diff --git a/machine-docs/BACKLOG-2.md b/machine-docs/BACKLOG-2.md index 2e80c68..5a7a549 100644 --- a/machine-docs/BACKLOG-2.md +++ b/machine-docs/BACKLOG-2.md @@ -208,7 +208,14 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md` - [x] **Q4.8** — uptime-kuma: enrolled. PARITY.md + recipe_meta.py + 3 functional tests (health_check, socketio_handshake, spa_branding). Cold green (commit `1aaf3bd`). Create-a-monitor in DEFERRED.md (Socket.IO client primitive + --extra; F2-10 closed). -- [ ] **Q4.9** — mailu: enroll; specific (create a mailbox, send/receive verification). +- [x] **Q4.9** — mailu: **FULL LIFECYCLE GREEN @2026-05-29 — CLAIMED (STATUS-2 Gate Q4.9), awaiting + Adversary.** Full email stack. install+upgrade(real 3.0.0+2024.06.27→3.0.1+2024.06.37 crossover)+ + custom green; deploy-count=1; clean teardown. backup/restore N/A-SKIP (no backupbot label → P4 + N/A, documented PARITY.md+DEFERRED.md, Adversary §7.1 sign-off requested). P2 vacuous (no corpus). + P3: test_mailbox (flask mailu user create → config-export read-back) + test_mail_flow (in-container + sendmail inject → doveadm search deliver/store/fetch). TLS_FLAVOR=notls (avoids certdumper/ACME); + in-container mail tools (notls disallows network plaintext auth). Commits 916bdd8+8844943; log + ccci-mailu-full2. - [ ] **Q4.10** — drone: enroll; specific (create/list builds via API). - [ ] **Q4.11** — Q4 gate: each recipe green with parity + specific. diff --git a/machine-docs/STATUS-2.md b/machine-docs/STATUS-2.md index 4c8cdfb..7b460e1 100644 --- a/machine-docs/STATUS-2.md +++ b/machine-docs/STATUS-2.md @@ -55,10 +55,11 @@ at `bitnamilegacy/discourse` but the install tier deploys the prev published ver recipe-PR can't unblock testing until upstream releases a fixed version (same class as plausible Q4.7b). Scaffolding staged (recipe_meta + postgres-P4 overlays + health, commit ca7acf3); §4.3 create-topic not written (deploy blocked). DEFERRED.md 2026-05-29 discourse entry. Node fully torn down/clean. -**NEXT: Q4.9 mailu** — images pullable (ghcr.io/mailu/*); no recipe-maintainer corpus (P2 vacuous); no -backupbot label (P4 will be N/A/recipe-PR-deferred like immich). Functional: admin API create domain+ -mailbox + read-back + SMTP/IMAP mail flow. (drone Q4.10 also pullable but needs a gitea OAuth dep for -functional depth — lower priority.) +**Q4.9 mailu — FULL LIFECYCLE GREEN @2026-05-29 — CLAIMED (see ## Gate Q4.9), awaiting Adversary.** +install+upgrade(3.0.0→3.0.1)+custom green; backup/restore N/A-skip (no backupbot → P4 N/A, §7.1 +sign-off requested); 2 functional (create-mailbox + send→deliver→fetch mail-flow). TLS_FLAVOR=notls; +in-container sendmail/doveadm. Commits 916bdd8+8844943; log ccci-mailu-full2. **NEXT: drone Q4.10** +(last §5 gap; HTTP single-service; no backupbot [P4 N/A]; functional depth needs gitea OAuth dep). **Q4.7 plausible — Adversary finding ACK @2026-05-29 (REVIEW-2 `0efcc36`).** Test content + deferral @@ -179,6 +180,53 @@ SKIP no longer yields a GREEN `!testme`. ## Gate +**Gate: Q4.9 mailu — CLAIMED @2026-05-29, awaiting Adversary.** + +**WHAT.** mailu (full email stack: nginx front `app` + admin + postfix `smtp` + dovecot `imap` + +rspamd `antispam` + webmail + redis `db` + certdumper) runs **install + upgrade + custom GREEN**; +`deploy-count=1`; clean teardown. backup/restore **SKIP (N/A)** — the upstream recipe ships **no +`backupbot.backup` label** on any service (`backup_capable=False`), so there is no recipe backup +mechanism to exercise → **P4 is genuinely N/A for mailu as published** (documented in +`tests/mailu/PARITY.md` + `machine-docs/DEFERRED.md` 2026-05-29 mailu entry). **Requesting Adversary +§7.1 sign-off on P4-N/A** (alternative: a cc-ci-authored backupbot recipe-PR, mirroring immich Q3.5). +- **P2 — VACUOUS:** no `recipe-info/mailu/tests/` corpus exists in the recipe-maintainer workspace, + so there are no tests to port (documented in PARITY.md). +- **P3 — 2 recipe-specific functional tests (both green):** `functional/test_mailbox.py` (create a + mailbox via the admin container's `flask mailu user` CLI → read it back from `flask mailu + config-export --json` → assert present: admin-DB provisioning round-trip) + + `functional/test_mail_flow.py` (the characteristic mail flow: inject a uniquely-marked message via + the postfix container's local `sendmail` → poll dovecot's `doveadm search` in the imap container → + assert delivered/stored: a real postfix→rspamd→dovecot deliver/store/fetch). +- **cc-ci integration:** `recipe_meta.EXTRA_ENV(domain)` sets `MAIL_DOMAIN`/`HOSTNAMES`=run domain, + `TRAEFIK_STACK_NAME=traefik_ci_commoninternet_net` (resolves certdumper's external `*_letsencrypt` + volume), and **`TLS_FLAVOR=notls`** (mailu's mail-port TLS comes from certdumper dumping traefik's + ACME acme.json, which cc-ci has none of — file-provider wildcard cert; notls removes the dep; + certdumper still converges idle). The mail tests use the **in-container** sendmail/doveadm because + notls makes dovecot refuse plaintext auth over the network (port 143) — the in-container path + exercises the same delivery/storage stack. `HEALTH_PATH=/` (front nginx → 301). + +**HOW (Adversary, cold, on cc-ci):** +``` +ssh cc-ci 'cd /root/ && git pull && RECIPE=mailu PR=0 cc-ci-run runner/run_recipe_ci.py' +``` + +**EXPECTED:** +- RUN SUMMARY: `deploy-count = 1 (expect 1)`; `install/upgrade/custom` **pass**; `backup/restore` + **skip** (N/A, no backupbot — EXPECTED, not a failure). +- Upgrade: `upgrade→PR-head: head_ref=23309a1a chaos-version=23309a1a version=3.0.0+2024.06.27→ + 3.0.1+2024.06.37` (real crossover; head_ref==chaos-version = HC1). +- Custom — **3 PASS**: `test_mailu_front_serves`, `test_create_mailbox_and_read_back`, + `test_send_and_receive_mail`. +- Clean teardown: post-run `docker stack ls | grep mail` → empty. + +**WHERE.** Commits `916bdd8` (mailu tests) + `8844943` (in-container mail-flow rewrite, drop network +IMAP-auth test). Files: `tests/mailu/{recipe_meta.py,PARITY.md,functional/{_mailu.py,test_health_check.py, +test_mailbox.py,test_mail_flow.py}}`. Log `/root/ccci-mailu-full2.log`. Smoke-discovery logs: +`/root/mailu-smoke.log` (convergence/health/ports/flask CLI) + `/root/mailu-smoke2.log` (proved +sendmail-inject → doveadm-search delivery). DEFERRED.md mailu P4-N/A entry. + +--- + **Gate: Q4.2 mumble — ✅ Adversary PASS @2026-05-29 (REVIEW-2 `1daa1ea`).** Cold first-hand full lifecycle GREEN on the Adversary's clone: all 5 tiers, deploy-count=1, tcp ready-probe ×2, real upgrade crossover 0.2.0→1.0.0+ (head_ref==chaos-version), P3 config round-trips non-vacuous