recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

probe(dstamp): blast-radius sweep — 4 enrolled recipes have failure_action=rollback+start-first; keycloak/n8n latent but currently PASS; assert_upgrade_converged covers all without overlay; drone has no upgrade tier
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
autonomic-bot
2026-06-11 17:18:10 +00:00
committed by autonomic-bot
parent d0d762c9c8
commit a4c0dfcf11
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
BACKLOG-dstamp.md
View File

@ -48,3 +48,26 @@ trigger); `lifecycle.assert_upgrade_converged` closes the wait_healthy blind spo
Minor race window in `assert_upgrade_converged` (first poll could see "none" before Docker
starts the roll) is covered: with stop-first, a post-race rollback also fails `wait_healthy`.
No blocker. Formal verdict awaits Builder's `claim(dstamp)` commit.
**Blast-radius sweep @2026-06-11T17:4x:**
All 24 enrolled recipes swept for `failure_action: rollback` + `order: start-first` in `compose.yml`:
| Recipe | failure_action | order | ccci overlay | upgrade tests | recent upgrade | risk |
|-----------|---------------|-------------|--------------|---------------|----------------|------|
| discourse | rollback | start-first | YES (fixed) | yes | FIXED | fixed |
| drone | rollback | start-first | no | NO tests | n/a | latent, no CI exposure |
| keycloak | rollback | start-first | no | yes | PASS L4 | latent, low (JVM, lighter than Rails) |
| n8n | rollback | start-first | no | yes | PASS L4 | latent, low (Node.js) |
| traefik | rollback | STOP-first | no | no | n/a | SAFE |
| all others | none or absent | — | — | — | — | not at risk |
`assert_upgrade_converged` (added in 0cc31a5) provides a general harness backstop: if any
recipe's rolling update rolls back or pauses, the upgrade is failed HONESTLY for all recipes
— not just discourse. So keycloak/n8n are already covered by the harness fix even without
overlay changes.
Recommended overlay addition for keycloak if/when OOM symptoms appear:
`deploy.update_config.order: stop-first` (same pattern as discourse). Not urgent — current
host load shows no rollback symptom for keycloak/n8n and they're lighter apps than discourse.
drone has no upgrade tier in cc-ci; no action needed there.