From be895b5175ed4dc614f49294943e78172842d811 Mon Sep 17 00:00:00 2001 From: autonomic-bot Date: Mon, 15 Jun 2026 19:42:28 +0000 Subject: [PATCH] =?UTF-8?q?chore(gtea):=20init=20Adversary=20phase=20files?= =?UTF-8?q?=20=E2=80=94=20baseline=20orientation=20done,=20awaiting=20Buil?= =?UTF-8?q?der=20M1=20claim?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- machine-docs/BACKLOG-gtea.md | 10 +++++ machine-docs/JOURNAL-gtea.md | 79 ++++++++++++++++++++++++++++++++++++ machine-docs/REVIEW-gtea.md | 22 ++++++++++ 3 files changed, 111 insertions(+) create mode 100644 machine-docs/BACKLOG-gtea.md create mode 100644 machine-docs/JOURNAL-gtea.md create mode 100644 machine-docs/REVIEW-gtea.md diff --git a/machine-docs/BACKLOG-gtea.md b/machine-docs/BACKLOG-gtea.md new file mode 100644 index 0000000..5e6f161 --- /dev/null +++ b/machine-docs/BACKLOG-gtea.md @@ -0,0 +1,10 @@ +# BACKLOG — phase gtea (gitea full-test enrollment) + +## Build backlog +(Builder-owned — read-only to Adversary) + +## Adversary findings +(Adversary-owned — only the Adversary writes this section) + +No findings yet. Phase in progress. + diff --git a/machine-docs/JOURNAL-gtea.md b/machine-docs/JOURNAL-gtea.md new file mode 100644 index 0000000..f701dd3 --- /dev/null +++ b/machine-docs/JOURNAL-gtea.md @@ -0,0 +1,79 @@ +# JOURNAL — phase gtea (Adversary) + +Adversary private log. Append-only. + +--- + +## 2026-06-15T19:33Z — Phase init + orientation + +Phase gtea launched. Previous phase (poe2e) is DONE at 3f6d7dc. +Builder hasn't started; no gtea commits on origin/main (HEAD 3f6d7dc). + +### Pre-build baseline established: + +**Current tests/gitea/ state:** +- Only `recipe_meta.py` exists — pure dep-provider stub +- Header says "NOT a standalone recipe-under-test" (must be updated, not removed) +- EXTRA_ENV: sqlite3 + relaxed auth (dep path — must survive the recipe-under-test additions) + +**Unit tests to preserve (tests/unit/test_gitea_dep.py):** +- `m.HEALTH_PATH == "/api/healthz"` — must not change +- `200 in m.HEALTH_OK` — must not change +- EXTRA_ENV must return `compose.sqlite3.yml` in COMPOSE_FILE, `GITEA_REQUIRE_SIGNIN_VIEW=false`, `GITEA_DISABLE_REGISTRATION=false` +- `test_drone_recipe_meta_deps`: `"gitea" in m.DEPS` for drone recipe_meta +- These are hard constraints — any modification to gitea recipe_meta.py that breaks these = FAIL + +**gitea recipe on cc-ci (.abra cache):** +- Latest tag: `3.5.3+1.24.2-rootless` (master HEAD at e6a1cc7) +- Available releases in abra release dir: 2.0.0, 2.1.2, 2.6.0, 3.0.0 (previous deploys) +- Image: `gitea/gitea:1.24.2-rootless` +- Backup: `backupbot.backup=true` label present in compose.yml -> BACKUP_CAPABLE=True + +**LFS PR #1 (`lfs-plain-gitea` -> `main`) diff summary:** +- Adds `compose.lfs.yml` (GITEA_LFS_START_SERVER=true + lfs_jwt_secret) +- Updates `app.ini.tmpl`: renders LFS_JWT_SECRET if GITEA_LFS_START_SERVER=true (not only forgejo) +- Bumps `APP_INI_VERSION=v21 -> v22` in abra.sh +- Bumps recipe version `3.5.3 -> 3.6.0` in compose.yml labels +- `compose.lfs.yml` absent on `main` -> LFS test MUST skip on main (no overlay = skip) +- `compose.lfs.yml` present on `lfs-plain-gitea` -> LFS test MUST pass + +**Running on cc-ci:** +- No standalone gitea app running (drone app exists but gitea dep not running currently) +- /etc/timezone = UTC (plan section 0 prereq satisfied) +- cc-ci services: backup-bot-two, custom-html, discourse, drone, ghost, keycloak, mattermost-lts, traefik + +**Registered meta keys (runner/harness/meta.py):** +HEALTH_PATH, HEALTH_OK, DEPLOY_TIMEOUT, HTTP_TIMEOUT, BACKUP_CAPABLE, EXPECTED_NA, +READY_PROBE, UPGRADE_BASE_VERSION, BACKUP_VERIFY, UPGRADE_EXTRA_ENV, EXTRA_ENV, DEPS, +WARM_CANONICAL, SCREENSHOT — no others allowed without registry update + doc regen + +**CRITICAL observation: No upstream recipe tests exist:** +- `recipe-maintainers/gitea` has NO `tests/` directory on main or lfs-plain-gitea +- Plan's `recipe-info/gitea/tests/health_check.py` and `git_push.py` are aspirational (do not exist upstream) +- Builder must document in PARITY.md that these are created-from-scratch (not ported) +- If Builder claims "parity port" without acknowledging no source exists, that's a PARITY.md accuracy defect + +**Adversary verification checklist for M1 (pre-populated):** +1. Unit tests still pass after recipe_meta.py changes (esp. test_gitea_dep.py) +2. No new ALL-CAPS meta keys added without registry update + doc regen +3. EXTRA_ENV dep path unchanged (sqlite3 + relaxed auth) — dep vs recipe split real and documented +4. Tests have real teeth (not trivially passing with misconfigured gitea) +5. LFS test skips on main (compose.lfs.yml absent) +6. Backup/restore mutation genuinely diverges then reverts (not a no-op restore) +7. Drone still green (gitea dep path unaffected) +8. PARITY.md honest about absent upstream tests + +**Adversary verification checklist for M2 (pre-populated):** +1. Full lifecycle via real CI (!testme on main), drone still green +2. Screenshot real + visually verified +3. LFS round-trip green on lfs-plain-gitea (OID hash check, JWT stability across restart) +4. Same LFS test skipped on main (not just xfail — structurally absent) +5. Result posted to PR #1, nothing merged +6. No secrets in logs/dashboard + +**Break-it probes to run (ongoing):** +- Check EXTRA_ENV doesn't let recipe-under-test keys leak into the dep deploy path +- Post !testmexyz to a test PR (must NOT trigger) +- Grep logs/dashboard for secrets after any gitea deploy +- Verify LFS JWT secret stability: deploy restart, check rendered app.ini LFS_JWT_SECRET unchanged + diff --git a/machine-docs/REVIEW-gtea.md b/machine-docs/REVIEW-gtea.md new file mode 100644 index 0000000..c226a55 --- /dev/null +++ b/machine-docs/REVIEW-gtea.md @@ -0,0 +1,22 @@ +# REVIEW — phase gtea (gitea full-test enrollment) + +Adversary verdict log. Append-only. Only the Adversary writes here. +Commit prefix: `review(gtea): ...` + +--- + +## Init @2026-06-15T19:33Z + +Phase gtea started. No gates claimed yet by Builder. Baseline orientation run: +- Builder hasn't started (no STATUS-gtea.md, no gtea commits on origin/main as of 3f6d7dc). +- Existing `tests/gitea/recipe_meta.py` is the dep-provider stub (header: "NOT a standalone recipe-under-test"). +- Plan SSOT loaded: plan-phase-gtea-gitea-fulltests.md — M1 = suite green locally; M2 = green in real CI + LFS PR verified. +- Exemplars to check: tests/cryptpad/, tests/keycloak/. +- Will maintain independent break-it probes while Builder builds. + +--- + +## Pending verdicts + +None yet — awaiting M1 CLAIMED gate. +