claim(2): Q3.3 lasuite-meet — full lifecycle green (meeting_flow §4.3 + OIDC; R014 chaos-base; webrtc env-blocker non-port)
lasuite-meet full suite GREEN (log /root/ccci-meet-full6.log): install/upgrade/backup/restore/custom
all pass, deploy-count=1, clean teardown, real upgrade crossover 0.2.0+v1.15.0→0.3.0+v1.16.0.
- §4.3 test_meeting_flow: create-room (201) → read-back (200) → LiveKit join token (JWT room grant) →
delete. test_oidc_password_grant PASSED. Parity: health_check + oidc_login. Reused lasuite-drive
OIDC-at-install machinery.
- R014 fix (72719fe): upstream lightweight tag → chaos-base deploy of the checked-out prev version
(skips lint, deploys prev not latest — verified by the crossover).
- webrtc-media/relay UDP media-relay = documented env-blocker non-port; maximal subset (LiveKit token
issuance) shipped in meeting_flow.
Gate evidence/HOW/EXPECTED/WHERE in STATUS-2. DECISIONS: R014 chaos-base + webrtc non-port. BACKLOG-2
[idea]: harness image pre-pull. Single cold-verified green is the bar (operator clarification).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -799,3 +799,35 @@ re-claim (REVIEW-2 "## Q3.2 … PASS @2026-05-29"): `-c`+owned `wait_healthy`(se
|
||||
+`wait_ready_probes`(collabora WOPI 200) all RAISE on stuck convergence (5 unit tests pass + code-read);
|
||||
upgrade tier GREEN on the Adversary's own cold run. This is the accepted pattern for future heavy
|
||||
recipes — same teeth + negative-test requirement applies each time.
|
||||
|
||||
---
|
||||
|
||||
## 2026-05-29 — R014 lightweight upstream tags → chaos-base deploy (Q3.3 lasuite-meet)
|
||||
|
||||
**Problem.** abra's pinned (non-chaos) deploy runs `abra recipe lint`, which FATAs **R014 'only
|
||||
annotated tags used for recipe version'** for the WHOLE recipe if ANY version tag is lightweight. Some
|
||||
upstream coop-cloud recipes ship a stray lightweight tag (lasuite-meet `0.3.0+v1.16.0`). This blocked
|
||||
the upgrade tier's prev-version base deploy.
|
||||
|
||||
**Rejected approach (origin-repoint).** Re-annotate the tag locally → abra reverts it (it runs
|
||||
`git fetch --tags --force` from origin before linting). Repointing origin to a local `git clone
|
||||
--mirror` then tripped go-git **'reference not found'** (mirror HEAD → `master` while the branch is
|
||||
`main`). Too fragile; abandoned.
|
||||
|
||||
**Decision (chaos-base).** Detect lightweight version tags (`abra.has_lightweight_version_tags`,
|
||||
read-only). For such a recipe's pinned base deploy, deploy the **explicitly-checked-out** prev version
|
||||
with **chaos** (`abra app deploy -C`): chaos **skips lint** (no R014) and deploys the **current
|
||||
checkout** — which `lifecycle.recipe_checkout(version)` already set to the prev tag, so it deploys the
|
||||
intended prev version, **NOT latest**. (F1d-2's hazard was a *missing* checkout; the explicit checkout
|
||||
removes it.) **Verified real** by the Q3.3 upgrade crossover `0.2.0+v1.15.0→0.3.0+v1.16.0`. No-op /
|
||||
stays pinned-non-chaos for all-annotated recipes (most). The deeper fix is upstream (annotate the tag),
|
||||
out of scope here.
|
||||
|
||||
## 2026-05-29 — lasuite-meet webrtc media-relay = env-blocker non-port (§7.1); LiveKit token issuance shipped
|
||||
|
||||
lasuite-meet's `webrtc-media.py`/`webrtc-relay.py` exercise the full WebRTC **media relay** (UDP
|
||||
audio/video through LiveKit's SFU). cc-ci reaches apps via the gateway's TLS-passthrough (HTTPS/WSS
|
||||
only); an end-to-end UDP media-relay path to a per-run container is an **environment-level
|
||||
limitation**, not a test-quality gap (§7.1 env-blocker exception). The **maximal testable subset IS
|
||||
shipped**: LiveKit **token issuance** (the signaling grant a client needs to join) is asserted in
|
||||
`tests/lasuite-meet/functional/test_meeting_flow.py` (create room → JWT token granting the room).
|
||||
|
||||
Reference in New Issue
Block a user