diff --git a/machine-docs/JOURNAL-settings.md b/machine-docs/JOURNAL-settings.md index 4c5688a..429a46b 100644 --- a/machine-docs/JOURNAL-settings.md +++ b/machine-docs/JOURNAL-settings.md @@ -63,3 +63,22 @@ phase files are format-clean + `ruff check` clean. - full unit suite `pytest tests/unit/ -q` → **315 passed**. - `ruff check runner/ tests/unit/ bridge/ dashboard/` → All checks passed. - `ruff format --check` (pinned) on my 5 files → all formatted. + +## 2026-06-17 — M2 prep (read-only; not advancing past M1 gate) + +Server canonical registry (`/var/lib/ci-warm//canonical.json`, status all `idle`): +- **WITH canonical** (16): cryptpad, custom-html, custom-html-tiny, drone, ghost, gitea, hedgedoc, + immich, lasuite-docs, lasuite-drive, lasuite-meet, mailu, matrix-synapse, n8n, plausible, uptime-kuma. +- **warm dir but NO canonical.json** (candidates for M2 evidence (a) "recipe without a canonical → + newest release tag < head"): **keycloak, alerts, traefik**. + +M2 plan (after M1 PASS): +- (a) pick a no-canonical recipe WITH published release tags (keycloak has many) → show + `resolve_upgrade_base` returns a release-tag base, not raw main-tip. Likely via a harness dry-run / + targeted invocation on the server reading the live settings (absent file → default false). +- (b) drop a scratch `/etc/cc-ci/settings.toml` with `skip_canonicals_for_upgrade = true`, show a + canonical-bearing recipe (e.g. gitea/ghost) now resolves to the release-tag base (canonical bypassed), + then remove the scratch file → restore default false. +- Deploy: ensure `/etc/cc-ci` is at the phase commit (git pull); settings.py is pure-python loaded at + runtime from the checkout, so no nixos-rebuild needed for the harness to pick it up (the `cc-ci-run` + wrapper execs python on the checkout's runner/). Confirm on server.