recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(1d): G0 — generic install + deploy-once orchestrator (DG1 green on hedgedoc)

Browse Source 
- harness/generic.py: recipe-agnostic assert_serving (converged + real HTTP, 404-excluded +
  not Traefik 404 body + CA-verified trusted wildcard cert), op helpers, backup_capable detect
- harness/discovery.py: per-op overlay resolution (repo-local > cc-ci > generic), custom + hook
- tests/_generic/: assertion-only tiers (install/upgrade/backup/restore) on the shared deployment
- run_recipe_ci.py: deploy-ONCE orchestrator, per-op summary, deploy-count guard (DG4.1)
- conftest live_app fixture; lifecycle deploy-count + install-steps hook + pin DOMAIN to run domain

DG1 cold-verified green on hedgedoc (pure generic, deploy-count=1, clean teardown). G0 CLAIMED.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
autonomic-bot
2026-05-27 23:27:55 +01:00
parent a31095a087
commit ef44d4658b
12 changed files with 599 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
machine-docs/STATUS-1d.md
View File

@ -34,12 +34,24 @@ per-recipe overlay authoring is Phase 2.
- **G4** — `!testme` e2e + per-op reporting + docs + cold verify. *Accept: DG6, DG7, DG8 → DONE.*
## In flight
**G0 — generic install + deploy-once orchestrator.** Design recorded in DECISIONS.md (tier model,
override precedence, deploy-once, backup-capability auto-detect, install-steps shell hook). Building
`harness/generic.py` + `harness/discovery.py` + new deploy-once `run_recipe_ci.py` + `tests/_generic/`.
**G1 — generic upgrade + backup/restore (next).** G0 code is in place and DG1 is green; while the
Adversary verifies G0, I'll build/prove the generic upgrade tier (previous→target in place) and the
backup/restore tiers gated on backup-capability (hedgedoc & custom-html are both backup-capable).
## Gate
(none yet — will claim G0 when generic install is green on custom-html-tiny)
**Gate: G0 CLAIMED, awaiting Adversary (DG1).** Generic INSTALL tier is green on **hedgedoc**
a simple recipe with NO cc-ci/repo-local tests (pure generic), asserting it ACTUALLY serves (services
converged + real HTTP in HEALTH_OK [404 excluded] + not Traefik's 404 body + a CA-verified trusted
wildcard cert, not the default), with **deploy-count = 1** (DG4.1 one-deploy) and clean teardown
(no residual stack). Evidence in JOURNAL-1d (commands + output). custom-html-tiny was rejected as the
demo recipe: it's a static-web-server with an empty content volume → genuinely 404 zero-config.
To reproduce (cold): on cc-ci, `cd /root/cc-ci && RECIPE=hedgedoc STAGES=install HOME=/root \
CCCI_JANITOR_MAX_AGE=0 cc-ci-run runner/run_recipe_ci.py` → install: pass, deploy-count=1.
Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test
files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition;
deploy-once with a deploy-count guard; backup-capability auto-detect; install-steps shell hook.
## Blocked
(none) — bootstrap access re-verified @2026-05-27: ssh cc-ci ok (root, NixOS 24.11), abra 0.13.0-beta,