From ba37529a30392004bd1c5c062c796d8b99c046e4 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Wed, 27 May 2026 11:46:52 +0100 Subject: [PATCH] M10/D10 CLAIMED: all 6 recipes green via real !testme (lasuite #108 via -c fix); blockers cleared Co-Authored-By: Claude Opus 4.7 (1M context) --- BACKLOG.md | 14 ++++++++------ JOURNAL.md | 26 ++++++++++++++++++++++++++ STATUS.md | 38 ++++++++++++-------------------------- 3 files changed, 46 insertions(+), 32 deletions(-) diff --git a/BACKLOG.md b/BACKLOG.md index a81dcfd..8c6cecd 100644 --- a/BACKLOG.md +++ b/BACKLOG.md @@ -133,12 +133,14 @@ Two single-writer sections (§6.1): Builder edits only `## Build backlog`; Adver ready. (Note: a from-scratch rebuild pulls images → needs the registry creds / quota too.) ### M10 — Proof (D10) -- [x] 5/6 recipes green via REAL !testme PRs (full 3-stage, comment-reflected): custom-html #84, - keycloak #86, matrix-synapse #87, n8n #89, cryptpad #90. -- [ ] lasuite-docs (6th, object-storage/S3) — install+backup green via !testme; upgrade BLOCKED on - Docker Hub rate limit (A1 registry creds, operator; STATUS ## Blocked). Retries halted pending - creds (3× confirmed). -- [ ] Flip STATUS to DONE once lasuite green (creds) + REVIEW shows <24h PASS for all D1–D10. +- [x] **All 6 recipes green via REAL !testme PRs** (full 3-stage install/upgrade/backup, + comment-reflected ✅, clean teardown): custom-html #84, keycloak #86, matrix-synapse #87, + n8n #89, cryptpad #90, **lasuite-docs #108**. All 5 D10 categories covered. +- [x] lasuite-docs (6th, object-storage/S3) unblocked: quota reset + `abra app upgrade -c` fix + (abra false-failed a converging rolling upgrade) → #108 all 3 stages green. +- [x] Gate: M10 — six recipes green via !testme → **CLAIMED 2026-05-27**, awaiting Adversary D10 + verification. +- [ ] DONE: write `## DONE` only once REVIEW shows <24h PASS for ALL D1–D10 + no VETO (Adversary). ## Adversary findings diff --git a/JOURNAL.md b/JOURNAL.md index b99ba11..40b7249 100644 --- a/JOURNAL.md +++ b/JOURNAL.md @@ -731,3 +731,29 @@ clean. This is the 3rd confirmation the blocker is the Docker Hub rate limit. Pe **halting lasuite retries until the operator provides Docker Hub creds** (A1, STATUS ## Blocked). 5/6 D10 recipes remain green via real !testme. Pivoting to M9 (docs/reproducibility) — fully unblocked, no image pulls. + +--- +## 2026-05-27 — M10/D10 BUILDER-COMPLETE: all 6 recipes green via real !testme + +Diagnosed the lasuite-docs upgrade failure with an instrumented host run: `abra app upgrade` reported +`FATA deploy failed` while all 9 services were actually 1/1 healthy — abra's convergence poll gives +up too early on the slow stop-first rolling upgrade (pulling new images). Fix: pass `-c` +(`--no-converge-checks`) to `abra app upgrade` and let the harness's wait_healthy + data-survival +assertion be the (patient, real) gate. (Also: `/root/cc-ci` was stale — fully synced; the first diag +hit the old no-`-o` auth error, masking this.) + +**lasuite-docs #108 → success** with the fix: install 2✓, upgrade 1✓, backup 1✓; bridge comment +edited to `✅ passed`. So **all 6 D10 recipes are green via REAL `!testme` on a PR**, full 3-stage, +comment-reflected, clean teardown: +| recipe | category | build | +|---|---|---| +| custom-html | simple/stateless | #84 | +| keycloak | SSO/identity + DB | #86 | +| matrix-synapse | DB + media / large-volume | #87 | +| n8n | workflow automation | #89 | +| cryptpad | stateful / no external DB | #90 | +| lasuite-docs | multi-service + S3/MinIO/object-storage | #108 | + +All 5 required D10 categories covered. The earlier Docker Hub rate-limit blocker resolved on quota +reset (registry creds still recommended for reproducibility under load — see DECISIONS). D10 is +Builder-complete; DONE awaits the Adversary's <24h PASS on D1–D10 (esp. independent D10 verification). diff --git a/STATUS.md b/STATUS.md index b794453..3a126db 100644 --- a/STATUS.md +++ b/STATUS.md @@ -1,8 +1,11 @@ # STATUS — cc-ci Builder -**Phase:** M0/M1/M2/M4/M5 PASS; M3 PASS (Adversary-verified); M6 CLAIMED (awaiting Adversary). -Bridge→Drone→harness integration DONE (recipe-ci pipeline). M6.5 underway: keycloak full 3-stage -GREEN through Drone (build #39). Next: enroll recipes 3–6 (remaining D10 categories), M7, M8. +**Phase:** ALL MILESTONES BUILDER-COMPLETE. Adversary-verified: M0–M6 PASS, M6.5 PASS, M7/D6 PASS, +D9 PASS. CLAIMED awaiting Adversary: M8/D7, M9-gate(D8), **M10/D10 — all 6 recipes green via real +`!testme`** (custom-html #84, keycloak #86, matrix-synapse #87, n8n #89, cryptpad #90, lasuite-docs +#108; all 5 categories). The Docker Hub rate-limit blocker is RESOLVED (quota reset + `abra app +upgrade -c` fix). **DONE awaits only the Adversary's <24h PASS on D1–D10 + no VETO** — no Builder +implementation remains. **In-flight:** M6.5 gate CLAIMED — all 6 D10 recipes full 3-stage green (host + canonical Drone): custom-html, keycloak(#39), cryptpad(#46), matrix-synapse(#51), lasuite-docs(#57), n8n(#63 in flight). bluesky-pds (TLS-passthrough) swapped → n8n per DECISIONS (caddy self-ACME vs no-ACME design). @@ -67,29 +70,12 @@ Drone build with RECIPE= (or `cc-ci-run runner/run_recipe_ci.py` with RECIPE/ - **Janitor backstop** for SIGKILL'd builds (reaps orphaned run apps at run-start). At capacity=1 the recipe-CI pipeline will set `CCCI_JANITOR_MAX_AGE=0` (safe — no concurrent runs). See DECISIONS. -## Blocked / investigating — lasuite-docs upgrade stage (the only D10 gap) -- **UPDATE 2026-05-27 (post quota-reset):** the Docker Hub limit reset; lasuite **install pulled + - passed** on a fresh quota (build #105), and **backup passed** — but the **upgrade stage still fails - `FATA deploy failed`**, now a genuine **convergence failure** (a service unhealthy during the - 0.3.2→0.3.3 rolling upgrade), NOT rate-limit/disk/RAM (stop-first updates; 4.6G free RAM; images - cached). It PASSES on the catalogue/canonical path (Drone #57, all 3 stages) but fails on the - mirror-clone real-`!testme` path — root cause undetermined. Running an instrumented diagnostic - (`/tmp/diag_lasuite.py`) to capture which service fails + its logs. Registry creds (below) remain - recommended for reproducibility but are NOT the fix for this convergence failure. -- **Docker Hub anonymous pull rate limit — registry pull creds (A1, operator) — recommended.** During the - D10 real-`!testme` breadth runs, lasuite-docs (heaviest: 9 images) hit - `toomanyrequests: unauthenticated pull rate limit` on its upgrade stage (redis:8.2.6 task - Rejected "No such image" → couldn't pull). Confirmed: `docker pull redis:8.2.6` on the node → - rate-limited. This is the plan's flagged A1 input (§1.5/§4.4: "registry pull creds … rate-limit - failure traced to this is a finding, then request creds"). **Operator action:** provide Docker Hub - pull creds (store sops-encrypted in `secrets/`, wire into the docker daemon / swarm). NOT globally - blocking: **5/6 recipes already green via real `!testme`** (custom-html/keycloak/matrix-synapse/ - n8n/cryptpad); lasuite-docs install+backup green too — only its upgrade (most pulls) is gated. - Contributing factor: my mid-breadth `docker image prune -af` evicted cached images → forced - re-pulls → tipped the limit (see DECISIONS). The anonymous limit resets in ~hours, so a retry may - also pass without creds, but creds are the durable fix. Working M9 (docs) meanwhile. -- (M3 webhook blocker previously here — cleared by the polling-primary redesign; polling is - read-only/outbound and needs no Gitea `ALLOWED_HOST_LIST` whitelist.) +## Blocked +- (none) — all blockers resolved. The lasuite-docs upgrade gap (Docker Hub rate limit, then abra's + false "deploy failed" on a converging rolling upgrade) is RESOLVED: quota reset + `abra app upgrade + -c` fix → lasuite #108 all 3 stages green via `!testme`. Registry pull creds (A1) remain a + RECOMMENDED durable hardening for heavy-recipe reproducibility under load (DECISIONS), not a + current blocker. ## Tracking (adversary findings I must address) - **[adversary] A4 — concurrent same-recipe runs collide on shared `~/.abra/recipes/`.**