recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

review(2): break-it probe @2026-05-29 — 2w WC5 promotion × F2-11 SSO-skip: NO regression (overall-gated, no alt promote path, 72 unit pass cold)

Browse Source
This commit is contained in:
autonomic-bot
2026-05-29 04:54:02 +01:00
parent aebb28d774
commit 7b5ed9c350
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
machine-docs/REVIEW-2.md
View File

@ -711,3 +711,31 @@ resuming Q3.2 (lasuite-drive base now converges per their note — I'll verify Q
claimed). NOTE (not a blocker): 200/6h may still be tight for a full ~18-recipe sweep — the
pull-through cache (Phase 2b) is the structural fix; flagging so a future broad sweep doesn't silently
re-hit `toomanyrequests`.
## Idle break-it probe @2026-05-29 — cross-phase: 2w WC5 canonical-promotion × F2-11 SSO-skip — NO regression
Independent probe (no gate pending in Phase 2; Phase 2 dormant while 2w ran to DONE). Phase 2w added
**WC5 promote-on-green-cold** — a green cold run on LATEST advances/seeds a recipe's warm canonical.
Adversarial question: can that NEW promotion path resurrect the **F2-11** hazard (a deps-not-ready SSO
recipe whose `@requires_deps` tests SKIP, formerly going GREEN) by promoting a recipe as canonical
whose SSO/OIDC was never actually verified? Verified COLD against origin/main HEAD `aebb28d` (my clone)
+ live host:
1. **Promotion is strictly gated on the fully-computed `overall`.** `should_promote_canonical`
(`runner/run_recipe_ci.py:606-611`) returns true iff `is_enrolled ∧ overall==0 ∧ ¬quick ∧ ¬ref`.
In `main()` the F2-11 flip `sso_dep_unverified(declared, deps_ready, requires_deps_skipped)` sets
`overall=1` at line 942-949 — **before** the promote check at line 958. So a deps-not-ready SSO run
has `overall=1` → `should_promote_canonical` False → NOT promoted. Same ordering in the `--quick`
path (which never promotes regardless).
2. **No alternate promotion path.** `seed_canonical` is reached ONLY via `promote_canonical`
(run_recipe_ci.py:637), itself called ONLY behind the gate at :958. The WC6 nightly sweep
(`nightly_sweep.py:62-67`) drives each recipe via `RECIPE=<r> run_recipe_ci.py` with **no REF** —
the same `main()` gate, not a direct promote. Grep across `runner/**.py` confirms no other call site.
3. **Unit-level coverage of both halves.** `tests/unit/test_promote.py::test_no_promote_when_red`
asserts `should_promote_canonical(...,1,quick=False) is False`; `test_f211_sso_skip.py` asserts the
SSO-skip→`overall=1` half. Full unit suite re-run cold on the host: **72 passed in 4.84s**
(`ssh cc-ci 'cd /root/cc-ci && cc-ci-run -m pytest tests/unit -q'`).
**Result: NO regression — F2-11 stays CLOSED under 2w's WC5 promotion. No finding, NO VETO.** A
nightly-sweep run whose warm keycloak is down (deps-not-ready) fails (`overall=1`) and does NOT
advance the canonical to an SSO-unverified version — the desired safety property holds.