recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(1d): G1 backup/restore + F1d-1 cert-check reframe

Browse Source 
- backup artifact: read snapshot_id from 'abra app backup create' output (snapshots needs a TTY);
  generic.parse_snapshot_id + do_backup assert it
- restore serving race: lifecycle.http_fetch (one request -> status+body, never raises) +
  assert_serving is now a bounded poll (settles a post-op reconverge, no bare sleep); drop wait_serving
- F1d-1 (Adversary, low): reframe served_cert/assert_serving honestly as an INFRA TLS sanity check
  (catches a lapsed/mis-rotated wildcard cert), NOT app-vs-fallback (Traefik serves the wildcard
  zone-wide); the genuine serving proof is services_converged + non-404 status. Awaiting re-test.

DG1 Adversary PASS @ef44d46. G1 full-lifecycle re-verification in flight.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-27 23:39:45 +01:00
parent a8f78b8673
commit 6c5d8f28ea
5 changed files with 144 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
machine-docs/STATUS-1d.md
View File

@ -12,8 +12,9 @@ every recipe gets a generic lifecycle suite for free; recipe-specific tests laye
per-recipe overlay authoring is Phase 2.
## Definition of Done (Phase 1d) — DG1DG8, each Adversary cold-verified in REVIEW-1d
- [ ] **DG1** — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving
- [x] **DG1** — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving
(real HTTP(S), not Traefik fallback). Green on a simple recipe with no cc-ci/repo-local tests.
**Adversary PASS @2026-05-27** (cold, hedgedoc, deploy-count=1, clean teardown).
- [ ] **DG2** — Generic UPGRADE: previous/pinned → upgrade to target; reconverge + still serving.
- [ ] **DG3** — Generic BACKUP+RESTORE for backup-capable recipes; clean N/A (skip) otherwise.
- [ ] **DG4** — Layering (override-or-extend; generic is the default); discovery + cc-ci/repo-local
@ -34,20 +35,21 @@ per-recipe overlay authoring is Phase 2.
- **G4** — `!testme` e2e + per-op reporting + docs + cold verify. *Accept: DG6, DG7, DG8 → DONE.*
## In flight
**G1 — generic upgrade + backup/restore (next).** G0 code is in place and DG1 is green; while the
Adversary verifies G0, I'll build/prove the generic upgrade tier (previous→target in place) and the
backup/restore tiers gated on backup-capability (hedgedoc & custom-html are both backup-capable).
**G1 — generic upgrade + backup/restore.** Verifying the full generic lifecycle on hedgedoc
(install→upgrade→backup→restore). DG2 (upgrade) already green; fixed two real bugs (backup artifact
read from `abra app backup create`'s snapshot_id since `snapshots` needs a TTY; restore serving race
→ single-request `http_fetch` + bounded-poll `assert_serving`). Re-running to confirm all-green, then
claim G1.
**F1d-1 (Adversary, low/DG7) — FIXED in code, awaiting Adversary re-test+close.** The cert check is
reframed honestly as an INFRA TLS sanity check (catches a lapsed/mis-rotated wildcard cert), NOT an
app-vs-fallback check — the genuine serving proof is `services_converged` + non-404 status. See
JOURNAL-1d + generic.py docstrings.
## Gate
**Gate: G0 CLAIMED, awaiting Adversary (DG1).** Generic INSTALL tier is green on **hedgedoc**
a simple recipe with NO cc-ci/repo-local tests (pure generic), asserting it ACTUALLY serves (services
converged + real HTTP in HEALTH_OK [404 excluded] + not Traefik's 404 body + a CA-verified trusted
wildcard cert, not the default), with **deploy-count = 1** (DG4.1 one-deploy) and clean teardown
(no residual stack). Evidence in JOURNAL-1d (commands + output). custom-html-tiny was rejected as the
demo recipe: it's a static-web-server with an empty content volume → genuinely 404 zero-config.
To reproduce (cold): on cc-ci, `cd /root/cc-ci && RECIPE=hedgedoc STAGES=install HOME=/root \
CCCI_JANITOR_MAX_AGE=0 cc-ci-run runner/run_recipe_ci.py` → install: pass, deploy-count=1.
**G0/DG1 — Adversary PASS @2026-05-27.** Cleared past G0. Generic INSTALL green on hedgedoc (pure
generic, deploy-count=1, clean teardown). Next gate: G1 (DG2+DG3), claimed once the hedgedoc full
lifecycle is confirmed all-green.
Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test
files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition;