M6.5: enroll matrix-synapse (recipe #4, DB+media/large-volume) — install verified green

install 2 passed on host (~2.7m): synapse client API 200 + real versions JSON, no extra config
(SYNAPSE_SERVER_NAME=DOMAIN). upgrade/backup author postgres-marker assertions exercising the
recipe's pg_backup.sh dump/restore hook (the meaningful matrix data path); verifying next.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/matrix-synapse/recipe_meta.py

@@ -0,0 +1,7 @@
+# Per-recipe harness config for matrix-synapse (recipe #4 — DB + media store; the large-volume /
+# DB-backed category). Base recipe = synapse `app` + postgres `db` + nginx `web`. server_name is
+# DOMAIN (set by abra), so no EXTRA_ENV needed. Synapse + postgres startup is slow -> long timeouts.
+HEALTH_PATH = "/_matrix/client/versions"   # 200 JSON once synapse is serving the client API
+HEALTH_OK = (200,)
+DEPLOY_TIMEOUT = 600
+HTTP_TIMEOUT = 600

tests/matrix-synapse/test_backup.py

@@ -0,0 +1,37 @@
+"""matrix-synapse — backup/restore stage (D2): write a postgres marker, backup (the recipe's
+pg_backup.sh pre-hook dumps the DB to backup.sql), mutate (drop the marker), restore (post-hook
+reloads the dump), assert the restored DB matches the pre-mutation state.
+
+This exercises the real DB-dump backup hook (backupbot.backup.pre-hook / restore.post-hook), not a
+plain volume copy — the meaningful data path for a postgres-backed app."""
+import os
+import sys
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
+from harness import lifecycle  # noqa: E402
+
+
+def _psql(domain, sql):
+    cmd = f'PGPASSWORD=$(cat /run/secrets/db_password) psql -U synapse -d synapse -tAc "{sql}"'
+    return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="db").strip()
+
+
+def test_backup_mutate_restore(deployed, meta):
+    domain = deployed
+
+    # 1) establish original state in postgres, then back up (pg_backup.sh dumps the DB)
+    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+                  "INSERT INTO ci_marker VALUES('original');")
+    assert _psql(domain, "SELECT v FROM ci_marker;") == "original"
+    lifecycle.backup_app(domain)
+
+    # 2) mutate: drop the marker table (diverge from the backup)
+    _psql(domain, "DROP TABLE ci_marker;")
+    assert _psql(domain, "SELECT to_regclass('public.ci_marker');") in ("", "NULL"), "drop did not take"
+
+    # 3) restore -> the dumped DB (with the marker) is reloaded
+    lifecycle.restore_app(domain)
+    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
+                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    assert _psql(domain, "SELECT v FROM ci_marker;") == "original", \
+        "restore did not return the pre-mutation postgres state"

tests/matrix-synapse/test_install.py

@@ -0,0 +1,21 @@
+"""matrix-synapse — install stage (recipe #4, DB + media store). D2 install: the synapse client API
+answers 200 over real HTTPS through the gateway (nginx -> synapse). The base recipe has no browser
+UI (element-web is an addon), so the functional assertion is the JSON client API, not Playwright."""
+import json
+import os
+import sys
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
+from harness import lifecycle  # noqa: E402
+
+
+def test_client_api_healthy(deployed_app):
+    status = lifecycle.http_get(deployed_app, "/_matrix/client/versions")
+    assert status == 200, f"expected 200 from {deployed_app}/_matrix/client/versions, got {status}"
+
+
+def test_client_api_advertises_versions(deployed_app):
+    """The client-API version document is real synapse JSON (proves the app, not just a proxy 200)."""
+    body = lifecycle.http_body(deployed_app, "/_matrix/client/versions")
+    doc = json.loads(body)
+    assert isinstance(doc.get("versions"), list) and doc["versions"], "no matrix client versions advertised"

tests/matrix-synapse/test_upgrade.py

@@ -0,0 +1,48 @@
+"""matrix-synapse — upgrade stage (D2): deploy the previous published version, write a DB marker,
+upgrade to current/$REF, assert the app stays healthy and the postgres data survives.
+
+Matrix data lives in postgres, so the marker is a row in a dedicated `ci_marker` table (synapse's
+own schema migrations don't touch it), read back via `psql` in the `db` service."""
+import os
+import sys
+
+import pytest
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
+from harness import lifecycle  # noqa: E402
+
+
+def _psql(domain, sql):
+    cmd = f'PGPASSWORD=$(cat /run/secrets/db_password) psql -U synapse -d synapse -tAc "{sql}"'
+    return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="db").strip()
+
+
+@pytest.fixture
+def old_app(recipe, app_domain, meta, request):
+    prev = lifecycle.previous_version(recipe)
+    if not prev:
+        pytest.skip(f"{recipe}: no previous published version to upgrade from")
+    lifecycle.janitor()
+    request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
+    lifecycle.deploy_app(recipe, app_domain, version=prev)
+    lifecycle.wait_healthy(app_domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
+                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+    return app_domain, prev
+
+
+def test_upgrade_preserves_data(old_app, meta):
+    domain, prev = old_app
+    # write a marker row into postgres (independent of synapse's own tables)
+    _psql(domain, "CREATE TABLE IF NOT EXISTS ci_marker(v text); DELETE FROM ci_marker; "
+                  "INSERT INTO ci_marker VALUES('upgrade-survives');")
+    assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives"
+
+    # upgrade previous -> current/$REF
+    lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
+    lifecycle.wait_healthy(domain, ok_codes=tuple(meta["HEALTH_OK"]), path=meta["HEALTH_PATH"],
+                           deploy_timeout=meta["DEPLOY_TIMEOUT"], http_timeout=meta["HTTP_TIMEOUT"])
+
+    # app healthy and the data written before the upgrade is still there
+    assert lifecycle.http_get(domain, meta["HEALTH_PATH"]) == 200
+    assert _psql(domain, "SELECT v FROM ci_marker;") == "upgrade-survives", \
+        "postgres data did not survive the upgrade"