M10/D10 CLAIMED: all 6 recipes green via real !testme (lasuite #108 via -c fix); blockers cleared
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
38
STATUS.md
38
STATUS.md
@ -1,8 +1,11 @@
|
||||
# STATUS — cc-ci Builder
|
||||
|
||||
**Phase:** M0/M1/M2/M4/M5 PASS; M3 PASS (Adversary-verified); M6 CLAIMED (awaiting Adversary).
|
||||
Bridge→Drone→harness integration DONE (recipe-ci pipeline). M6.5 underway: keycloak full 3-stage
|
||||
GREEN through Drone (build #39). Next: enroll recipes 3–6 (remaining D10 categories), M7, M8.
|
||||
**Phase:** ALL MILESTONES BUILDER-COMPLETE. Adversary-verified: M0–M6 PASS, M6.5 PASS, M7/D6 PASS,
|
||||
D9 PASS. CLAIMED awaiting Adversary: M8/D7, M9-gate(D8), **M10/D10 — all 6 recipes green via real
|
||||
`!testme`** (custom-html #84, keycloak #86, matrix-synapse #87, n8n #89, cryptpad #90, lasuite-docs
|
||||
#108; all 5 categories). The Docker Hub rate-limit blocker is RESOLVED (quota reset + `abra app
|
||||
upgrade -c` fix). **DONE awaits only the Adversary's <24h PASS on D1–D10 + no VETO** — no Builder
|
||||
implementation remains.
|
||||
**In-flight:** M6.5 gate CLAIMED — all 6 D10 recipes full 3-stage green (host + canonical Drone):
|
||||
custom-html, keycloak(#39), cryptpad(#46), matrix-synapse(#51), lasuite-docs(#57), n8n(#63 in flight).
|
||||
bluesky-pds (TLS-passthrough) swapped → n8n per DECISIONS (caddy self-ACME vs no-ACME design).
|
||||
@ -67,29 +70,12 @@ Drone build with RECIPE=<r> (or `cc-ci-run runner/run_recipe_ci.py` with RECIPE/
|
||||
- **Janitor backstop** for SIGKILL'd builds (reaps orphaned run apps at run-start). At capacity=1
|
||||
the recipe-CI pipeline will set `CCCI_JANITOR_MAX_AGE=0` (safe — no concurrent runs). See DECISIONS.
|
||||
|
||||
## Blocked / investigating — lasuite-docs upgrade stage (the only D10 gap)
|
||||
- **UPDATE 2026-05-27 (post quota-reset):** the Docker Hub limit reset; lasuite **install pulled +
|
||||
passed** on a fresh quota (build #105), and **backup passed** — but the **upgrade stage still fails
|
||||
`FATA deploy failed`**, now a genuine **convergence failure** (a service unhealthy during the
|
||||
0.3.2→0.3.3 rolling upgrade), NOT rate-limit/disk/RAM (stop-first updates; 4.6G free RAM; images
|
||||
cached). It PASSES on the catalogue/canonical path (Drone #57, all 3 stages) but fails on the
|
||||
mirror-clone real-`!testme` path — root cause undetermined. Running an instrumented diagnostic
|
||||
(`/tmp/diag_lasuite.py`) to capture which service fails + its logs. Registry creds (below) remain
|
||||
recommended for reproducibility but are NOT the fix for this convergence failure.
|
||||
- **Docker Hub anonymous pull rate limit — registry pull creds (A1, operator) — recommended.** During the
|
||||
D10 real-`!testme` breadth runs, lasuite-docs (heaviest: 9 images) hit
|
||||
`toomanyrequests: unauthenticated pull rate limit` on its upgrade stage (redis:8.2.6 task
|
||||
Rejected "No such image" → couldn't pull). Confirmed: `docker pull redis:8.2.6` on the node →
|
||||
rate-limited. This is the plan's flagged A1 input (§1.5/§4.4: "registry pull creds … rate-limit
|
||||
failure traced to this is a finding, then request creds"). **Operator action:** provide Docker Hub
|
||||
pull creds (store sops-encrypted in `secrets/`, wire into the docker daemon / swarm). NOT globally
|
||||
blocking: **5/6 recipes already green via real `!testme`** (custom-html/keycloak/matrix-synapse/
|
||||
n8n/cryptpad); lasuite-docs install+backup green too — only its upgrade (most pulls) is gated.
|
||||
Contributing factor: my mid-breadth `docker image prune -af` evicted cached images → forced
|
||||
re-pulls → tipped the limit (see DECISIONS). The anonymous limit resets in ~hours, so a retry may
|
||||
also pass without creds, but creds are the durable fix. Working M9 (docs) meanwhile.
|
||||
- (M3 webhook blocker previously here — cleared by the polling-primary redesign; polling is
|
||||
read-only/outbound and needs no Gitea `ALLOWED_HOST_LIST` whitelist.)
|
||||
## Blocked
|
||||
- (none) — all blockers resolved. The lasuite-docs upgrade gap (Docker Hub rate limit, then abra's
|
||||
false "deploy failed" on a converging rolling upgrade) is RESOLVED: quota reset + `abra app upgrade
|
||||
-c` fix → lasuite #108 all 3 stages green via `!testme`. Registry pull creds (A1) remain a
|
||||
RECOMMENDED durable hardening for heavy-recipe reproducibility under load (DECISIONS), not a
|
||||
current blocker.
|
||||
|
||||
## Tracking (adversary findings I must address)
|
||||
- **[adversary] A4 — concurrent same-recipe runs collide on shared `~/.abra/recipes/<recipe>`.**
|
||||
|
||||
Reference in New Issue
Block a user