recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

status(2): link plan-lasuite-drive-oidc-robustness.md into Q3.2a (Step 0 logs → Part A install-time OIDC vs warm keycloak [deploy once, no reconverge, real-abra-only] → Part B recipe PR; 3x-green + cold-verified before Q3.2 claim)

Browse Source
This commit is contained in:
autonomic-bot
2026-05-29 09:06:43 +01:00
parent 542028a6a4
commit 779fb8917c
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
machine-docs/BACKLOG-2.md
View File

@ -81,11 +81,17 @@ Phase plan: `/srv/cc-ci/cc-ci-plan/plan-phase2-recipe-tests.md`
RED). Test assertions are all correct (run 1 proved health+MinIO+OIDC green); the flakiness is in
the redeploy infra. **Two open issues block a reliable Q3.2 green:** (a) [Q3.2a] flaky OIDC
redeploy — see below; (b) upgrade tier disk-blocker (DEFERRED/operator). See JOURNAL-2 2026-05-29.
- [ ] **Q3.2a** — Make lasuite-drive OIDC wiring reliable. The full 12-service `--chaos` redeploy to
apply OIDC env exposes collabora's flaky reconverge (+ transient backend gunicorn-perms / celery
WOPI-404). Fix direction: wire OIDC at INSTALL time (install_steps, no post-deploy redeploy — the
lasuite-docs model) OR make setup_custom_tests redeploy resilient (retry + wait for collabora WOPI
discovery 200 before ready). Then re-run subset to a reliable green before claiming Q3.2.
- [ ] **Q3.2a** — Make lasuite-drive OIDC wiring reliable. **PLAN:**
`cc-ci-plan/plan-lasuite-drive-oidc-robustness.md` (orchestrator, 2026-05-29). The full
12-service `--chaos` redeploy to apply OIDC env exposes collabora's flaky reconverge (+ transient
backend gunicorn-perms / WOPI-404). Structured as: **Step 0** capture real failure logs first;
**Part A** (cc-ci harness) — create the per-run realm/client in the live-WARM keycloak + set OIDC
env in `.env` BEFORE a single `abra app deploy` (deploy ONCE, NO mid-run `--chaos` reconverge);
REAL abra commands only (no `docker service update/scale` patching); verify full suite green **3×
in a row**. **Part B** — lasuite-drive RECIPE PR (collabora WOPI healthcheck-gating + backend
retry; gunicorn-perms entrypoint fix; lazy/retrying OIDC discovery); "working" ONLY once cc-ci
runs the full suite (incl. upgrade tier, now disk-unblocked) on the PR repeatedly-green +
Adversary cold-verified → operator merges. Q3.2 claimed + this item closed only after A+B green.
- [ ] **Q3.3** — lasuite-meet: parity (health_check, oidc_login, meeting_flow, webrtc-media,
webrtc-relay) + specific (create-a-room, two-user LiveKit token issuance, ICE-candidate gathering).
- [~] **Q3.4** — cryptpad: parity port (health_check) ✓ + 2 NEW recipe-specific