From 98a37d44b51e030809437280e17dfc6fce1a31c6 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Fri, 29 May 2026 14:40:54 +0100 Subject: [PATCH] feat(2): Q3.5 immich enrollment (recipe_meta + ops + lifecycle overlays + health parity) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit immich (object-storage/large-volume photo mgmt; D10 category): 3 services (app incl. ML + web, redis, database/postgres), self-contained (no SSO dep — local admin; OIDC optional). recipe_meta (HTTP health, DEPLOY_TIMEOUT=1500), ops.py postgres ci_marker (postgres/immich, backupbot-labelled), lifecycle overlays, health_check parity. §4.3 upload-asset→list→thumbnail test next (after live-API discovery). Co-Authored-By: Claude Opus 4.8 (1M context) --- tests/immich/functional/test_health_check.py | 20 +++++++++++ tests/immich/ops.py | 38 ++++++++++++++++++++ tests/immich/recipe_meta.py | 12 +++++++ tests/immich/test_backup.py | 17 +++++++++ tests/immich/test_install.py | 31 ++++++++++++++++ tests/immich/test_restore.py | 17 +++++++++ tests/immich/test_upgrade.py | 17 +++++++++ 7 files changed, 152 insertions(+) create mode 100644 tests/immich/functional/test_health_check.py create mode 100644 tests/immich/ops.py create mode 100644 tests/immich/recipe_meta.py create mode 100644 tests/immich/test_backup.py create mode 100644 tests/immich/test_install.py create mode 100644 tests/immich/test_restore.py create mode 100644 tests/immich/test_upgrade.py diff --git a/tests/immich/functional/test_health_check.py b/tests/immich/functional/test_health_check.py new file mode 100644 index 0000000..cc5534e --- /dev/null +++ b/tests/immich/functional/test_health_check.py @@ -0,0 +1,20 @@ +"""immich — parity port of recipe-maintainer's health_check.py (Phase 2 P2). + +SOURCE: references/recipe-maintainer/recipe-info/immich/tests/health_check.py + +The original asserted HTTP 200 from `https://immich.`. The cc-ci port preserves the +assertion shape — non-error HTTP from the served root — adapted to the ephemeral per-run domain.""" + +from __future__ import annotations + +import os +import sys + +sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner")) +from harness import http as harness_http # noqa: E402 + + +def test_immich_returns_200(live_app): + url = f"https://{live_app}/" + status, _ = harness_http.retry_http_get(url, expect_status=(200, 301, 302), max_wait=60, interval=3) + assert status in (200, 301, 302), f"immich at {url} returned HTTP {status} (expected 200/301/302)" diff --git a/tests/immich/ops.py b/tests/immich/ops.py new file mode 100644 index 0000000..a0bdb03 --- /dev/null +++ b/tests/immich/ops.py @@ -0,0 +1,38 @@ +"""immich — pre-op seed hooks (Phase 1e HC3). Marker is a dedicated `ci_marker` row in postgres +(POSTGRES_USER=postgres, POSTGRES_DB=immich, password /run/secrets/db_password), written via psql in +the `database` service. The DB is backupbot-labelled (the recipe dumps postgres), so the marker rides +the backup→restore cycle. (The uploads/model-cache volumes are excluded from backup by the recipe; +the DB marker is the data-integrity probe.)""" + +import os +import sys + +sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner")) +from harness import lifecycle # noqa: E402 + + +def _psql(domain, sql): + cmd = f'PGPASSWORD=$(cat /run/secrets/db_password) psql -U postgres -d immich -tAc "{sql}"' + return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="database").strip() + + +def _seed(domain, value): + _psql( + domain, + "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; " + f"INSERT INTO ci_marker VALUES('{value}');", + ) + assert _psql(domain, "SELECT v FROM ci_marker;") == value + + +def pre_upgrade(domain, meta): + _seed(domain, "upgrade-survives") + + +def pre_backup(domain, meta): + _seed(domain, "original") + + +def pre_restore(domain, meta): + _psql(domain, "DROP TABLE ci_marker;") + assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in ("", "NULL"), "drop did not take" diff --git a/tests/immich/recipe_meta.py b/tests/immich/recipe_meta.py new file mode 100644 index 0000000..1887695 --- /dev/null +++ b/tests/immich/recipe_meta.py @@ -0,0 +1,12 @@ +# Per-recipe harness config for immich (Phase 2 Q3.5 — object-storage / large-volume photo+video +# management; a D10 category). Self-contained: app (immich-server, incl. machine-learning + the +# web SPA) + redis + database (postgres). NO external SSO dep needed — immich boots with a local +# admin account (OIDC is optional and NOT in the base .env.sample), so the §4.3 functional test uses +# immich's own admin API, not an OIDC provider. (oidc_login parity is authentik-specific in the +# corpus; per the operator SSO policy keycloak is the default and immich OIDC is optional — see +# PARITY.md non-ports.) +HEALTH_PATH = "/" +HEALTH_OK = (200, 301, 302) +# immich-server boots the API + web + (first-run) machine-learning model fetch; allow a wide window. +DEPLOY_TIMEOUT = 1500 +HTTP_TIMEOUT = 600 diff --git a/tests/immich/test_backup.py b/tests/immich/test_backup.py new file mode 100644 index 0000000..e0a8af5 --- /dev/null +++ b/tests/immich/test_backup.py @@ -0,0 +1,17 @@ +"""immich — BACKUP overlay (Phase 1e HC3): data-integrity, assertion-only + additive. Reads the +postgres ci_marker via psql in the `database` service (postgres/immich).""" + +import os +import sys + +sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner")) +from harness import lifecycle # noqa: E402 + + +def _psql(domain, sql): + cmd = f'PGPASSWORD=$(cat /run/secrets/db_password) psql -U postgres -d immich -tAc "{sql}"' + return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="database").strip() + + +def test_backup_captures_state(live_app): + assert _psql(live_app, "SELECT v FROM ci_marker;") == "original", "seeded postgres state not present at backup time" diff --git a/tests/immich/test_install.py b/tests/immich/test_install.py new file mode 100644 index 0000000..7552ff2 --- /dev/null +++ b/tests/immich/test_install.py @@ -0,0 +1,31 @@ +"""immich — INSTALL overlay (Phase 1d, DG4): reuse the generic "really serving" assertion, then add +recipe-specific checks: the stack serves over HTTPS through the gateway and a real browser loads the +immich web SPA shell. Login is admin/OIDC-gated (exercised by the functional tests), so the install +assertion is that the SPA is served. Assertion-only on the shared deployment.""" + +import os +import sys + +sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner")) +from harness import browser as harness_browser, generic, lifecycle # noqa: E402 + + +def test_serving_and_frontend(live_app, meta): + generic.assert_serving(live_app, meta) + status = lifecycle.http_get(live_app, "/") + assert status in (200, 301, 302), f"expected 2xx/3xx from {live_app}, got {status}" + from playwright.sync_api import sync_playwright + + url = f"https://{live_app}/" + with sync_playwright() as p: + browser = p.chromium.launch(args=["--no-sandbox"]) + try: + ctx = browser.new_context(ignore_https_errors=True) + page = ctx.new_page() + resp = harness_browser.goto_with_retry( + page, url, accept_statuses=(200, 301, 302), goto_timeout_ms=60_000 + ) + assert resp is not None and resp.status in (200, 301, 302), f"page status {resp and resp.status}" + assert "