chore(2w): bootstrap Phase 2w loop state + cleanup orphaned cold apps
- Seed STATUS-2w / BACKLOG-2w / JOURNAL-2w (WC1-WC9 DoD, W0-W4 milestones). - Tore down leftover Phase-2 cold apps (lasu-0a6fb2/keyc-07d81e/lasu-dbg); disk 91%->86%. - DECISIONS: warm-domain scheme, per-run realm isolation, warm keycloak as declarative infra, cold fallback. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -557,3 +557,31 @@ pulls. Tested on cc-ci with the authenticated config.json in place:
|
||||
So: declarative root `config.json` is sufficient end-to-end here; `--with-registry-auth` is not
|
||||
required (abra/SDK attaches it). **Caveat (Phase 2b):** 200/6h may still be tight for a full ~18-recipe
|
||||
sweep; the permanent structural fix is a registry pull-through cache authenticated with this same PAT.
|
||||
|
||||
---
|
||||
|
||||
## Phase 2w — warm canonical + `--quick` (2026-05-28)
|
||||
|
||||
**Stable-domain scheme for warm apps: `warm-<recipe>.ci.commoninternet.net`.** Distinct from cold
|
||||
per-run `<recipe[:4]>-<6hex>` (naming.app_domain) so a warm app is never confused with a disposable
|
||||
cold run. Live-warm keycloak = `warm-keycloak.ci.commoninternet.net`; data-warm canonicals (W1) =
|
||||
`warm-<recipe>...`. Risk to watch: longer stack name vs swarm's 64-char config/secret limit —
|
||||
verified per-recipe on first deploy; shorten the scheme if any recipe's secret name overflows.
|
||||
|
||||
**Realm is the per-run isolation unit on the shared live-warm keycloak (WC1).** Instead of
|
||||
co-deploying a fresh keycloak per dependent run, dependents use the one live-warm keycloak and create
|
||||
a **per-run namespaced realm+client+user**, deleted at run teardown. Realm name =
|
||||
`<parent_recipe>-<6hex>` where 6hex is the parent's per-run domain label suffix — unique per
|
||||
(parent, pr, ref) so concurrent dependents never collide, and traceable for debugging. (Was
|
||||
`realm=parent_recipe`, which would collide across concurrent same-recipe runs.)
|
||||
|
||||
**Warm keycloak is declarative INFRA, not warm DATA.** The live-warm keycloak service is brought up
|
||||
by a Nix systemd-oneshot reconciler (converges to deployed+healthy at the stable domain), exactly
|
||||
like the traefik recipe deploy — so it IS in the D8 reproducibility closure (re-warmable from
|
||||
scratch) and self-heals on activation/boot. Only warm *volumes/snapshots* (W1+) are cache excluded
|
||||
from D8. The keycloak's realm data is ephemeral per-run, so nothing persistent to exclude.
|
||||
|
||||
**Live-warm is an optimization layer with a cold fallback.** If no warm keycloak is present (e.g. a
|
||||
from-scratch host before the reconciler has run, or the warm app is down), the keycloak dep path
|
||||
falls back to the existing cold co-deploy so dependent runs still work. The warm path is preferred
|
||||
when available.
|
||||
|
||||
Reference in New Issue
Block a user