From 7aa0346902e8d00beb109d9b45c9d991fb2f8983 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 03:05:03 +0100 Subject: [PATCH] harness: backup/restore pass -C -o; catalogue fetch re-clones clean MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two fixes surfaced by the first real recipe-ci run through Drone: - abra app backup/restore now pass -C -o (current checkout, no remote fetch) like every other recipe-touching call — without -o they fetch recipe tags from the (private) remote and fail 'authentication required: Unauthorized'. - fetch_recipe's catalogue path rm's the recipe dir first so a leftover private-mirror remote from a prior SRC+REF run can't poison version resolution / backup. Co-Authored-By: Claude Opus 4.7 (1M context) --- runner/harness/abra.py | 7 +++++-- runner/run_recipe_ci.py | 5 +++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/runner/harness/abra.py b/runner/harness/abra.py index 6d7be0b..697b91d 100644 --- a/runner/harness/abra.py +++ b/runner/harness/abra.py @@ -108,11 +108,14 @@ def upgrade(domain: str, version: Optional[str] = None, timeout: int = 900) -> N def backup_create(domain: str, timeout: int = 900) -> None: - _run_pty(["app", "backup", "create", domain, "-n"], timeout=timeout) + # -C -o: use the current recipe checkout, no remote fetch — like every other recipe-touching + # call (DECISIONS.md). Without -o, abra tries to fetch recipe tags from the (possibly private) + # remote and fails "authentication required: Unauthorized". + _run_pty(["app", "backup", "create", domain, "-n", "-C", "-o"], timeout=timeout) def restore(domain: str, timeout: int = 900) -> None: - _run_pty(["app", "restore", domain, "-n"], timeout=timeout) + _run_pty(["app", "restore", domain, "-n", "-C", "-o"], timeout=timeout) def recipe_versions(recipe: str) -> list[str]: diff --git a/runner/run_recipe_ci.py b/runner/run_recipe_ci.py index 21d72e1..89851b2 100644 --- a/runner/run_recipe_ci.py +++ b/runner/run_recipe_ci.py @@ -57,6 +57,11 @@ def fetch_recipe(recipe: str, ref: str | None, src: str | None) -> None: subprocess.run([*git, "clone", "--quiet", url, dest], check=True) subprocess.run([*git, "-C", dest, "checkout", "--quiet", ref], check=True) else: + # Clean re-fetch from the catalogue. rm first so a leftover dir from a prior SRC+REF run + # (which points origin at the private mirror and may lack version tags) can't poison the + # catalogue fetch — that contamination makes `recipe versions`/backup hit the private remote + # and fail "authentication required". + subprocess.run(["rm", "-rf", dest], check=False) subprocess.run(["abra", "recipe", "fetch", recipe, "-n"], check=True)