status(5): record lasuite-meet enrollment success
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
autonomic-bot
@ -255,3 +255,68 @@ Current state:
|
||||
- The repo-side enrollment fix is durable on origin/main.
|
||||
- Live verification that the bridge poller now watches `recipe-maintainers/lasuite-meet` is blocked on
|
||||
host reachability returning.
|
||||
|
||||
## 2026-06-01 — Host recovered; lasuite-meet enrolled and green
|
||||
|
||||
Recovery point:
|
||||
- `ssh cc-ci "hostname && systemctl is-system-running"`
|
||||
-> `nixos`
|
||||
-> `running`
|
||||
|
||||
Bridge rollout verification after recovery:
|
||||
- Initial live check still showed the old poll set in the running task logs, even though the host source
|
||||
and built stack contained `recipe-maintainers/lasuite-meet`.
|
||||
- Located the updated built artifacts on the host:
|
||||
- stack with `lasuite-meet`: `/nix/store/377c59lcpjj8bgs0dlq7l1z128y53016-cc-ci-bridge-stack.yml`
|
||||
- corresponding reconcile helper:
|
||||
`/nix/store/rk9vwyfvdryp4zln0ywlg6q2vyjmwfw4-cc-ci-reconcile-bridge/bin/cc-ci-reconcile-bridge`
|
||||
- Ran that helper directly on `cc-ci`; service spec then showed:
|
||||
- `POLL_REPOS=...recipe-maintainers/lasuite-docs,recipe-maintainers/lasuite-meet,recipe-maintainers/n8n...`
|
||||
- Waited for the new task banner:
|
||||
- `docker service logs ccci-bridge_app --since 20s`
|
||||
-> `poller (primary) watching ['recipe-maintainers/cc-ci', 'recipe-maintainers/custom-html',
|
||||
'recipe-maintainers/custom-html-tiny', 'recipe-maintainers/keycloak',
|
||||
'recipe-maintainers/cryptpad', 'recipe-maintainers/matrix-synapse',
|
||||
'recipe-maintainers/lasuite-docs', 'recipe-maintainers/lasuite-meet',
|
||||
'recipe-maintainers/n8n', 'recipe-maintainers/hedgedoc'] every 30s`
|
||||
|
||||
Real `lasuite-meet` trigger after enrollment:
|
||||
- `POST=1 MAX_WAIT=90 INTERVAL=5 /srv/cc-ci-orch/.claude/skills/recipe-upgrade/testme-on-pr.sh lasuite-meet 2`
|
||||
-> `VERDICT=RED`
|
||||
-> `BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/55`
|
||||
|
||||
Authenticated Drone build inspection from `cc-ci`:
|
||||
- `curl -H "Authorization: Bearer $(cat /run/secrets/bridge_drone_token)" \
|
||||
https://drone.ci.commoninternet.net/api/repos/recipe-maintainers/cc-ci/builds/55`
|
||||
showed a real run failure, not a trigger issue.
|
||||
- Step-log fetch (`.../builds/55/logs/1/2`) showed the root cause:
|
||||
- `tests/lasuite-meet/install_steps.sh` failed at
|
||||
`abra app secret insert oidc_rpcs@v2`
|
||||
- exact error:
|
||||
`FATA unable to fetch tags in /root/.abra/recipes/lasuite-meet: authentication required: Unauthorized`
|
||||
- Classification: NOT a stale-test case; this was a harness/install-hook issue.
|
||||
|
||||
Harness fix:
|
||||
- Patched the La Suite OIDC secret-insert hooks to use offline/current-checkout mode (`-C -o`), matching
|
||||
the rest of the harness and avoiding private-origin tag fetches:
|
||||
- `tests/lasuite-meet/install_steps.sh`
|
||||
- `tests/lasuite-drive/install_steps.sh`
|
||||
- `tests/lasuite-docs/setup_custom_tests.sh`
|
||||
- Verified syntax:
|
||||
- `bash -n` on all three scripts -> exit 0
|
||||
- Committed + pushed:
|
||||
- `7225138 fix(tests): keep La Suite OIDC secret inserts offline`
|
||||
|
||||
Re-test on the real path:
|
||||
- `POST=1 MAX_WAIT=90 INTERVAL=5 /srv/cc-ci-orch/.claude/skills/recipe-upgrade/testme-on-pr.sh lasuite-meet 2`
|
||||
-> `VERDICT=PENDING`
|
||||
-> `BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/58`
|
||||
- `POST=0 MAX_WAIT=360 INTERVAL=10 /srv/cc-ci-orch/.claude/skills/recipe-upgrade/testme-on-pr.sh lasuite-meet 2`
|
||||
-> `VERDICT=GREEN`
|
||||
-> `BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/58`
|
||||
|
||||
Conclusion:
|
||||
- `lasuite-meet` is now fully enrolled in the live bridge poll path.
|
||||
- The RED after enrollment was a real harness bug, now fixed.
|
||||
- After the fix, the actual recipe upgrade PR is GREEN, so `lasuite-meet` still does NOT provide the V5
|
||||
stale-test branch.
|
||||
|
||||
@ -6,10 +6,9 @@
|
||||
|
||||
## Current focus
|
||||
|
||||
Minimal enrollment fix for `lasuite-meet` is committed (`f28a2a3`). Current work is verifying the live
|
||||
bridge rollout so Phase-5 V5/V6 can continue on `lasuite-meet` PR #2. Verification is currently paused
|
||||
on host reachability: after `nixos-rebuild test --flake path:/root/builder-clone#cc-ci`, `cc-ci`
|
||||
stopped answering Tailscale SSH.
|
||||
V5 next: continue searching for a genuine stale-test case on an enrolled sandbox recipe. `lasuite-meet`
|
||||
is now enrolled and its upgrade PR is GREEN after a minimal harness fix, so it does not provide the V5
|
||||
stale-test branch either.
|
||||
|
||||
## Fixes applied (A5-1, A5-2, related)
|
||||
|
||||
@ -104,11 +103,18 @@ preferred, `/root/cc-ci` fallback) instead of hard-coding `/root/cc-ci`.
|
||||
enrolled poll list. That makes it unusable for V5/V6 until explicitly enrolled.
|
||||
- Enrollment fix authored and pushed: `f28a2a3 fix(bridge): enroll lasuite-meet for !testme` adds
|
||||
`recipe-maintainers/lasuite-meet` to `nix/modules/bridge.nix` `POLL_REPOS`.
|
||||
- Live enrollment verification: bridge poller now logs
|
||||
`recipe-maintainers/lasuite-meet` in `POLL_REPOS`; re-`!testme` on PR #2 triggered build `#55`.
|
||||
- Harness follow-up fix: `7225138 fix(tests): keep La Suite OIDC secret inserts offline` adds `-C -o`
|
||||
to the La Suite OIDC `abra app secret insert` hooks (`lasuite-meet`, `lasuite-drive`,
|
||||
`lasuite-docs`) so install-time OIDC wiring uses the checked-out recipe without private-origin fetches.
|
||||
- Result: `POST=1 ... testme-on-pr.sh lasuite-meet 2` now returns `VERDICT=GREEN`
|
||||
`BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/58`.
|
||||
|
||||
## Verification next step
|
||||
|
||||
- When `ssh cc-ci` returns, verify the live bridge poller logs include `recipe-maintainers/lasuite-meet`,
|
||||
then re-run `POST=1/POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh lasuite-meet 2`.
|
||||
- Continue the V5/V6 search on another enrolled recipe with a real upgrade path and more version-shaped
|
||||
assertions; `n8n`, `cryptpad`, and `lasuite-meet` all stayed GREEN on real upgrade PRs.
|
||||
|
||||
## Phase 5 gates
|
||||
|
||||
@ -116,10 +122,4 @@ preferred, `/root/cc-ci` fallback) instead of hard-coding `/root/cc-ci`.
|
||||
|
||||
## Blocked
|
||||
|
||||
- `cc-ci` host is currently unreachable over Tailscale after `nixos-rebuild test --flake
|
||||
path:/root/builder-clone#cc-ci` (used to activate the `lasuite-meet` bridge enrollment without touching
|
||||
the bootloader). Current probes from the orchestrator:
|
||||
- `ssh cc-ci ...` -> `connect to host 100.95.31.88 port 22: Connection timed out`
|
||||
- `tailscale status` shows `100.95.31.88 cc-ci ... active; relay "nue"; offline`
|
||||
- `tailscale ping -c 3 cc-ci` -> `no reply`
|
||||
The code change is pushed; live verification is blocked until host reachability returns.
|
||||
(none)
|
||||
|
||||
Reference in New Issue
Block a user