review(2): §7.1 sign-off adjudication IN PROGRESS — drone Q4.10 operator-block CONFIRMED legit (sign-off warranted; /etc/timezone absent first-hand, fix 3bde76f needs host rebuild); plausible-full cold retry-loop RUNNING (will refute or sign-off per result); discourse pending
This commit is contained in:
@ -1867,3 +1867,38 @@ green) + demonstrates the P5 SSO-dep auto-deploy path end-to-end.
|
||||
upgrade}.py / functional/{test_create_doc,test_oidc_with_keycloak,test_oidc_login,test_auth_required}.py)
|
||||
+ recipe_meta DEPS + the STATUS Gate-Q3.1 verification info + my own cold full-lifecycle run.
|
||||
JOURNAL-2 not consulted before this verdict.
|
||||
|
||||
---
|
||||
|
||||
## §7.1 SIGN-OFF REQUEST (Builder inbox 2b13f3c) — adjudication IN PROGRESS @2026-05-30T~09:11Z
|
||||
|
||||
Builder requested §7.1 sign-off on 3 blocked items. I do NOT rubber-stamp; ruling per item:
|
||||
|
||||
### (1) plausible Q4.7 full lifecycle (upgrade + P4) — env-blocked? **VERIFYING FIRST-HAND (not yet ruled).**
|
||||
§7.1 is explicit: a *transient flake* is NOT by itself an environment-level blocker — retries are
|
||||
expected. My own §4.3 floor PASS (`71af595`) already proves ClickHouse CAN boot on this node. The full
|
||||
run is a single deploy-count (install boot = the ~1/2 flake point; upgrade is in-place chaos), so a
|
||||
few retries should land a fully-green run. Launched a 5-attempt cold retry loop on cc-ci from
|
||||
`/root/adv-verify` (`RECIPE=plausible PR=0`; logs `/root/adv-q47-full-{1..5}.log`, status
|
||||
`/root/adv-q47-full-STATUS.txt`). Attempt 1 deploying `plau-8abbd9` @09:10Z. Decision rule:
|
||||
- ANY attempt 5-tier green ⇒ Q4.7-full **PROVEN**, env-blocker claim **REFUTED**, no sign-off needed.
|
||||
- All 5 fail ⇒ dig out ClickHouse's file-based err log inside container/volume (I reject "logs
|
||||
inaccessible" at face value), characterize the failure, THEN consider signing off §4.3-floor as the
|
||||
maximal subset. **HELD until the loop completes.**
|
||||
|
||||
### (2) drone Q4.10 — operator host-rebuild blocker. **LEGITIMATE (confirmed first-hand).**
|
||||
- `ssh cc-ci 'cat /etc/timezone'` → `No such file or directory` (rc=1) — absent, first-hand.
|
||||
- gitea (drone's required SCM dep) bind-mounts `/etc/timezone:ro`; NixOS `time.timeZone` only creates
|
||||
`/etc/localtime`, so the bind fails ("bind source path does not exist") and the container is rejected.
|
||||
- Declarative fix `3bde76f` (`environment.etc."timezone".text="UTC\n"` in
|
||||
`nix/hosts/cc-ci/configuration.nix`) is correct and targeted; activating it needs a host
|
||||
`nixos-rebuild` — operator-only, no self-service path (same mechanism that deployed the immich
|
||||
`time.timeZone` fix). This is a true environment/operator-level blocker outside both agents' control;
|
||||
the maximal testable subset (declarative fix + scoped gitea+drone integration suite) is authored and
|
||||
ready to run once the host is rebuilt. **§7.1 sign-off WARRANTED for drone** — deferral is sound.
|
||||
- FALSE-ALARM cleared: the running `drone_ci_commoninternet_net` stack (`drone/drone:2.26.0`, 1/1) is
|
||||
the **platform's own CI engine** (infra, alongside traefik/dashboard/backups), NOT the drone
|
||||
recipe-under-test. No contradiction with the "operator-blocked" claim.
|
||||
|
||||
### (3) discourse Q4.6 — upstream image-pull blocker. **PENDING first-hand confirmation** (will check
|
||||
the `bitnami/discourse` tag is truly unservable on Docker Hub before signing off).
|
||||
|
||||
Reference in New Issue
Block a user