feat(1d): migrate keycloak/cryptpad/matrix-synapse/n8n/lasuite-docs overlays to deploy-once contract (DG7)

Mechanical port to the assertion-only contract (no softened/skipped assertions): install uses
live_app + generic.assert_serving (extend) + the recipe's http/playwright/api checks; upgrade seeds
its data marker then generic.do_upgrade + asserts survival; backup/restore split into test_backup.py
(seed->do_backup->mutate) + new test_restore.py (do_restore->assert original). Recipe-specifics
preserved verbatim (keycloak realm+admin-console+kc_admin, matrix/lasuite db-service psql markers,
cryptpad/n8n volume markers). No recipe now double-deploys under the deploy-once orchestrator.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/matrix-synapse/test_backup.py

@@ -1,6 +1,7 @@
-"""matrix-synapse — backup/restore stage (D2): write a postgres marker, backup (the recipe's
-pg_backup.sh pre-hook dumps the DB to backup.sql), mutate (drop the marker), restore (post-hook
-reloads the dump), assert the restored DB matches the pre-mutation state.
+"""matrix-synapse — BACKUP overlay (Phase 1d, DG4): seed a postgres marker, back it up (the recipe's
+pg_backup.sh pre-hook dumps the DB to backup.sql; assert a snapshot artifact), then mutate (drop the
+marker) so the RESTORE overlay (test_restore.py) can prove the backed-up state returns. Runs on the
+shared deployment; the mutated state persists for the restore tier.
 
 This exercises the real DB-dump backup hook (backupbot.backup.pre-hook / restore.post-hook), not a
 plain volume copy — the meaningful data path for a postgres-backed app."""
@@ -9,7 +10,7 @@ import os
 import sys
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
-from harness import lifecycle  # noqa: E402
+from harness import generic, lifecycle  # noqa: E402
 
 
 def _psql(domain, sql):
@@ -17,17 +18,19 @@ def _psql(domain, sql):
     return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="db").strip()
 
 
-def test_backup_mutate_restore(deployed, meta):
-    domain = deployed
+def test_backup_captures_state(live_app, meta):
+    domain = live_app
 
-    # 1) establish original state in postgres, then back up (pg_backup.sh dumps the DB)
+    # 1) establish original state in postgres, then back up (reuse the generic op: backup +
+    #    assert a snapshot artifact; pg_backup.sh dumps the DB)
     _psql(
         domain,
         "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
         "INSERT INTO ci_marker VALUES('original');",
     )
     assert _psql(domain, "SELECT v FROM ci_marker;") == "original"
-    lifecycle.backup_app(domain)
+    snap = generic.do_backup(domain)
+    assert snap, "backup produced no snapshot artifact"
 
     # 2) mutate: drop the marker table (diverge from the backup)
     _psql(domain, "DROP TABLE ci_marker;")
@@ -35,16 +38,3 @@ def test_backup_mutate_restore(deployed, meta):
         "",
         "NULL",
     ), "drop did not take"
-
-    # 3) restore -> the dumped DB (with the marker) is reloaded
-    lifecycle.restore_app(domain)
-    lifecycle.wait_healthy(
-        domain,
-        ok_codes=tuple(meta["HEALTH_OK"]),
-        path=meta["HEALTH_PATH"],
-        deploy_timeout=meta["DEPLOY_TIMEOUT"],
-        http_timeout=meta["HTTP_TIMEOUT"],
-    )
-    assert (
-        _psql(domain, "SELECT v FROM ci_marker;") == "original"
-    ), "restore did not return the pre-mutation postgres state"

tests/matrix-synapse/test_install.py

@@ -1,23 +1,30 @@
-"""matrix-synapse — install stage (recipe #4, DB + media store). D2 install: the synapse client API
-answers 200 over real HTTPS through the gateway (nginx -> synapse). The base recipe has no browser
-UI (element-web is an addon), so the functional assertion is the JSON client API, not Playwright."""
+"""matrix-synapse — INSTALL overlay (Phase 1d, DG4): override + extend-by-composition.
+
+Reuses the generic "really serving" assertion, then ADDS the recipe-specific checks: the synapse
+client API answers 200 over real HTTPS through the gateway, and the client-API version document is
+real synapse JSON (proves the app, not just a proxy 200). The base recipe has no browser UI
+(element-web is an addon), so the functional assertion is the JSON client API, not Playwright.
+Assertion-only on the shared deployment."""
 
 import json
 import os
 import sys
 
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
-from harness import lifecycle  # noqa: E402
+from harness import generic, lifecycle  # noqa: E402
 
 
-def test_client_api_healthy(deployed_app):
-    status = lifecycle.http_get(deployed_app, "/_matrix/client/versions")
-    assert status == 200, f"expected 200 from {deployed_app}/_matrix/client/versions, got {status}"
+def test_serving_and_client_api(live_app, meta):
+    # extend-by-composition: reuse the generic "really serving" assertion first ...
+    generic.assert_serving(live_app, meta)
 
+    # ... then the recipe-specific assertions.
+    # The synapse client API answers 200 over real HTTPS through the gateway (nginx -> synapse).
+    status = lifecycle.http_get(live_app, "/_matrix/client/versions")
+    assert status == 200, f"expected 200 from {live_app}/_matrix/client/versions, got {status}"
 
-def test_client_api_advertises_versions(deployed_app):
-    """The client-API version document is real synapse JSON (proves the app, not just a proxy 200)."""
-    body = lifecycle.http_body(deployed_app, "/_matrix/client/versions")
+    # The client-API version document is real synapse JSON (proves the app, not just a proxy 200).
+    body = lifecycle.http_body(live_app, "/_matrix/client/versions")
     doc = json.loads(body)
     assert (
         isinstance(doc.get("versions"), list) and doc["versions"]

tests/matrix-synapse/test_restore.py

@@ -0,0 +1,27 @@
+"""matrix-synapse — RESTORE overlay (Phase 1d, DG4): data-integrity, extends the generic restore.
+
+Runs after the backup overlay (test_backup.py) on the SAME shared deployment, which left the postgres
+marker table dropped after dumping it. This restores the snapshot via the shared op helper
+(`generic.do_restore`, which also asserts the app is healthy + serving afterwards; the recipe's
+restore.post-hook reloads the dump), then asserts the restored DB matches the pre-mutation "original"
+— the app-specific data integrity the generic restore cannot check. Reads via `psql` in the `db`
+service. Assertion-only (no deploy/teardown)."""
+
+import os
+import sys
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
+from harness import generic, lifecycle  # noqa: E402
+
+
+def _psql(domain, sql):
+    cmd = f'PGPASSWORD=$(cat /run/secrets/db_password) psql -U synapse -d synapse -tAc "{sql}"'
+    return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="db").strip()
+
+
+def test_restore_returns_state(live_app, meta):
+    domain = live_app
+    generic.do_restore(domain, meta)  # restore + assert healthy/serving
+    assert (
+        _psql(domain, "SELECT v FROM ci_marker;") == "original"
+    ), "restore did not return the pre-mutation postgres state"

tests/matrix-synapse/test_upgrade.py

@@ -1,16 +1,16 @@
-"""matrix-synapse — upgrade stage (D2): deploy the previous published version, write a DB marker,
-upgrade to current/$REF, assert the app stays healthy and the postgres data survives.
+"""matrix-synapse — UPGRADE overlay (Phase 1d, DG4): data-continuity, extends the generic upgrade.
 
-Matrix data lives in postgres, so the marker is a row in a dedicated `ci_marker` table (synapse's
-own schema migrations don't touch it), read back via `psql` in the `db` service."""
+The orchestrator deployed the previous published version ONCE; this overlay writes a marker row into
+postgres (a dedicated `ci_marker` table synapse's own schema migrations don't touch, read back via
+`psql` in the `db` service), performs the in-place upgrade via the shared op helper
+(`generic.do_upgrade`, which also asserts reconverge + serving + that the deployment moved), then
+asserts the postgres data SURVIVED. Assertion-only on the shared deployment."""
 
 import os
 import sys
 
-import pytest
-
 sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
-from harness import lifecycle  # noqa: E402
+from harness import generic, lifecycle  # noqa: E402
 
 
 def _psql(domain, sql):
@@ -18,26 +18,8 @@ def _psql(domain, sql):
     return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="db").strip()
 
 
-@pytest.fixture
-def old_app(recipe, app_domain, meta, request):
-    prev = lifecycle.previous_version(recipe)
-    if not prev:
-        pytest.skip(f"{recipe}: no previous published version to upgrade from")
-    lifecycle.janitor()
-    request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
-    lifecycle.deploy_app(recipe, app_domain, version=prev)
-    lifecycle.wait_healthy(
-        app_domain,
-        ok_codes=tuple(meta["HEALTH_OK"]),
-        path=meta["HEALTH_PATH"],
-        deploy_timeout=meta["DEPLOY_TIMEOUT"],
-        http_timeout=meta["HTTP_TIMEOUT"],
-    )
-    return app_domain, prev
-
-
-def test_upgrade_preserves_data(old_app, meta):
-    domain, prev = old_app
+def test_upgrade_preserves_data(live_app, meta):
+    domain = live_app
     # write a marker row into postgres (independent of synapse's own tables)
     _psql(
         domain,
@@ -46,15 +28,8 @@ def test_upgrade_preserves_data(old_app, meta):
     )
     assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
 
-    # upgrade previous -> current/$REF
-    lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
-    lifecycle.wait_healthy(
-        domain,
-        ok_codes=tuple(meta["HEALTH_OK"]),
-        path=meta["HEALTH_PATH"],
-        deploy_timeout=meta["DEPLOY_TIMEOUT"],
-        http_timeout=meta["HTTP_TIMEOUT"],
-    )
+    # in-place upgrade previous -> target (reuses the generic op: upgrade + assert reconverge/serving)
+    generic.do_upgrade(domain, os.environ.get("VERSION") or None, meta)
 
     # app healthy and the data written before the upgrade is still there
     assert lifecycle.http_get(domain, meta["HEALTH_PATH"]) == 200