review(drone): M2 PASS @2026-06-11T22:30Z — build #506 L5; bridge !testme verified; §7.1 signed
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Adversary M2 verdict: PASS. Evidence independently verified: - results.json build #506: level=5, install+upgrade+custom+lint PASS, backup intentional skip, clean_teardown=True, no_secret_leak=True, no unintentional skips - Drone API: event=custom, status=success, params={PR:1,RECIPE:drone,REF:049438e1cb47}, sender=autonomic-bot — genuine bridge !testme trigger, not manual - POLL_REPOS: recipe-maintainers/drone confirmed in bridge.nix - Screenshot: real drone landing page ("Hello, Welcome to Drone") visually verified - Gitea dep gite-4c9694 provisioned per-run; SCM test used dep client_id (not production) DEFERRED build-creation gap §7.1 sign-off: drone OAuth + .drone.yml build-creation API accepted as a proportionate deferral (harness capability gap, not recipe gap). Maximal subset (install+upgrade+SCM-configured+lint) proven in build #506. Remaining DEFERRED: build-creation API automation only. Phase drone DONE. PR open for operator merge. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
@ -1,88 +0,0 @@
|
||||
# ADVERSARY-INBOX — phase drone
|
||||
|
||||
**To:** Adversary agent
|
||||
**From:** Builder agent
|
||||
**Date:** 2026-06-11T22:25Z
|
||||
**Re:** M2 PASS verdict request — CI build #506
|
||||
|
||||
---
|
||||
|
||||
## Request
|
||||
|
||||
Builder claims M2. Please perform a fresh independent verification of the M2 CI run (build #506)
|
||||
and issue a PASS or FAIL verdict in REVIEW-drone.md.
|
||||
|
||||
## Evidence
|
||||
|
||||
**Build:** #506 on `drone.ci.commoninternet.net/recipe-maintainers/cc-ci/506`
|
||||
**Trigger:** !testme comment (ID 14374) on PR #1 of recipe-maintainers/drone (bridge event: custom)
|
||||
**PR branch:** `testme-1.9.0-cc-ci` @ `049438e1cb47`
|
||||
**Timestamp:** 2026-06-11T22:21Z–22:23Z
|
||||
|
||||
**Results summary:**
|
||||
|
||||
```
|
||||
recipe=drone ref=049438e1cb47 pr=1 event=custom
|
||||
deploy-count = 2 (expect 2)
|
||||
deps deployed: ['gitea']
|
||||
install : pass test_serving
|
||||
upgrade : pass test_upgrade_reconverges (1.8.0+2.25.0 → 1.9.0+2.26.0)
|
||||
backup : skip intentional (not backup-capable, PARITY.md)
|
||||
restore : skip intentional
|
||||
custom : pass test_login_redirects_to_gitea_dep
|
||||
lint : pass
|
||||
level=5
|
||||
clean_teardown=true
|
||||
no_secret_leak=true
|
||||
```
|
||||
|
||||
**Results JSON:** `ssh cc-ci "cat /var/lib/cc-ci-runs/506/results.json"`
|
||||
|
||||
**Screenshot:** `machine-docs/screenshots/drone-m2-build506.png`
|
||||
|
||||
**Mirror PRs:**
|
||||
- `https://git.autonomic.zone/recipe-maintainers/drone/pulls/1`
|
||||
- `https://git.autonomic.zone/recipe-maintainers/gitea/pulls/1`
|
||||
|
||||
## M2 DoD checklist (Builder self-assessment)
|
||||
|
||||
- [x] CI run triggered via !testme on recipe mirror PR (not manual harness run)
|
||||
- [x] Build event=custom (bridge-triggered, not push)
|
||||
- [x] level=5 — all mandatory tiers pass
|
||||
- [x] deploy-count 2/2 — DG4.1 satisfied
|
||||
- [x] custom tier: `test_login_redirects_to_gitea_dep` PASS — SCM test verified against dep gitea (not production), correct client_id
|
||||
- [x] Dep gitea torn down cleanly after run (`clean_teardown=true`)
|
||||
- [x] No secrets in logs (`no_secret_leak=true`)
|
||||
- [x] Screenshot captured: `/var/lib/cc-ci-runs/506/screenshot.png`
|
||||
- [x] bridge.nix committed with `recipe-maintainers/drone` in POLL_REPOS (`4f8943d`)
|
||||
|
||||
## Verification commands
|
||||
|
||||
```bash
|
||||
# Read results.json from build #506:
|
||||
ssh cc-ci "cat /var/lib/cc-ci-runs/506/results.json"
|
||||
|
||||
# Confirm event=custom (bridge-triggered):
|
||||
DRONE_TOKEN=$(cat /run/secrets/bridge_drone_token)
|
||||
curl -s -H "Authorization: Bearer $DRONE_TOKEN" \
|
||||
'https://drone.ci.commoninternet.net/api/repos/recipe-maintainers/cc-ci/builds/506' \
|
||||
| grep -o '"event":"[^"]*"'
|
||||
# Expected: "event":"custom"
|
||||
|
||||
# Check bridge.nix includes drone:
|
||||
grep 'drone' /srv/cc-ci-orch/cc-ci/nix/modules/bridge.nix
|
||||
# Expected: recipe-maintainers/drone in POLL_REPOS
|
||||
|
||||
# Confirm mirror PR #1 exists:
|
||||
# https://git.autonomic.zone/recipe-maintainers/drone/pulls/1
|
||||
```
|
||||
|
||||
## DEFERRED note
|
||||
|
||||
The build-creation gap (time between !testme comment and custom build start) was narrowed in this
|
||||
run. The original DEFERRED item tracked the theoretical gap where bridge could miss a comment.
|
||||
Adversary is asked to assess whether this item can be closed or should remain open.
|
||||
|
||||
---
|
||||
|
||||
_Builder agent: autonomic-bot / Claude (Builder loop)_
|
||||
@ -310,6 +310,8 @@ before the build is called done) — but does **not** force closure.
|
||||
|
||||
### 2026-05-29 — drone (Q4.10) blocked on host /etc/timezone deploy (gitea SCM dep) + scoped integration
|
||||
- [x] **RE-ENTERED @2026-06-11:** operator approved — executing as phase `drone` (cc-ci-plan/plan-phase-drone-enroll.md); P0 host /etc/timezone deploy is orchestrator-owned.
|
||||
- [x] **MAXIMAL SUBSET COMPLETE @2026-06-11T22:30Z — Adversary M2 PASS, build #506 L5.** All mandatory tiers (install+upgrade+functional+lint) pass; backup structural skip justified in PARITY.md; bridge-triggered !testme CI run confirmed `event:custom`. DEFERRED item progressed: (1) P0 host fix: DONE; (2) Integration MAXIMAL SUBSET: DONE. **Build-creation gap (§4.3) remains open** — deferred sub-item per original filing.
|
||||
- **Adversary §7.1 sign-off on build-creation gap @2026-06-11T22:30Z:** The drone API build-creation flow (creating/running CI pipelines via drone's own API — requires drone OAuth token + `.drone.yml` + webhook) is accepted as a genuine, proportionate deferral. It is a harness capability gap, not a recipe gap. Drone boots with gitea SCM wired correctly (proven L5 in build #506); build-creation automation is a follow-on. SIGNED OFF. Remaining DEFERRED: build-creation API automation only.
|
||||
- [ ] **What:** drone (Q4.10, LAST §5 recipe) cannot be enrolled until two things land:
|
||||
(1) **HOST FIX — operator-deploy needed:** drone is a CI server that REQUIRES a git-provider SCM
|
||||
to boot; the only viable dep is **gitea**, which the recipe binds `/etc/timezone:ro` from the
|
||||
|
||||
@ -52,6 +52,48 @@
|
||||
|
||||
---
|
||||
|
||||
### M2 PASS @2026-06-11T22:30Z
|
||||
|
||||
**Build:** #506 on `drone.ci.commoninternet.net`, event=custom (bridge-triggered !testme)
|
||||
**PR:** recipe-maintainers/drone #1 (`testme-1.9.0-cc-ci` @ `049438e1cb47`)
|
||||
**Timestamp:** 2026-06-11T22:21Z–22:23Z
|
||||
|
||||
**Adversary verification steps (all PASS):**
|
||||
|
||||
1. **Results JSON independently read from `/var/lib/cc-ci-runs/506/results.json`:**
|
||||
`level=5`, `install:pass`, `upgrade:pass`, `backup:skip`, `restore:skip`, `custom:pass`,
|
||||
`lint:pass`, `backup_restore:skip` intentional ("not backup-capable"), `clean_teardown:True`,
|
||||
`no_secret_leak:True`, `skips.unintentional:[]`, `pr:1`, `ref:049438e1cb47` ✅
|
||||
|
||||
2. **Bridge-triggered independently confirmed via Drone API:**
|
||||
`event:custom`, `status:success`, `params:{PR:'1', RECIPE:'drone',
|
||||
REF:'049438e1cb473626f23f7b076ca9d880b50a69f1', SRC:'recipe-maintainers/drone'}`,
|
||||
`sender:autonomic-bot`. Not a push event; not a manual run — genuine bridge !testme trigger. ✅
|
||||
|
||||
3. **POLL_REPOS verified in `nix/modules/bridge.nix`:**
|
||||
`recipe-maintainers/drone` present in the POLL_REPOS csv list. ✅
|
||||
|
||||
4. **Screenshot (`drone-m2-build506.png`) visually inspected:**
|
||||
Real drone landing page — "Hello, Welcome to Drone. You will be redirected to your source
|
||||
control management system to authenticate." + CONTINUE button. Not blank/placeholder. ✅
|
||||
|
||||
5. **Gitea dep provisioned per-run (not production):** STATUS-drone.md confirms gitea dep at
|
||||
`gite-4c9694.ci.commoninternet.net`, OAuth2 app `client_id=d144083e-5ba5-4d1e-aed2-5e8f8331923a`
|
||||
created per-run. Not `git.autonomic.zone`. ✅
|
||||
|
||||
6. **DEFERRED build-creation gap — §7.1 sign-off:**
|
||||
Per DEFERRED.md (2026-05-29 Q4.10), the drone scope was always "MAXIMAL SUBSET (drone boots
|
||||
with gitea SCM: install+upgrade+health+SCM-configured) + Adversary §7.1 sign-off on the
|
||||
build-creation gap." M2 proves the maximal subset (build #506, L5, all mandatory tiers). The
|
||||
build-creation API gap (creating/running actual CI pipelines via drone's own API — needs a drone
|
||||
OAuth token + `.drone.yml` + webhook trigger) is accepted as a genuine deferral: disproportionate
|
||||
to the current scope, requires infrastructure not yet in place, and is not a recipe gap.
|
||||
**§7.1 SIGNED OFF. DEFERRED item updated.** ✅
|
||||
|
||||
**M2 PASS. Phase drone DONE. PR open for operator merge.**
|
||||
|
||||
---
|
||||
|
||||
## Pre-verification probes (Adversary-initiated, before any Builder claim)
|
||||
|
||||
### P0 verification — /etc/timezone on cc-ci host
|
||||
|
||||
Reference in New Issue
Block a user