>`.
**HOW to verify (cold)** —
1. Deployed image + service health:
```
ssh cc-ci 'docker service ls --filter name=ccci-dashboard --format "{{.Replicas}} {{.Image}}"'
```
EXPECTED: `1/1 cc-ci-dashboard:11ac2a1e6c07`.
2. Live full history (count rows = run count on host):
```
for r in bluesky-pds plausible ghost; do
echo -n "$r: "; curl -s https://ci.commoninternet.net/recipe/$r \
| grep -coE '<tr><td><a href'; done
```
EXPECTED: `bluesky-pds 8`, `plausible 30` (capped from 33), `ghost 24` — matching the host run
counts (`history_for` cap = 30).
3. Live order matches host timestamp order (mixed numeric+named id trap):
```
curl -s https://ci.commoninternet.net/recipe/bluesky-pds | grep -oE '>#[^<]+</a>' \
| sed 's/[>#<]//g; s|/a||'
```
EXPECTED exactly: `753 556 435 427 423 ab-bluesky-pds-oldmain m2rr-bluesky-pds m2r-bluesky-pds`.
4. Other routes unaffected:
```
curl -s -o /dev/null -w '%{http_code}\n' https://ci.commoninternet.net/ # 200 overview
curl -s -o /dev/null -w '%{http_code}\n' https://ci.commoninternet.net/badge/bluesky-pds.svg # 200
```
EXPECTED: both `200`; overview still latest-per-recipe (Drone-sourced, unchanged).
**EXPECTED — retention** confirmed adequate: no nix module/tmpfiles/cron trims `/var/lib/cc-ci-runs`
(`grep -rn cc-ci-runs nix/` shows no rm/find-delete/prune/maxage). Host: 439 run dirs spanning
2026-05-31 → 2026-06-17 (17 days). No growth cap needed now (recorded in DECISIONS).
## Blocked ## Blocked
(none) (none)