recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(1d): G1 backup/restore + F1d-1 cert-check reframe

Browse Source 
- backup artifact: read snapshot_id from 'abra app backup create' output (snapshots needs a TTY);
  generic.parse_snapshot_id + do_backup assert it
- restore serving race: lifecycle.http_fetch (one request -> status+body, never raises) +
  assert_serving is now a bounded poll (settles a post-op reconverge, no bare sleep); drop wait_serving
- F1d-1 (Adversary, low): reframe served_cert/assert_serving honestly as an INFRA TLS sanity check
  (catches a lapsed/mis-rotated wildcard cert), NOT app-vs-fallback (Traefik serves the wildcard
  zone-wide); the genuine serving proof is services_converged + non-404 status. Awaiting re-test.

DG1 Adversary PASS @ef44d46. G1 full-lifecycle re-verification in flight.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-27 23:39:45 +01:00
parent a8f78b8673
commit 6c5d8f28ea
5 changed files with 144 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
runner/harness/lifecycle.py
View File

@ -190,6 +190,27 @@ def http_get(domain: str, path: str = "/", timeout: int = 15) -> int:
return 0
def http_fetch(domain: str, path: str = "/", timeout: int = 15) -> tuple[int, str]:
"""One HTTPS GET → (status, body) in a SINGLE request, never raising. Lets a caller check the
status and body together with no race between two requests (assert_serving) — and captures the
error body on a 4xx/5xx instead of throwing."""
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
req = urllib.request.Request(f"https://{domain}{path}", method="GET")
try:
with urllib.request.urlopen(req, timeout=timeout, context=ctx) as resp:
return resp.status, resp.read().decode(errors="replace")
except urllib.error.HTTPError as e:
try:
body = e.read().decode(errors="replace")
except Exception: # noqa: BLE001
body = ""
return e.code, body
except Exception: # noqa: BLE001
return 0, ""
def wait_healthy(
domain: str,
ok_codes=(200, 301, 302),
@ -221,8 +242,9 @@ def upgrade_app(domain: str, version: str | None = None) -> None:
abra.upgrade(domain, version=version)
def backup_app(domain: str) -> None:
abra.backup_create(domain)
def backup_app(domain: str) -> str:
"""Create a backup; return the abra/restic output (carries the produced snapshot_id)."""
return abra.backup_create(domain)
def restore_app(domain: str) -> None: