chore(5): update state files; consume BUILDER-INBOX (A5-1/A5-2 fixes applied, bridge redeployed)
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
autonomic-bot
@ -25,3 +25,31 @@ install_steps.sh hook; generic harness; ideal for upgrade-flow testing with mini
|
||||
Following SKILL.md procedure for /recipe-upgrade custom-html-tiny:
|
||||
Step 1 (Plan): fetched recipe, found upgrades available — see above.
|
||||
Step 2 (Implement): upgrading image tags on cc-ci; bumping version label; committing.
|
||||
Step 3: open-recipe-pr.sh:
|
||||
- First attempt: FAILED — script uses python3 which is not installed on cc-ci. Fixed by rewriting
|
||||
to use `jq` (available on cc-ci) in commit `0df57c6` to cc-ci-orchestrator repo.
|
||||
- Second attempt: SUCCESS. Closed PR #1 (`serve-hidden-files`) as superseded, pushed branch
|
||||
`upgrade-1.1.0+2.42.0`, opened PR #2 at https://git.autonomic.zone/recipe-maintainers/custom-html-tiny/pulls/2
|
||||
Step 4: testme-on-pr.sh:
|
||||
- Initial post: posted !testme, but VERDICT=PENDING (bridge didn't see it — custom-html-tiny not in poll list).
|
||||
- Adversary BUILDER-INBOX message received: two critical findings (A5-1, A5-2).
|
||||
|
||||
## 2026-05-31 — Adversary findings A5-1, A5-2 — both FIXED
|
||||
|
||||
A5-2 (CRITICAL): testme-on-pr.sh cannot read verdicts — bridge never posts commit statuses.
|
||||
- Root cause: bridge only posts PR comments; testme-on-pr.sh reads Gitea commit statuses.
|
||||
- Fix: Added `post_commit_status()` to bridge.py. Called from `process_testme()` (state=pending)
|
||||
and `watch_and_reflect()` (state=success/failure). Commit `5d48436`.
|
||||
- Decision: use commit status approach (option 1) — cleaner, adds native Gitea PR status indicator.
|
||||
Recorded in DECISIONS.md.
|
||||
|
||||
A5-1: custom-html-tiny not in bridge poll list.
|
||||
- Fix: Added `recipe-maintainers/custom-html-tiny` to POLL_REPOS in nix/modules/bridge.nix.
|
||||
Commit `5d48436`.
|
||||
- Bridge rebuilt via `nixos-rebuild build --flake path:/root/builder-clone#cc-ci` on cc-ci.
|
||||
- Note: secrets submodule needed manual checkout (`git clone cc-ci-secrets /root/builder-clone/secrets`)
|
||||
because `git submodule update --init` silently fails when submodule URL lacks credentials.
|
||||
- Bridge redeployed via `/nix/store/asn4.../cc-ci-reconcile-bridge`, new image `cc-ci-bridge:3761c4221042`.
|
||||
- Verified: `docker service logs ccci-bridge_app --since 30s` shows custom-html-tiny in poll list.
|
||||
|
||||
Next: re-post !testme on custom-html-tiny PR #2 with the fixed bridge; poll for VERDICT=GREEN.
|
||||
|
||||
Reference in New Issue
Block a user