M6.5: cryptpad (recipe #3) full 3-stage green on host; record set_env/RESTIC backup fix
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
27
JOURNAL.md
27
JOURNAL.md
@ -544,3 +544,30 @@ the 60m build timeout; that's why the run took ~31m. No harness surgery (D5): ke
|
||||
This both advances M6.5 (first DB-backed recipe full 3-stage) and confirms the recipe-ci integration
|
||||
works on a heavy DB-backed recipe (Drone→harness→3 stages→teardown). Next M6.5: enroll recipes 3–6
|
||||
covering the remaining D10 categories (stateful-no-DB, multi-service+S3, large-volume, etc.).
|
||||
|
||||
---
|
||||
## 2026-05-27 — M6.5: cryptpad (recipe #3) enrolled + full 3-stage green; fixed a real backup bug
|
||||
|
||||
Enrolled **cryptpad** (stateful, no external DB — the D10 "stateful/no-DB" category). No shared-harness
|
||||
surgery beyond a *generic* feature: added per-recipe **EXTRA_ENV** (recipe_meta.py dict or
|
||||
domain-callable) applied in `deploy_app` at every deploy path. cryptpad uses it for its required
|
||||
distinct `SANDBOX_DOMAIN` (a sibling subdomain under the wildcard, so no cert work). Data-survival
|
||||
tests write a marker into the backed-up `cryptpad_data` volume and read it via `exec_in_app`
|
||||
(cryptpad's datastore isn't HTTP-served like custom-html).
|
||||
|
||||
Host runs (HOME=/root, cc-ci-run): install **2 passed** (~2m; http 200 + Playwright loads cryptpad),
|
||||
upgrade **1 passed** (~1m; marker survives previous→current), backup **1 passed** after a fix
|
||||
(below). Clean teardown (0 cryp services/volumes).
|
||||
|
||||
**Real bug found+fixed — backups were silently mis-wired (set_env newline).** cryptpad backup first
|
||||
failed: `abra app backup create` → backup-bot-two's `/usr/bin/backup` raised
|
||||
`KeyError: 'RESTIC_REPOSITORY'`. Root cause: backup-bot-two's `.env.sample` ends with a *newline-less*
|
||||
comment line, and the reconcile's `set_env` did a bare `printf >> .env`, gluing
|
||||
`RESTIC_REPOSITORY=/backups/restic` onto that comment → commented out. abra `--debug` confirmed the
|
||||
backupbot env map lacked `RESTIC_REPOSITORY`, and `docker exec backupbot printenv RESTIC_REPOSITORY`
|
||||
was empty. Fix: `set_env` now ensures a trailing newline before appending (modules/backupbot.nix +
|
||||
modules/drone.nix, same latent bug). After rebuild: `.env` has a clean `RESTIC_REPOSITORY=` line, the
|
||||
backupbot container has `RESTIC_REPOSITORY=/backups/restic`, and cryptpad backup→mutate→restore
|
||||
passes. NOTE: keycloak backup (build #39) passed off an *earlier, non-corrupted* backupbot deploy;
|
||||
worth a re-verify, but the mechanism is now correct/reproducible. Triggered Drone build #46 (cryptpad)
|
||||
as the canonical recipe-ci run.
|
||||
|
||||
Reference in New Issue
Block a user