STATUS: M3 CLAIMED (polling primary verified) + resource-safety section; clear webhook blocker
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
50
STATUS.md
50
STATUS.md
@ -1,9 +1,12 @@
|
||||
# STATUS — cc-ci Builder
|
||||
|
||||
**Phase:** M6 complete & CLAIMED. M0/M1/M2/M4/M5 PASS. M3 gate BLOCKED (Gitea webhook; operator).
|
||||
Next: M6.5 (breadth ramp — recipes 3–6 + keycloak full 3-stage), M7, M8. Resolve M3 trigger before M10.
|
||||
**In-flight:** M6.5 — keycloak full 3-stage (DB survival), then enroll recipes covering remaining categories.
|
||||
**Last updated:** 2026-05-27 (M6 claimed; D4 + recipe #2)
|
||||
**Phase:** M0/M1/M2/M4/M5 PASS; M3 + M6 CLAIMED (awaiting Adversary). M3 trigger now UNBLOCKED &
|
||||
verified (polling primary — see M3 gate). Next: wire bridge→Drone recipe-CI pipeline (`.drone.yml`
|
||||
integration gap), then M6.5 (breadth ramp), M7, M8.
|
||||
**In-flight:** Bridge→Drone integration (recipe-CI pipeline) + M6.5 keycloak full 3-stage, then
|
||||
enroll recipes covering remaining D10 categories.
|
||||
**Last updated:** 2026-05-27 (trigger redesign: polling primary + org-membership auth, M3 verified;
|
||||
resource safety: MAX_TESTS=1 + 60m timeout)
|
||||
|
||||
## Gates
|
||||
- **Gate: M0 — CLAIMED, awaiting Adversary** (2026-05-26). Evidence: flake rebuilds cc-ci from repo
|
||||
@ -23,28 +26,27 @@ Next: M6.5 (breadth ramp — recipes 3–6 + keycloak full 3-stage), M7, M8. Res
|
||||
activated (push webhook). Pushing `.drone.yml` triggered build #1 → **success** (clone + hello exec
|
||||
steps, exit 0; ran abra/docker on the host). Repro: `nixos-rebuild switch` + one-time
|
||||
`scripts/bootstrap-drone-oauth.sh`. Starting M3 as independent work; won't flip M3 gate until M2 PASS.
|
||||
- **Gate: M3 — CLAIMED, awaiting Adversary** (2026-05-27). Trigger redesigned per orchestrator
|
||||
(plan §4.1): **polling is PRIMARY** (outbound, read-only, ≤30s), webhook optional/admin-registered;
|
||||
commenter auth via org membership (`GET /orgs/{owner}/members/{user}` 204, read-level) + optional
|
||||
allowlist — NOT the admin-requiring `/collaborators/{user}/permission`. Evidence: posted `!testme`
|
||||
on PR #1 (by bot, an org member) → poller fired in **6s** → Drone build **#26** for head
|
||||
`d397720a` → bridge posted the run-link comment back. Auth endpoint verified read-level: bot/trav/
|
||||
notplants → 204, non-member → 404. The old webhook-delivery blocker is **moot** (polling doesn't
|
||||
need the Gitea `ALLOWED_HOST_LIST` whitelist). Won't advance past this gate until REVIEW shows PASS;
|
||||
doing the bridge→Drone integration as independent work meanwhile.
|
||||
|
||||
## Resource safety (plan §4.2/§4.3 — orchestrator change 2026-05-27)
|
||||
- **MAX_TESTS = DRONE_RUNNER_CAPACITY = 1** (`modules/drone-runner.nix`): ≤1 build at once, Drone
|
||||
auto-queues the rest natively. Verified `DRONE_RUNNER_CAPACITY=1` on the runner.
|
||||
- **Per-build timeout = 60m** (`modules/drone.nix`, reconciled best-effort, non-fatal): a hung build
|
||||
is cancelled → frees its slot. Verified Drone repo `timeout: 60`.
|
||||
- **Janitor backstop** for SIGKILL'd builds (reaps orphaned run apps at run-start). At capacity=1
|
||||
the recipe-CI pipeline will set `CCCI_JANITOR_MAX_AGE=0` (safe — no concurrent runs). See DECISIONS.
|
||||
|
||||
## Blocked
|
||||
- **M3 gate — Gitea→bridge webhook delivery (operator FIXING: whitelisting ci.commoninternet.net in
|
||||
git.autonomic.zone `ALLOWED_HOST_LIST`).** Orchestrator update 2026-05-27: **keep the webhook
|
||||
design, do NOT pivot to polling.** Bridge + webhook (id 210) left in place as-is (webhook-only;
|
||||
the brief polling experiment was reverted). When the operator pings that the whitelist is applied:
|
||||
re-test delivery (Gitea Test Delivery or re-comment `!testme` on PR #1), confirm the bridge gets
|
||||
the POST + triggers a Drone build, then claim the M3 gate. Working other milestones meanwhile.
|
||||
Original diagnosis below for reference.
|
||||
The comment-bridge is built, deployed (swarm service behind traefik), and **publicly reachable**:
|
||||
`https://ci.commoninternet.net/hook/healthz` → 200 from the sandbox over *real public DNS*
|
||||
(ci.commoninternet.net → gateway 143.244.213.108). HMAC logic verified (a manually openssl-signed
|
||||
POST is accepted; bad sig → 401). BUT Gitea never delivers: commenting `!testme` on PR #1 and even
|
||||
Gitea's "Test Delivery" (UI returns 200/queued) produce **zero** requests at the bridge container
|
||||
(and traefik accessLog is off, so unobservable there). Bridge is reachable from a 3rd network, gateway
|
||||
accepts public sources, public DNS is correct → Gitea is not *sending* the HTTP request. Most likely
|
||||
git.autonomic.zone's `[webhook] ALLOWED_HOST_LIST` excludes `ci.commoninternet.net` (bot is not Gitea
|
||||
admin, can't inspect/change). **Operator options:** (a) add `ci.commoninternet.net` to Gitea's webhook
|
||||
allowed-host list; or (b) tell me to pivot the bridge to **poll** the Gitea API for `!testme` comments
|
||||
(self-service, satisfies D1's 60s; recorded as the fallback). **Not globally blocking** — M4 (harness +
|
||||
install stage) is independent of the trigger path (dev builds triggerable via the Drone API), so I
|
||||
proceed there meanwhile.
|
||||
- (none) — M3 webhook blocker cleared by the polling-primary redesign (polling is
|
||||
read-only/outbound and needs no Gitea `ALLOWED_HOST_LIST` whitelist).
|
||||
|
||||
## Tracking (adversary findings I must address)
|
||||
- **[adversary] A1 — no-ACME hazard for test apps.** Acknowledged (valid). The harness (M4) MUST
|
||||
|
||||
Reference in New Issue
Block a user