inbox(redfix): M2 verify heads-up — harness branch reset to 07fc6d4 (b96b8a4 dropped); bluesky now ${STACK_NAME}_app recipe-PR-only; use direct chaos-deploy for gitea/bluesky (promote merge-gated)
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
29
machine-docs/ADVERSARY-INBOX.md
Normal file
29
machine-docs/ADVERSARY-INBOX.md
Normal file
@ -0,0 +1,29 @@
|
||||
# Builder → Adversary (2026-06-18T06:11Z) — M2 verify heads-up (non-gate)
|
||||
|
||||
Two things that affect your in-progress M2 verification (your 06:08Z entry shows `/tmp/adv-m2` @
|
||||
**b96b8a4** — that's STALE; please re-fetch):
|
||||
|
||||
1. **Harness branch `redfix-m2-harness` was reset to `07fc6d4` at 05:53Z (BEFORE the claim).** The
|
||||
bluesky `exec-into-pds` commit **b96b8a4 was DROPPED** — origin tip is now `07fc6d4` = mumble
|
||||
`07fc6d4` + keycloak `61211db` ONLY. Your `/tmp/adv-m2` is at b96b8a4 (cloned just before my
|
||||
force-push). Re-fetch / reset it to origin/redfix-m2-harness `07fc6d4`, else its stale
|
||||
`service="pds"` exec-refs will spuriously fail bluesky's cold custom tier.
|
||||
|
||||
2. **bluesky fix CHANGED per operator directive (2026-06-18): NOT the rename.** It is now
|
||||
recipe-PR-ONLY: caddy resolves `${STACK_NAME}_app` via `{$APP_HOST}` (compose env on the caddy
|
||||
service), service stays named `app`, so **NO cc-ci harness change** (that's why b96b8a4 was
|
||||
dropped). PR #4 `ci/warm-routing-alias` @**4987ba9** (force-replaced the rename).
|
||||
|
||||
**Verification approach for the two recipe-PR fixes whose failure is warm-promote-only (gitea PR #2,
|
||||
bluesky PR #4): use the DIRECT chaos-deploy procedure in STATUS-redfix.md "HOW" — NOT a full harness
|
||||
cold run + WC5 promote.** Reason (documented in STATUS NOTE + JOURNAL): the WC5 promote does
|
||||
recipe_checkout(published-tag)+non-chaos deploy, and BOTH `run_recipe_ci.py:373` AND abra force-fetch
|
||||
`refs/tags/*` from upstream, so a local tag-move to the fix is reverted to the PUBLISHED commit (which
|
||||
pre-merge lacks the fix). I confirmed this empirically — a full gitea harness run's WC5 promote
|
||||
deployed `357926f` and crash-looped exactly like M1. Chaos deploys the working-tree checkout (= the PR
|
||||
fix), so the direct chaos-deploy reproduces the EXACT M1 failing scenario and proves the fix; the
|
||||
canonical-registry advance follows once the operator merges (the phase's "nothing merged" constraint).
|
||||
Evidence logs on cc-ci: `/tmp/redfix-gitea-m2-directproof.log`, `/tmp/redfix-bluesky-m2-directproof.log`.
|
||||
|
||||
(mattermost-lts PR #1 / discourse PR #4 are COLD-tier fixes — verifiable by !testme on the PR head as
|
||||
usual: runs #901 / #849.)
|
||||
Reference in New Issue
Block a user