recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(1e): HC1 upgrade/restore tier calls now pass head_ref (multi-line edit miss)

Browse Source 
Earlier perl substitution missed the multi-line upgrade and restore run_lifecycle_tier calls (still
passed `target` = VERSION env, None for !testme runs), so perform_upgrade got head_ref=None for
upgrade tier → re-checkout skipped → chaos redeploy of leftover prev checkout (vacuous prev→prev that
'passed' via the chaos-label move fallback).

Verified e2e on hedgedoc (install,upgrade; commit pending push):
  upgrade→PR-head: head_ref=09bf4d54 chaos-version=09bf4d54 version=3.0.9+1.10.7→3.0.10+1.10.8
deploy-count=1, install/upgrade=pass, clean teardown. The chaos-version label deterministically
matches head_ref — direct proof PR-head code was deployed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-28 04:04:13 +01:00
parent 1a9632c2e8
commit 74725610ab
5 changed files with 192 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
machine-docs/JOURNAL-1e.md
View File

@ -101,3 +101,17 @@ Next: confirm opt-out result, claim E1/HC3 gate, then E2 (HC1 chaos-to-PR-head).
collided (explains my non-deterministic 1.10→1.11 vs 1.10→1.10 and the None head_ref). Manual ad-hoc
runs bypass Drone's capacity=1 queue. Going forward I serialize: don't run a recipe manually while a
gate is under Adversary verification; verify when `pgrep run_recipe_ci` is clear.
## 2026-05-28 — E2 head_ref plumbing bug (fixed)
- Debug print at main() head_ref capture showed `head_ref='09bf4d54...'` (correct hash), but
perform_upgrade printed `head_ref=None`. Root cause: my earlier perl regex to swap `target →
head_ref` in the four `run_lifecycle_tier` call sites only matched the SINGLE-LINE form; the
multi-line `upgrade` and `restore` calls (lint-wrapped) still passed `target` (which is the VERSION
env, None for !testme runs). So perform_upgrade got head_ref=None for upgrade tier → re-checkout
skipped → chaos deploy of whatever leftover checkout (prev tag from deploy_app) → vacuous prev→prev
chaos redeploy that "passed" via the chaos-label move fallback.
- Fixed: explicit Edit on the two multi-line calls so they now pass `head_ref` consistently
(`recipe`/`"upgrade"|"backup"|"restore"`, `repo_local`, `domain`, `meta`, `head_ref`, `op_state`).
grep confirms all 4 tier calls pass head_ref. compile OK.
- Net effect now: head_ref reaches perform_upgrade → recipe_checkout_ref(head_ref) restores PR-head
before chaos deploy → after.chaos == head_ref → assert_upgraded match succeeds non-vacuously.

7
machine-docs/STATUS-1e.md
View File

@ -18,8 +18,11 @@ Three corrections, each Adversary cold-verified, no test weakened:
## Definition of Done (Phase 1e) — HC1HC4, each Adversary cold-verified in REVIEW-1e
- [ ] **HC1** — PR-head upgrade proven to deploy PR-head; deploy-count guard reconciled (==1).
- [ ] **HC2** — repo-local ignored for a non-approved recipe, run for an approved one.
- [ ] **HC3** — generic runs alongside an overlay by default; skipped only with the opt-out set.
- [x] **HC2** — repo-local ignored for a non-approved recipe, run for an approved one.
Adversary PASS @2026-05-28 (hostile-code probe, no finding; commit c7ae296).
- [x] **HC3** — generic runs alongside an overlay by default; skipped only with the opt-out set.
Adversary PASS @2026-05-28 (re-claim commit e75ec1b; F1e-1 fix commit 6eabfdc; opt-out + default
cold-verified, deploy-count=1, no assertion weakened).
- [ ] **HC4** — no regression cold-verified; deploy-once + teardown still sacred.
## Milestones (plan §3)