recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

decisions+status(2w): W0.5 done (WC3 snapshot proven); W0.6 reconciler version model (deploy-by-tag, recipe-semver pre-+, python entrypoint in store)

Browse Source
This commit is contained in:
autonomic-bot
2026-05-29 00:15:38 +01:00
parent 4cc1e15a53
commit 67240dca92
2 changed files with 46 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
machine-docs/DECISIONS.md
View File

@ -615,3 +615,30 @@ autonomous reconciler to operator visibility (latency = next Builder wake; accep
**Re-sequence:** WC1.1's keycloak rollback needs the WC3 snapshot helper, so build that FIRST, then
rewrite the reconciler ONCE into the unpinned + WC1.2-safety-gated + WC1.1-health-gated-rollback form
(avoids reworking the reconciler twice). The W0.3 reconciler is INTERIM until then.
## Phase 2w — W0.6 reconciler: version model + deploy-by-tag (2026-05-29)
**Reconcile entrypoint in Python, packaged in the nix store.** `runner/warm_reconcile.py`, invoked by
the systemd unit as `${pyEnv}/bin/python3 ${../../runner}/warm_reconcile.py <app>` (the runner/ dir is
copied into the store → D8-clean, no dependence on the /root/cc-ci checkout). Reuses
warmsnap/sso/abra/lifecycle so there is ONE snapshot impl (also used by the runner for WC5). Replaces
the bash reconcile in warm-keycloak.nix.
**"latest" = newest published version TAG, deployed pinned (not chaos-of-main).** WC1.2's "major
recipe-version bump" detection needs comparable versions, which chaos (deploy main HEAD) doesn't give.
So the reconciler resolves latest = `git tag | sort -V | tail -1` (valid coop-cloud version tags),
records current = the app .env `VERSION`, and deploys the chosen tag pinned (`abra app deploy <domain>
<version> -o -n -f`, after `git checkout <tag>`). "Auto-update to latest" is satisfied by converging
to the newest tag; "chaos" in the operator note is read as "auto-deploy latest", and tag-pinning is
the correct mechanism for a version-gated auto-update.
**coop-cloud version format is `<recipe-semver>+<app-version>` (observed), not the plan's
`<upstream>+<recipe-semver>`.** Evidence: keycloak `10.7.1+26.6.2` → image `keycloak:26.6.2`; n8n
`3.2.0+2.20.6` → image `n8nio/n8n:2.20.6` (the post-`+` part is the app image tag). So the **recipe
semver is the part BEFORE `+`**. WC1.2's "major recipe bump = breaking" keys off the major (first)
component of the pre-`+` recipe semver (e.g. 3.x→4.0 = held). Secondary signal: scan the target's
`releaseNotes/<version>.md` for manual-migration markers.
**Scope order for W0.6:** keycloak first (the W0 focus, stateful → snapshot path); apply the same
health-gated + safety-gate pattern to traefik (stateless, version-rollback-only) afterward by
migrating proxy.nix onto the shared reconcile entrypoint.