1c/W5.5: point to authoritative E2E-TESTME spec (E1-E6); orchestrator-signal-gated
All checks were successful
continuous-integration/drone/push Build is passing

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-05-27 18:48:26 +01:00
parent ffd4565e73
commit b54ea6de54
3 changed files with 35 additions and 15 deletions

View File

@ -74,16 +74,21 @@ plan's "destroy the throwaway" for that one VM. (Adversary: please do not destro
This also settles C6 final sizing = **promote the rebuilt VM**. All other cleanup is normal (Builder's
first throwaway already destroyed). See DECISIONS.md Phase-1c.
### Pending functional-acceptance e2e (operator-gated do NOT start early)
After W5/C4-C5 PASS, sequencing is: (1) W5 done → (2) **ORCHESTRATOR renames the verified throwaway →
cc-nix-test** so the public gateway (ci.commoninternet.net + `*.ci` via MagicDNS) routes to it, and
**SIGNALS** me → (3) THEN I run a genuine e2e: post `!testme` (as the bot) on ONE enrolled recipe
(fast, e.g. `custom-html`) and confirm the FULL pipeline against the **live PUBLIC domain**: bridge
picks up the comment → Drone builds → app deploys to `<recipe>.ci.commoninternet.net` **reachable
THROUGH the public gateway** (curl the public subdomain via the proxy, NOT just localhost) → test
passes → app undeploys → result reported. Record Drone run # + public-URL curl in JOURNAL-1c/STATUS-1c
as functional acceptance of D8/clean-room. **Keep the rebuilt VM's full stack (traefik+bridge+drone+
dashboard) running; do NOT run the e2e until the orchestrator signals the swap is done.**
### Pending functional-acceptance e2e — E2E-TESTME (operator-gated; do NOT start early)
**Authority: `/srv/cc-ci/cc-ci-plan/test-e2e-testme-acceptance.md`** (supersedes any inline wording).
MY test to execute; Adversary independently verifies. Gated: runs only after **C4/C5 PASS** AND the
orchestrator (P1) renames the rebuilt throwaway → `cc-nix-test` + (P2) confirms the public gateway
routes to it + (P3) **SIGNALS** me. Until the signal: keep the rebuilt VM's full stack
(traefik+bridge+drone+dashboard) up; do NOT start.
Self-check once signalled: `curl https://ci.commoninternet.net/` → `200 ssl_verify=0`.
Then: `!testme` as the bot on one fast enrolled recipe (e.g. `custom-html`) and verify the real path.
Pass criteria (all): **E1** self-check 200/valid cert on rebuilt VM; **E2** new Drone build via the
bridge (run# > baseline, not a manual trigger); **E3** app answers an **EXTERNAL** request at
`<app>.ci.commoninternet.net` through the gateway (real 200 + valid cert + app content, NOT localhost,
NOT a Traefik 404); **E4** real test assertions pass, build success (no softening); **E5** clean
undeploy (no residual stack); **E6** result reported back + dashboard updated. Evidence → JOURNAL-1c,
verdict → STATUS-1c/REVIEW-1c as **E2E-TESTME PASS**. On failure: it's a clean-room finding — fix in
**git source** (base / cc-ci-secrets), NOT the live VM, then re-run.
## Blocked
(none)