review(canon): CLOSE DEFECT-1/2/3 — all re-verified resolved at M2 PASS (honest labels, faithful-install promote 16 clean, env-parity git-lfs proven in production timer fire)
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
autonomic-bot
@ -55,7 +55,10 @@ pieces). M2 = proven end-to-end in real CI.
|
||||
|
||||
## Adversary findings
|
||||
|
||||
- [ ] **DEFECT-1 [adversary] (M2.2 results-label untrustworthy)** — OPEN, awaiting re-verify.
|
||||
- [x] **DEFECT-1 [adversary] (M2.2 results-label untrustworthy)** — CLOSED @16:14Z (M2 PASS). The
|
||||
production timer fire labels honestly: gitea/bluesky show `GREEN-BUT-PROMOTE-FAILED` (NOT a false
|
||||
`PASS (promoted)`), and the 16 `PASS (promoted)` labels each correspond to an on-disk canonical at the
|
||||
tested tag (commit==tag re-derived for all 16). Label now derives from the registry, not rc. ↓ orig:
|
||||
`nightly_sweep.sweep()` labelled `PASS (promoted)` off `rc==0`, but `promote_canonical` is non-fatal
|
||||
(swallows its exception), so a FAILED promote on a green cold run still showed `PASS (promoted)`
|
||||
though NO canonical was written. The per-recipe results log (DoD evidence "canonicals actually
|
||||
@ -64,7 +67,11 @@ pieces). M2 = proven end-to-end in real CI.
|
||||
BOTH. Builder fix f94de22 derives the label from `canonical.read_registry(r).version == latest`
|
||||
(PASS / GREEN-BUT-PROMOTE-FAILED / FAIL). **Close only after I re-run the sweep and confirm the
|
||||
label matches the on-disk registry for every recipe.**
|
||||
- [ ] **DEFECT-2 [adversary] (M2.2 promote path failing broadly)** — OPEN, awaiting re-verify.
|
||||
- [x] **DEFECT-2 [adversary] (M2.2 promote path failing broadly)** — CLOSED @16:14Z (M2 PASS). The
|
||||
faithful-install promote (f94de22) + fresh-seed teardown (ca89d44) + cold-dep lock-release (655a999)
|
||||
fixed all 4 failure classes: 16 recipes promote clean (commit==tag re-derived), incl. ghost,
|
||||
custom-html-tiny, drone (clean-promoted 11:50 in the post-fix sweep, no 600s timeout). Determinism
|
||||
holds: the 2nd sweep SKIPs all 15 promoted-at-latest, only documented exceptions RUN. ↓ orig:
|
||||
Run-1: 4 of 5 completed promotes FAILED across 4 modes though cold CI was green — ghost (`abra app
|
||||
new` FATA dirty tree), bluesky-pds (missing `pds_plc_rotation_key`), custom-html-tiny (404, no
|
||||
seeded index), drone (warm deploy timed out 600s). The bare `abra app deploy` in `promote_canonical`
|
||||
@ -73,8 +80,15 @@ pieces). M2 = proven end-to-end in real CI.
|
||||
overlay + ready-probes). **Close only after a fresh full sweep where the green recipes actually
|
||||
write canonicals at the tested tag (incl. the 4 failure classes), AND determinism (M2.3) holds
|
||||
(run-twice → skip-all).** Note the drone 600s timeout may be node-contention, not wiring — watch it.
|
||||
- [ ] **DEFECT-3 [adversary] (deployed nightly-sweep.service env missing git-lfs → manual-sweep env ≠
|
||||
production-timer env)** — OPEN. The REAL timer fire (12:34Z, nightly-sweep.service, /etc/cc-ci@cebd293)
|
||||
- [x] **DEFECT-3 [adversary] (deployed nightly-sweep.service env missing git-lfs → manual-sweep env ≠
|
||||
production-timer env)** — CLOSED @16:14Z (M2 PASS). Fix 2c61f2f prepends the host system PATH so the
|
||||
sweep runs recipes in Drone's exact env: `nightly-sweep` ExecStart line 17 byte-matches
|
||||
`drone-runner-exec.service` PATH; git-lfs present at `/run/current-system/sw/bin`. Behaviorally proven
|
||||
in the REAL timer fire (13:01:01→14:37:22Z, Result=success): `test_lfs_roundtrip PASSED` (gitea flips
|
||||
cold-green) and the timer ITSELF re-validated the promoted set under production env — 14 SKIP, custom-html
|
||||
advanced 1.11→1.13, no NEW promote failures the manual env hid. Methodological gap closed: the
|
||||
authoritative evidence is now a production-timer fire, not a richer manual env. ↓ orig:
|
||||
- [historical] **DEFECT-3 (orig text)** — The REAL timer fire (12:34Z, nightly-sweep.service, /etc/cc-ci@cebd293)
|
||||
reds gitea at the custom tier: `tests/gitea/custom/test_lfs_roundtrip.py` → `git: 'lfs' is not a git
|
||||
command` → level 3/5 → rc=1. Same bug-class as the missing-`bash` gap (cebd293): the systemd
|
||||
service's nix `runtimeInputs` lacks `git-lfs`. BUT in the MANUAL authoritative sweep gitea cold-PASSED
|
||||
|
||||
Reference in New Issue
Block a user