claim(M2-settings): live server verified — no-canonical recipe (keycloak) -> release tag 10.7.1+26.6.2; flag true bypasses gitea canonical to release-tag path, restored false. Deployed /etc/cc-ci@99d6bbc; awaiting Adversary
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@ -3,10 +3,10 @@
|
||||
**Phase:** server-level `settings.toml` + `SKIP_CANONICALS_FOR_UPGRADE` + release-tag-first no-canonical
|
||||
fallback. Plan: `/srv/cc-ci/cc-ci-plan/plan-phase-settings-ci-server-config.md`.
|
||||
|
||||
## Gate: M1 CLAIMED, awaiting Adversary
|
||||
## Gate: M1 PASS (Adversary @2026-06-17T17:00Z, REVIEW-settings.md) · M2 CLAIMED (see below)
|
||||
|
||||
**Commit:** `cd19c1b` (feat: settings loader + flag + fallback + unit tests). Tree clean, pushed to
|
||||
origin/main.
|
||||
**M1 commit:** `cd19c1b` (feat: settings loader + flag + fallback + unit tests) — Adversary cold-PASS,
|
||||
no VETO. **M2 deployed:** `99d6bbc` on `/etc/cc-ci`. Tree clean, pushed to origin/main.
|
||||
|
||||
### WHAT is claimed (M1 — implemented + unit-tested)
|
||||
1. **Settings loader** `runner/harness/settings.py` — stdlib `tomllib`, one `[upgrade]` table with
|
||||
@ -73,4 +73,64 @@ nix shell nixpkgs#python311Packages.pytest -c python3 -c "import sys; sys.path.i
|
||||
needing reformat — confirmed present at HEAD f68f1c5, NOT in this phase's diff. Not fixed here (narrow
|
||||
scope). My 5 phase files are ruff-clean + format-clean.
|
||||
|
||||
## M2 — NOT yet claimed (live server verification). Pending M1 PASS.
|
||||
---
|
||||
|
||||
## Gate: M2 CLAIMED, awaiting Adversary @2026-06-17T17:25Z
|
||||
|
||||
M1 is Adversary-PASS (REVIEW-settings.md verdict @17:00Z, fed2678/cd19c1b). M2 = verified live on cc-ci.
|
||||
|
||||
**Deployed:** `/etc/cc-ci` at **99d6bbc** (pushed to origin/main; the deployed checkout the nightly
|
||||
sweep runs from, and the absolute path the Drone recipe-CI runner reads). No nixos-rebuild needed — the
|
||||
change is pure runner Python loaded at runtime from the checkout. Live settings file
|
||||
`/etc/cc-ci/settings.toml` is **ABSENT** → default false (server steady state restored after the test).
|
||||
|
||||
### WHAT is claimed (M2)
|
||||
- The live server harness reads the settings file from the host path `/etc/cc-ci/settings.toml`
|
||||
(absent → default false), confirmed by the flag value flipping with the file's presence.
|
||||
- **(a)** A recipe **without** a canonical (`keycloak`, no `canonical.json`) resolves its upgrade base
|
||||
to the **newest release tag `< head`** (`10.7.1+26.6.2`), NOT the raw main-tip.
|
||||
- **(b)** With `SKIP_CANONICALS_FOR_UPGRADE = true` (scratch file), a **canonical-bearing** recipe
|
||||
(`gitea`, canonical `3.5.3+1.24.2-rootless`) resolves to the **release-tag base** (canonical
|
||||
BYPASSED) — proven by the reason changing from `last-green (warm canonical, status=idle)` to
|
||||
`no-canonical fallback: newest release tag older than head 3.6.0+1.24.2-rootless`. Scratch file then
|
||||
removed → restored to false (reason back to `last-green (warm canonical)`).
|
||||
- Default false ⇒ this server's canonical-bearing path is unchanged (gitea false → `last-green` base).
|
||||
|
||||
### HOW to verify (cold, on the server, from /etc/cc-ci or your own clone)
|
||||
The probe runs the EXACT deployed `resolve_upgrade_base` against live settings + live canonical registry
|
||||
(`/var/lib/ci-warm/<r>/canonical.json`) + live recipe tags (`~/.abra/recipes/<r>`). Faithful, no
|
||||
deploy/teardown.
|
||||
|
||||
```
|
||||
ssh cc-ci
|
||||
cd /etc/cc-ci && git rev-parse --short HEAD # 99d6bbc (or later)
|
||||
ls /etc/cc-ci/settings.toml # ABSENT -> default false
|
||||
|
||||
# CASE 1 — flag false (default, no file): (a) keycloak, plus gitea unchanged
|
||||
HOME=/root cc-ci-run scripts/show-upgrade-base.py keycloak gitea
|
||||
|
||||
# CASE 2 — flag true (scratch), then RESTORE
|
||||
printf '[upgrade]\nskip_canonicals_for_upgrade = true\n' > /etc/cc-ci/settings.toml
|
||||
HOME=/root cc-ci-run scripts/show-upgrade-base.py gitea keycloak
|
||||
rm -f /etc/cc-ci/settings.toml # restore default false
|
||||
HOME=/root cc-ci-run scripts/show-upgrade-base.py gitea
|
||||
```
|
||||
|
||||
### EXPECTED (verbatim BasePlan lines observed @17:20–17:25Z)
|
||||
- CASE 1 (false):
|
||||
- `keycloak` → `BasePlan(kind='version', version='10.7.1+26.6.2', ref='', reason='no-canonical fallback: newest release tag older than head 10.8.0+26.6.3')` (canonical=None; newest_release_tag<head=10.7.1+26.6.2; NOT main-tip 12ac6db8…)
|
||||
- `gitea` → `BasePlan(kind='version', version='3.5.3+1.24.2-rootless', ref='', reason='last-green (warm canonical, status=idle)')` (canonical=3.5.3 present → used)
|
||||
- CASE 2 (true):
|
||||
- `gitea` → `BasePlan(kind='version', version='3.5.3+1.24.2-rootless', ref='', reason='no-canonical fallback: newest release tag older than head 3.6.0+1.24.2-rootless')` (canonical 3.5.3 present but BYPASSED — reason is the release-tag path)
|
||||
- `keycloak` → same as CASE 1 (no canonical either way)
|
||||
- RESTORE (file removed → false):
|
||||
- `gitea` → reason back to `last-green (warm canonical, status=idle)`; flag reads `False`.
|
||||
|
||||
### WHERE
|
||||
- Deployed code: `/etc/cc-ci` @ 99d6bbc (origin/main). Probe: `scripts/show-upgrade-base.py`.
|
||||
- Live registry: `/var/lib/ci-warm/{keycloak (none),gitea}/canonical.json`. Recipe tags:
|
||||
`~/.abra/recipes/{keycloak,gitea}`. Settings path: `/etc/cc-ci/settings.toml` (absent now).
|
||||
|
||||
Server left in steady state: `/etc/cc-ci/settings.toml` ABSENT (default false), checkout clean @99d6bbc.
|
||||
|
||||
→ On a fresh Adversary PASS of M2 (with M1 PASS standing), I will write `## DONE`.
|
||||
|
||||
Reference in New Issue
Block a user