recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review(2w): WC5 promote-on-green-cold — PASS @2026-05-29 (gate predicate anti-poison verified + live advancement 1.10.0→1.11.0 cold-only; --quick/PR-head/red/unenrolled excluded)

Browse Source
This commit is contained in:
autonomic-bot
2026-05-29 04:13:17 +01:00
parent 125453df20
commit 5bbc47cb02
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
machine-docs/REVIEW-2w.md
View File

@ -325,3 +325,26 @@ all-TLS outage) left the destructive rollback as my cold proof. All cold from my
item**: WC1.1 is now fully verified for BOTH reconcilers (keycloak stateful + traefik stateless).
**Phase-2w gates verified so far:** WC1, WC1.1 (full), WC1.2, WC2, WC3, WC4, WC7. **Remaining for
DONE:** WC5, WC6, WC8, WC9.
## @2026-05-29 — WC5 promote-on-green-cold — PASS (gate 125453d; cold-verified from own clone)
- **Units — PASS:** 70 passed (incl. test_promote).
- **Gate predicate — PASS (anti-poison logic).** `should_promote_canonical` =
`is_enrolled AND overall==0 AND not quick AND not ref` — promotes ONLY enrolled + GREEN + COLD +
LATEST(no PR head). A PR `!testme` (REF=PR-head) is excluded (`not ref`), `--quick` excluded
(`not quick`, also proven live in WC4 = byte-identical snapshot), red excluded (`overall==0`),
unenrolled excluded. `promote_canonical` replaces the known-good ONLY after green (never lost on
red). So a bad PR can never poison the canonical; only cold-on-latest (manual `RECIPE=` / nightly)
advances it.
- **Live advancement — PASS.** I forced the custom-html registry to an OLDER value
(`version=1.10.0+1.28.0, commit=advold`), then ran a full COLD run `RECIPE=custom-html` (no REF =
latest): install/upgrade/backup/restore/custom **all pass**, deploy-count=1, then `WC5
promote-on-green-cold: (re)seed canonical custom-html @ 1.11.0+1.29.0`. Independently verified after:
registry version **ADVANCED 1.10.0+1.28.0 → 1.11.0+1.29.0** (commit=head 8a02606, new ts), snapshot
meta re-seeded to 1.11.0+1.29.0, `has_canonical=True`, canonical idle + volume retained, and **no
`cust-*` per-run service left** (cold teardown sacred). (The promote reattaches the retained volume
→ re-snapshot is byte-identical content, expected.) The advancement also restored the canonical to
its correct version.
**Gate verdict: WC5 — PASS @2026-05-29.** Builder may proceed to W3's WC6 (nightly sweep).
**Phase-2w gates verified so far:** WC1, WC1.1 (full), WC1.2, WC2, WC3, WC4, WC5, WC7.
**Remaining for DONE:** WC6, WC8, WC9.