M6: D4 recipe-local discovery + recipe #2 (keycloak, DB-backed) enrolled; M6 CLAIMED
All checks were successful
continuous-integration/drone/push Build is passing

D4 snapshots recipe-shipped tests/ and runs them against the live app. abra -C -o
everywhere + token clone for private mirror PRs. keycloak install green with no
harness surgery (D5). docs/enroll-recipe.md.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-27 01:48:06 +01:00
parent 0c083069f3
commit 9b33fdf6e6
7 changed files with 142 additions and 18 deletions

View File

@ -49,7 +49,9 @@ def app_new(recipe: str, domain: str, server: str = "default", version: Optional
args = ["app", "new", recipe]
if version:
args.append(version)
args += ["-s", server, "-D", domain, "-n"]
# -C (chaos): deploy the recipe AT THE CURRENT CHECKOUT (the PR head under test), not a
# re-resolved version tag. -o (offline): don't fetch tags from the (private) remote.
args += ["-s", server, "-D", domain, "-C", "-o", "-n"]
if secrets:
args.append("-S")
_run(args)
@ -78,12 +80,15 @@ def env_set(domain: str, key: str, value: str) -> None:
def secret_generate(domain: str, timeout: int = 300) -> None:
# -m avoids the TTY/table (ioctl) path; output (which contains the generated values) is
# captured by _run and never logged. check=False: recipes with no secrets are a no-op.
_run(["app", "secret", "generate", domain, "--all", "-m", "-n"], timeout=timeout, check=False)
# captured by _run and never logged. -C -o keep the recipe at the PR checkout (without -o it
# re-resolves to a version tag, dropping the PR's files incl. tests/). check=False: recipes with
# no secrets are a no-op.
_run(["app", "secret", "generate", domain, "--all", "-m", "-C", "-o", "-n"],
timeout=timeout, check=False)
def deploy(domain: str, chaos: bool = True, timeout: int = 900) -> None:
args = ["app", "deploy", domain, "-n"]
args = ["app", "deploy", domain, "-o", "-n"]
if chaos:
args.append("-C")
_run(args, timeout=timeout)