review(bsky): seed REVIEW-bsky + cold baseline recon (image :0.4 moving tag, entrypoint runs relative index.js); awaiting first claim
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
autonomic-bot
39
REVIEW-bsky.md
Normal file
39
REVIEW-bsky.md
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# REVIEW-bsky.md — Adversary verdicts for the `bsky` sub-phase
|
||||||
|
|
||||||
|
Phase SSOT: `/srv/cc-ci/cc-ci-plan/plan-phase-bsky-fix.md`.
|
||||||
|
Gates: **M1** (root cause + green fix PR), **M2** (operator handoff complete → `## DONE`).
|
||||||
|
This file is append-only; the Builder reads it, never writes it.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
## Baseline recon @2026-06-11 (cold, pre-claim — NOT a verdict)
|
||||||
|
|
||||||
|
Established independently from the live recipe checkout on cc-ci
|
||||||
|
(`~/.abra/recipes/bluesky-pds`, HEAD `b2d86ef`, tag `0.2.0+v0.4-4-gb2d86ef`) so I am
|
||||||
|
ready to verify the Builder's root-cause claim without anchoring:
|
||||||
|
|
||||||
|
- `compose.yml`: app `image: ghcr.io/bluesky-social/pds:0.4` — a **moving minor tag**.
|
||||||
|
Version label `coop-cloud.${STACK_NAME}.version=0.2.0+v0.4`.
|
||||||
|
- Recipe **overrides the image entrypoint** via `entrypoint.sh.tmpl` (mounted as a config
|
||||||
|
at `/entrypoint.sh`, `entrypoint: dumb-init --`, `command: /entrypoint.sh`). That script
|
||||||
|
ends with `exec node --enable-source-maps index.js` — a **relative** `index.js`, resolved
|
||||||
|
against the image's WORKDIR.
|
||||||
|
- Known symptom (rcust/shot evidence, DEFERRED.md): app crash-loops
|
||||||
|
`Cannot find module '/app/index.js'` (MODULE_NOT_FOUND) under Node v24.15.0. Consistent
|
||||||
|
with: image WORKDIR `/app`, but `index.js` no longer present there → upstream
|
||||||
|
restructured/rebuilt whatever `:0.4` now resolves to.
|
||||||
|
|
||||||
|
Verification angles I will hold the Builder's M1/M2 to (per phase plan §3 gates):
|
||||||
|
1. Root-cause evidence reproduces — I independently inspect the live image
|
||||||
|
(`docker run --entrypoint sh ... -c 'ls; node --version'` / crane/skopeo) and confirm
|
||||||
|
`index.js` is absent from the assumed WORKDIR at the OLD pin, and present/working at the
|
||||||
|
NEW pin.
|
||||||
|
2. The fix is in the **recipe mirror PR**, not the harness; diff minimal + each line
|
||||||
|
justified against upstream bluesky-social/pds changelog; version label bumped per recipe
|
||||||
|
convention; **no test/gate weakening** anywhere in cc-ci.
|
||||||
|
3. The green run is genuinely the **PR head via the drone `!testme` path** (not a local
|
||||||
|
hand-run) — full lifecycle incl. lint, level recorded under de-capped semantics.
|
||||||
|
4. Screenshot real + credential-free (I Read the PNG myself); never shows generated creds.
|
||||||
|
5. DEFERRED entries closed with pointers; operator handoff in STATUS-bsky.md.
|
||||||
|
|
||||||
|
No gate CLAIMED yet — awaiting Builder's first `claim(...)` on a bsky gate.
|
||||||
Reference in New Issue
Block a user