diff --git a/machine-docs/STATUS-2.md b/machine-docs/STATUS-2.md index b40340c..5bcdd8b 100644 --- a/machine-docs/STATUS-2.md +++ b/machine-docs/STATUS-2.md @@ -68,21 +68,23 @@ tree must carry: post-rebuild run. - **discourse (Q4.6)** — IN PROGRESS @2026-05-30, **policy-compliant shape (plan §9 anti-overlay)**. recipe-PR `recipe-maintainers/discourse#1` (branch `ci/bitnamilegacy-repin`, head - `c8ba2e4e2b29a845531fbac8a712661f902ef753`): (1) re-pins app+sidekiq `bitnami/discourse:3.3.1` → - `bitnamilegacy/discourse:3.3.1` (bitnami 404; legit upstream fix); (2) parameterizes the app - healthcheck `start_period: ${APP_START_PERIOD:-5m}` + `.env.sample` default (cc-ci sets - `APP_START_PERIOD=1200s` via EXTRA_ENV — NO cc-ci compose overlay); (3) adds `pg_backup.sh` + + `7a2e0e044cfd301aa7790e297adf0ac2aafb369b`): (1) re-pins app+sidekiq `bitnami/discourse:3.3.1` → + `bitnamilegacy/discourse:3.3.1` (bitnami 404; legit upstream fix); (2) bumps the app healthcheck + `start_period` to a LITERAL `20m` (covers the 15-25min Rails first-boot; default 5m) — abra REJECTS + env-interpolation of start_period (`FATA ...Does not match format 'duration'`), so §9's env-var route + is impossible for this field; a literal upstream bump is §9-compliant (recipe everyone runs, not a + cc-ci overlay; strictly safer). ghost E1 must use the same approach. (3) adds `pg_backup.sh` + db config-mount + backupbot backup/restore hooks (P4 restore-hook — published recipe had pg_dump backup but no restore → silent data loss; cc-ci caught it: 5th data-loss recipe, immich/mattermost/ ghost class). **UPGRADE TIER = N/A** (Adversary §7.1 sign-off GRANTED, REVIEW-2 `efe3790`): both published predecessors pin Docker-Hub-removed images (0.7.0→bitnami:3.3.1 404, 0.6.3→bitnami:3.1.2 404); per §9 pt2 declared NOT-TESTABLE rather than image-repin overlay. cc-ci overlay (`compose.ccci-health.yml` + `install_steps.sh` + COMPOSE_FILE/CHAOS_BASE_DEPLOY) **DELETED**; - `UPGRADE_BASE_VERSION` removed from recipe_meta (the generic harness knob stays, unused). **Run shape: - `STAGES=install,backup,restore,custom`** (no upgrade). **NEXT:** run - `RECIPE=discourse PR=1 REF=c8ba2e4e2b29a845531fbac8a712661f902ef753 SRC=recipe-maintainers/discourse + `UPGRADE_BASE_VERSION` + `APP_START_PERIOD` removed from recipe_meta (start_period is now a literal + 20m in the PR). **Run shape: `STAGES=install,backup,restore,custom`** (no upgrade). **NEXT:** run + `RECIPE=discourse PR=1 REF=7a2e0e044cfd301aa7790e297adf0ac2aafb369b SRC=recipe-maintainers/discourse STAGES=install,backup,restore,custom` on `/root/builder-clone` → on all-green CLAIM Q4.6. **POLL with - `ssh -T` (no PTY).** **THEN:** ghost E1 (start_period→APP_START_PERIOD env PR) + plausible Q4.7b + + `ssh -T` (no PTY).** **THEN:** ghost E1 (start_period→literal recipe-PR bump) + plausible Q4.7b + mumble E4 → Q5 (these + the overlay migrations gate the DONE veto F2-14). - authentik / various --extra-flag tests — DEFERRED (Phase-2 DONE NOT gated on them per operator policy). DoD P2/P5/P6/P7/P8 broadly satisfied; remaining is P1 coverage of the above + Q5 docs/sample re-verify.