M6: D4 recipe-local discovery + recipe #2 (keycloak, DB-backed) enrolled; M6 CLAIMED
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
D4 snapshots recipe-shipped tests/ and runs them against the live app. abra -C -o everywhere + token clone for private mirror PRs. keycloak install green with no harness surgery (D5). docs/enroll-recipe.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@ -49,7 +49,9 @@ def app_new(recipe: str, domain: str, server: str = "default", version: Optional
|
||||
args = ["app", "new", recipe]
|
||||
if version:
|
||||
args.append(version)
|
||||
args += ["-s", server, "-D", domain, "-n"]
|
||||
# -C (chaos): deploy the recipe AT THE CURRENT CHECKOUT (the PR head under test), not a
|
||||
# re-resolved version tag. -o (offline): don't fetch tags from the (private) remote.
|
||||
args += ["-s", server, "-D", domain, "-C", "-o", "-n"]
|
||||
if secrets:
|
||||
args.append("-S")
|
||||
_run(args)
|
||||
@ -78,12 +80,15 @@ def env_set(domain: str, key: str, value: str) -> None:
|
||||
|
||||
def secret_generate(domain: str, timeout: int = 300) -> None:
|
||||
# -m avoids the TTY/table (ioctl) path; output (which contains the generated values) is
|
||||
# captured by _run and never logged. check=False: recipes with no secrets are a no-op.
|
||||
_run(["app", "secret", "generate", domain, "--all", "-m", "-n"], timeout=timeout, check=False)
|
||||
# captured by _run and never logged. -C -o keep the recipe at the PR checkout (without -o it
|
||||
# re-resolves to a version tag, dropping the PR's files incl. tests/). check=False: recipes with
|
||||
# no secrets are a no-op.
|
||||
_run(["app", "secret", "generate", domain, "--all", "-m", "-C", "-o", "-n"],
|
||||
timeout=timeout, check=False)
|
||||
|
||||
|
||||
def deploy(domain: str, chaos: bool = True, timeout: int = 900) -> None:
|
||||
args = ["app", "deploy", domain, "-n"]
|
||||
args = ["app", "deploy", domain, "-o", "-n"]
|
||||
if chaos:
|
||||
args.append("-C")
|
||||
_run(args, timeout=timeout)
|
||||
|
||||
@ -18,8 +18,10 @@ from __future__ import annotations
|
||||
|
||||
import glob
|
||||
import os
|
||||
import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
import tempfile
|
||||
|
||||
ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||
sys.path.insert(0, os.path.join(ROOT, "runner"))
|
||||
@ -31,17 +33,29 @@ STAGE_FILES = {
|
||||
}
|
||||
|
||||
|
||||
def _gitea_token() -> str | None:
|
||||
tok = os.environ.get("GITEA_TOKEN")
|
||||
if not tok and os.path.exists("/run/secrets/bridge_gitea_token"):
|
||||
tok = open("/run/secrets/bridge_gitea_token").read().strip()
|
||||
return tok or None
|
||||
|
||||
|
||||
def fetch_recipe(recipe: str, ref: str | None, src: str | None) -> None:
|
||||
"""Make the recipe available at the code under test. If SRC+REF point at the mirror PR,
|
||||
clone it at that ref; otherwise fetch the catalogue copy."""
|
||||
clone it at that ref; otherwise fetch the catalogue copy. Private mirror repos need the bot
|
||||
token — passed via a per-command http.extraHeader (not persisted in .git/config, not printed)."""
|
||||
recipes_dir = os.path.expanduser("~/.abra/recipes")
|
||||
os.makedirs(recipes_dir, exist_ok=True)
|
||||
dest = os.path.join(recipes_dir, recipe)
|
||||
if src and ref:
|
||||
url = f"https://git.autonomic.zone/{src}.git"
|
||||
git = ["git"]
|
||||
tok = _gitea_token()
|
||||
if tok:
|
||||
git += ["-c", f"http.extraHeader=Authorization: token {tok}"]
|
||||
subprocess.run(["rm", "-rf", dest], check=False)
|
||||
subprocess.run(["git", "clone", "--quiet", url, dest], check=True)
|
||||
subprocess.run(["git", "-C", dest, "checkout", "--quiet", ref], check=True)
|
||||
subprocess.run([*git, "clone", "--quiet", url, dest], check=True)
|
||||
subprocess.run([*git, "-C", dest, "checkout", "--quiet", ref], check=True)
|
||||
else:
|
||||
subprocess.run(["abra", "recipe", "fetch", recipe, "-n"], check=True)
|
||||
|
||||
@ -57,6 +71,9 @@ def main() -> int:
|
||||
|
||||
print(f"== cc-ci run: recipe={recipe} ref={ref} pr={os.environ.get('PR', '0')} stages={stages}")
|
||||
fetch_recipe(recipe, ref, src)
|
||||
# Snapshot any recipe-shipped tests/ NOW — later abra commands (app ls, deploy, …) re-checkout
|
||||
# the recipe to a version tag, which would drop the PR's tests/. (D4)
|
||||
local_tests = snapshot_recipe_tests(recipe)
|
||||
|
||||
test_dir = os.path.join(ROOT, "tests", recipe)
|
||||
overall = 0
|
||||
@ -79,7 +96,7 @@ def main() -> int:
|
||||
# D4: recipe-local tests. If the recipe repo ships a tests/ dir, deploy the app and run those
|
||||
# tests against the LIVE deployment (contract: CCCI_BASE_URL + CCCI_APP_DOMAIN env), merging the
|
||||
# result into this run as another reported stage. Teardown is guaranteed.
|
||||
rc = run_recipe_local(recipe)
|
||||
rc = run_recipe_local(recipe, local_tests)
|
||||
if rc is not None:
|
||||
ran += 1
|
||||
if rc != 0:
|
||||
@ -91,9 +108,20 @@ def main() -> int:
|
||||
return overall
|
||||
|
||||
|
||||
def run_recipe_local(recipe: str) -> int | None:
|
||||
local_dir = os.path.expanduser(f"~/.abra/recipes/{recipe}/tests")
|
||||
if not os.path.isdir(local_dir) or not glob.glob(os.path.join(local_dir, "test_*.py")):
|
||||
def snapshot_recipe_tests(recipe: str) -> str | None:
|
||||
"""Copy the recipe-shipped tests/ to a stable temp dir, immune to abra re-checking-out the
|
||||
recipe to a version tag during the run. Returns the snapshot path, or None if no tests/."""
|
||||
src = os.path.expanduser(f"~/.abra/recipes/{recipe}/tests")
|
||||
if not os.path.isdir(src) or not glob.glob(os.path.join(src, "test_*.py")):
|
||||
return None
|
||||
dst = os.path.join(tempfile.gettempdir(), f"ccci-recipe-tests-{recipe}")
|
||||
shutil.rmtree(dst, ignore_errors=True)
|
||||
shutil.copytree(src, dst)
|
||||
return dst
|
||||
|
||||
|
||||
def run_recipe_local(recipe: str, local_tests: str | None) -> int | None:
|
||||
if not local_tests:
|
||||
return None # recipe ships no tests/ — D4 is a no-op for it
|
||||
print("\n===== STAGE: recipe-local (D4) =====", flush=True)
|
||||
domain = naming.app_domain(recipe, os.environ.get("PR", "0"), os.environ.get("REF"))
|
||||
@ -102,7 +130,7 @@ def run_recipe_local(recipe: str) -> int | None:
|
||||
lifecycle.deploy_app(recipe, domain, version=os.environ.get("VERSION") or None)
|
||||
lifecycle.wait_healthy(domain)
|
||||
env = dict(os.environ, CCCI_APP_DOMAIN=domain, CCCI_BASE_URL=f"https://{domain}")
|
||||
return subprocess.call([sys.executable, "-m", "pytest", "-v", "-rA", local_dir],
|
||||
return subprocess.call([sys.executable, "-m", "pytest", "-v", "-rA", local_tests],
|
||||
cwd=ROOT, env=env)
|
||||
finally:
|
||||
lifecycle.teardown_app(domain, verify=False)
|
||||
|
||||
Reference in New Issue
Block a user