recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,188 Commits 19 Branches 1 Tag
2c4fdddd33095ace0381b25e1b1de9709060ebb2
Commit Graph

1188 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
autonomic-bot
2c4fdddd33 status(regall): batch 3 DONE (custom-html/mailu/mattermost-lts L5); batch 4 IN FLIGHT (ghost/immich/lasuite-docs trivial PRs created + !testme)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 02:14:09 +00:00
autonomic-bot
2db9c8bb00 review(regall): batch 3 all L5 (custom-html/mailu/mattermost-lts); BP-5 previous/ overlay scoping correct
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details 
Cold-verified from results.json + Drone logs:
- custom-html (737): L5 all pass
- mailu (738): L5 upgrade=pass (A-regall-1 risk clear), backup_restore=skip (expected)
- mattermost-lts (739): L5 all pass

BP-5: custom-html build 737 log confirms kind=ref main-tip, no previous/ overlay applied.
prevb previous/ mechanism correctly scoped to UPGRADE_BASE_VERSION recipes only.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-17 02:13:07 +00:00
autonomic-bot
dc086ecb70 review(regall): batch 2 closed all L5; batch 3 partial (custom-html L5, mailu L5 upgrade=pass, mattermost-lts running)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Cold-verified from results.json:
- mumble (732): L5 all pass
- custom-html (737): L5 all pass
- mailu (738): L5 upgrade=pass (A-regall-1 corrected baseline — regression risk clear), backup_restore=skip (expected)
- mattermost-lts (739): still running

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-17 02:11:40 +00:00
autonomic-bot
12741fceee status(regall): batch 2 DONE (lasuite-meet/n8n/mumble L5); batch 3 IN FLIGHT (custom-html/mattermost-lts/mailu)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 02:08:52 +00:00
autonomic-bot
bc4eeaa6b5 review(regall): A-regall-1 CLOSED; BP-3 !testmexyz rejected; BP-4 dashboard clean; batch-2 partial (lasuite-meet/n8n L5)
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details
2026-06-17 02:07:36 +00:00
autonomic-bot
7c6134a773 fix(regall): correct mailu baseline upgrade=pass (A-regall-1); consume Adversary inbox; batch 2 in flight
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 02:05:42 +00:00
autonomic-bot
4ad3c9d907 review(regall): BP-1 baseline verified (A-regall-1: mailu upgrade=pass not skip); BP-2 upgrade-base=main-tip confirmed; batch-1 all L5
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 02:04:48 +00:00
autonomic-bot
d809167c84 status(regall): batch 1 DONE (drone/gitea/matrix-synapse L5); batch 2 IN FLIGHT (mumble/lasuite-meet/n8n)
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details
2026-06-17 02:03:21 +00:00
autonomic-bot
fc3ed2834b review(regall): Adversary live; orientation + batch-1 partial results recorded (drone/matrix-synapse L5✓, gitea running)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 02:01:26 +00:00
autonomic-bot
a54a27837e status(regall): batch 1 IN FLIGHT — drone/gitea/matrix-synapse !testme triggered
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:58:20 +00:00
autonomic-bot
4d54123d03 chore(regall): bootstrap phase state (STATUS/BACKLOG/REVIEW/JOURNAL-regall)
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details
2026-06-17 01:56:27 +00:00
autonomic-bot
b6f526a22d status(prevb): ## DONE — M1+M2 Adversary-verified PASS (no VETO); dynamic base + previous/ + discourse PR#4 real-CI GREEN (official 3.5.3 migration tested)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:51:04 +00:00
autonomic-bot
1c3ba71b04 review(prevb): M2 PASS — discourse #4 !testme GREEN in real CI (Drone 717, live-image teeth=official 3.5.3, lint non-gating); 3 spot-checks + own cryptpad re-run confirm dynamic base; public surface secret-clean; nothing merged. Both M1+M2 PASS, no VETO → Builder may DONE
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:50:01 +00:00
autonomic-bot
e8a0037d85 defer(prevb): file F-prevb-C (mint_admin ApiKey in access-controlled RAW log; pre-existing, low-sev, out of scope)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:49:56 +00:00
autonomic-bot
19c9c3edcf review(prevb): M2 cold-verify IN FLIGHT — discourse #4 !testme GREEN confirmed via gitea API (Drone 717, real live-image teeth, lint=non-gating rung); 3 spot-checks dynamic-base confirmed; my own cryptpad re-run in flight
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:48:41 +00:00
autonomic-bot
71399f65d1 claim(prevb): M2 — discourse PR#4 !testme GREEN in real CI (Drone 717, all 5 tiers, head=official 3.5.3); 3 spot-checks green under dynamic base
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:40:19 +00:00
autonomic-bot
a0de5b196d status(prevb): B7 DONE — discourse PR#4 !testme GREEN in real CI (Drone 717, all 5 tiers); launching hedgedoc spot-check
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:36:44 +00:00
autonomic-bot
59338e9fc4 journal(prevb): all 5 discourse tiers green locally (custom mint_admin fixed); posting !testme for B7
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details
2026-06-17 01:26:53 +00:00
autonomic-bot
b66abc4978 fix(prevb): discourse custom mint_admin image-agnostic (official /var/www/discourse + DB-password re-export; bitnami fallback)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
The custom tier runs on the PR head — now genuinely the official discourse/discourse image (prevb
stopped the overlay reverting it to bitnamilegacy). mint_admin hardcoded /opt/bitnami/discourse (404 on
official) → create-topic roundtrip failed. Detect /var/www/discourse, re-export DISCOURSE_DB_PASSWORD
from /run/secrets (entrypoint exports it only for boot), run bin/rails; keep bitnami fallback.
 2026-06-17 01:20:41 +00:00
autonomic-bot
55d638026f status(prevb): M1 PASS recorded; starting M2 (full local discourse run → !testme)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:06:32 +00:00
autonomic-bot
dbc7a3b6ea review(prevb): M1 PASS — dynamic base (main-tip fallback live), previous/ base-only, overlay separated, head=official 3.5.3; TEETH: broken head → upgrade RED; clean teardown; no test weakened
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:03:45 +00:00
autonomic-bot
ad8d9f4713 review(prevb): M1 e2e GREEN confirmed cold (head=official 3.5.3, sidekiq dropped, clean teardown); break-it re-launched after SIGTERM
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 01:00:44 +00:00
autonomic-bot
8c286bff60 docs(prevb): update recipe-customization/testing/runbook for dynamic base + previous/ (drop stale recipe_versions[-2] model)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:46:03 +00:00
autonomic-bot
0cf70b67b9 journal(prevb): 3 green spot-checks under dynamic base (cryptpad/keycloak incl master-fallback); parking at M1 gate
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:43:17 +00:00
autonomic-bot
22f597c0fa recon(prevb): M1 cold acceptance in flight — base=main-tip ref confirmed; concurrent keycloak run isolated
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:42:34 +00:00
autonomic-bot
bb79e9140e claim(prevb): M1 — dynamic base + previous/ + discourse migration; discourse upgrade GREEN locally (head=official 3.5.3, sidekiq pruned)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:37:23 +00:00
autonomic-bot
e1b32ea650 fix(prevb): prune orphan services on upgrade redeploy (head's dropped services); re-add EXPECTED_NA-other-rung test; consume Adversary inbox
All checks were successful
continuous-integration/drone/push Build is passing
Details 
docker stack deploy doesn't prune services the head compose dropped (discourse PR#4 drops sidekiq),
leaving them orphaned on the base image. perform_upgrade now reconciles the live stack to the head
compose service set (lifecycle.prune_orphan_services). Makes the deployed stack faithfully reflect
the head — no test weakened. No-op when service sets match / compose unresolvable.
 2026-06-17 00:29:00 +00:00
autonomic-bot
7f3e7c26f6 recon(prevb): M1 code pre-review (sound; 63 prevb unit tests pass cold) + builder heads-up (pre-existing red test)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:27:06 +00:00
autonomic-bot
37cacf0f09 journal(prevb): M1 code green (unit+lint); discourse main-tip e2e in flight
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:20:39 +00:00
autonomic-bot
bb2e3c6b2c feat(prevb): dynamic upgrade base (last-green→main→skip) + per-recipe previous/ overlay; migrate discourse off static base + leaky overlay
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- resolve_upgrade_base: BasePlan(kind=version|ref|skip); last-green (warm canonical) primary,
  main-tip fallback, declared skip else. UPGRADE_BASE_VERSION retained as optional override.
- deploy_app: base_ref path (chaos-deploy a main-tip/last-green commit) + apply_previous wiring.
- lifecycle: previous/ surface (has_previous, previous_target_version, previous_status decision,
  provide/remove overlay, compose_file add/remove, recipe_branch_commit, stack_service_names).
- generic.perform_upgrade: strip previous/ overlay + COMPOSE_FILE entry before head redeploy.
- discourse: compose.ccci.yml now environmental-only (order: stop-first); removed bitnamilegacy
  pins + sidekiq + UPGRADE_BASE_VERSION; test_upgrade.py asserts head image == official 3.5.3 + no sidekiq.
- unit tests: resolve_upgrade_base matrix + previous/ apply/skip/stale + COMPOSE_FILE layering.
 2026-06-17 00:15:06 +00:00
autonomic-bot
1090abb97a recon(prevb): independently cold-verified discourse PR#4 head/main image facts (confirmed)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:10:57 +00:00
autonomic-bot
423ebcbcbc chore(prevb): bootstrap phase state + settled dynamic-base/previous decisions
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-17 00:04:43 +00:00
autonomic-bot
7517c4f58c review(prevb): Adversary live; baseline recon recorded; awaiting M1 claim
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-16 23:58:23 +00:00
autonomic-bot
778720ce1b claim(gtea): M2 PASS + ## DONE — all DoD verified by Adversary
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is failing
Details 
Build #695 (RECIPE=gitea PR=1 REF=357926f26e69): level=5/5, test_lfs_roundtrip PASS (18s).
Build #692 (RECIPE=drone REF=main): level=5/5, dep path confirmed.
All 6 M2 DoD conditions met per Adversary REVIEW-gtea.md @2026-06-15T22:10Z.

Phase gtea complete. Gitea enrolled as a fully-tested recipe with LFS PR verified.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 22:04:15 +00:00
autonomic-bot
90522ee560 review(gtea): M2 ADVERSARY PASS @2026-06-15T22:10Z
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Build #695 (gitea PR=1 REF=357926f26e69): level=5, all stages PASS, test_lfs_roundtrip
PASS (18s) — LFS roundtrip verified in real CI on lfs-plain-gitea PR #1.
Build #692 (drone dep path PR=0 REF=main): level=5, drone recipe unaffected.
Build #684 (gitea main PR=0): level=5 (verified in prior round).
cc-ci self-test lint green. Unit tests 53/53. no_secret_leak in all runs.

Also records build #691 FAIL finding: STACK_NAME not in .env (fixed in ad53b5a).

Gate M2: ADVERSARY PASS.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 22:02:46 +00:00
autonomic-bot
89c2d70acf journal(gtea): Blocker 4 fix + STACK_NAME discovery + ruff cleanup
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-15 21:57:47 +00:00
autonomic-bot
ad53b5a620 fix(gtea): derive STACK_NAME from domain (dots→underscores) in UPGRADE_SECRET_PREP
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details 
abra does NOT write STACK_NAME to the app's .env file — it derives it at runtime
by replacing dots with underscores (e.g. gite-e1cb78.ci.commoninternet.net →
gite-e1cb78_ci_commoninternet_net). Build #691 failed with 'STACK_NAME not found'
because the env file read was looking for a key that doesn't exist.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:56:44 +00:00
autonomic-bot
6dd79eac0c status(gtea): Blocker 4 fixed; builds #691/#692 in flight
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-06-15 21:54:37 +00:00
autonomic-bot
2d865f06cb fix(gtea): ruff format + check all gtea files and bridge.py
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details 
Clears cc-ci self-test lint failures:
- ruff format: 9 files reformatted (all gtea test files + test_discovery.py)
- ruff check --fix: bridge.py UP017 (datetime.UTC alias) + 6 gtea check errors
- manifest.py B007: rename unused loop variable path → _path (no auto-fix available)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:52:01 +00:00
autonomic-bot
d832b353e4 fix(gtea): UPGRADE_SECRET_PREP hook — pre-insert lfs_jwt_secret with correct 43-char format
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Blocker 4 fix: abra `secret generate --all` uses .env.sample for length hints; the
lfs-plain-gitea PR has SECRET_LFS_JWT_SECRET_VERSION=v1 COMMENTED OUT, so abra produces
a wrong-length secret. gitea requires exactly 43 chars (32 bytes base64 URL-safe); wrong
length → gitea fatals trying to save the JWT secret to the read-only Docker Config
app.ini → health check fails → swarm rolls back.

Fix: new UPGRADE_SECRET_PREP hook (meta.py) called before `abra secret generate --all`
in the upgrade path. abra's `--all` is idempotent (skips existing secrets), so the
correctly pre-inserted secret survives. gitea's recipe_meta.py implements the hook using
`docker secret create` directly to guarantee correct format regardless of .env.sample.

Also consumes machine-docs/BUILDER-INBOX.md (Adversary Blocker 4 digest).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:46:28 +00:00
autonomic-bot
1efab2e1e6 review(gtea): M2 re-verify — #684 PASS, #685 FAIL (LFS upgrade rollback blocker)
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Build #684 (RECIPE=gitea REF=main PR=0): PASS level=5 — all tiers pass, LFS correctly
SKIP on main, HC1 SHA match (e6a1cc79=e6a1cc79). M2 main-branch DoD MET.

Build #685 (RECIPE=gitea PR=1 REF=357926f26e69): FAIL level=1 — new critical blocker:
upgrade chaos redeploy to PR head with compose.lfs.yml fails with rollback_completed.
Root cause: lfs_jwt_secret generated by abra --all with wrong length/format because
.env.sample in PR #1 has `SECRET_LFS_JWT_SECRET_VERSION=v1 # length=43` COMMENTED OUT.
Gitea starts but fails health check on bad JWT secret → Docker swarm rolls back.

Also filed: cc-ci self-test lint failures (9 ruff format violations in gtea files),
drone dep path not re-verified via live CI since a121d2c.

M2 still NOT claimable — Builder must fix lfs_jwt_secret generation and re-trigger #685.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:30:42 +00:00
autonomic-bot
1d6d93fca8 journal(gtea): M2 root cause analysis + fix details
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:04:51 +00:00
autonomic-bot
85f3bb34fa status(gtea): CI runs #684/#685 triggered (correct param format)
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:04:12 +00:00
autonomic-bot
304b2f5cbd status(gtea): M2 blockers fixed; CI builds #681/#682 in flight
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is failing
Details 
- Consumed BUILDER-INBOX (M2 blockers from Adversary @20:50Z)
- Fixed all 3 blockers in commit a121d2c:
  1. LFS test fails: UPGRADE_EXTRA_ENV + secret generation in upgrade path
  2. REF=main HC1 fail: always use git SHA for head_ref
  3. Stale creds 401s: delete creds file in pre_install
- Unit tests: 53/53 pass
- Retriggered: build #681 (main) and #682 (PR #1 lfs-plain-gitea)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:03:05 +00:00
autonomic-bot
a121d2c069 fix(gtea): fix M2 blockers — LFS upgrade and REF=main HC1
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is failing
Details 
Blocker 1 (LFS roundtrip fails on PR #1):
- Add UPGRADE_EXTRA_ENV to gitea recipe_meta.py — after PR-head checkout
  (compose.lfs.yml now in ABRA_DIR), add compose.lfs.yml to COMPOSE_FILE
  and set SECRET_LFS_JWT_SECRET_VERSION=v1 so the upgrade chaos redeploy
  actually runs with LFS enabled. Without this, the base install checks out
  the 3.5.x tag (compose.lfs.yml removed), EXTRA_ENV sees no LFS, and the
  upgrade chaos redeploy inherits the no-LFS .env — so the LFS test runs
  (compose.lfs.yml is restored by recipe_checkout_ref) but LFS is off.
- Add abra.secret_generate(domain) in generic.perform_upgrade when
  upgrade_env is non-empty — generates lfs_jwt_secret before chaos redeploy.

Blocker 2 (REF=main upgrade fails HC1):
- Always use recipe_head_commit (git rev-parse HEAD) for head_ref instead
  of using ref directly. When ref="main" (a branch name), the HC1 commit
  check "head_ref.startswith(chaos_commit)" always fails since "main" ≠ SHA.
  recipe_head_commit returns the actual SHA after the fetch/checkout.

Side-fix (stale creds — build #675):
- ops.py pre_install: delete the per-domain creds file before calling
  _ensure_admin. A fresh install wipes gitea's DB; any creds file from a
  prior run on the same domain is stale and causes 401s in all API calls.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 21:01:21 +00:00
autonomic-bot
05bf5d5264 review(gtea): file M2 blockers to Builder-INBOX — LFS deploy + upgrade-REF=main
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Two critical issues prevent M2: (1) lfs_jwt_secret not generated via disk .env → LFS disabled in
container; (2) upgrade tier fails when REF=main. Details + fix hints in BUILDER-INBOX.md.
 2026-06-15 20:53:34 +00:00
autonomic-bot
f85e54b155 review(gtea): M2 pre-verify — two critical blockers filed @2026-06-15T20:50Z
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Run 674 (main): upgrade FAIL ("not intended PR-head"); run 676 (PR#1 LFS): test_lfs_roundtrip
fails at git-push batch endpoint (LFS not enabled in deployed container). Builder must fix before M2.
 2026-06-15 20:52:56 +00:00
autonomic-bot
ffb34dfcfa chore(gtea): M1 PASS recorded; M2 builds #675 #676 in flight
Some checks failed
continuous-integration/drone/push Build is failing
Details 
M1: ADVERSARY PASS @20:32Z (a106036).
M2:
- Bridge POLL_REPOS now includes recipe-maintainers/gitea (86deceb)
- Build #675: Drone direct trigger RECIPE=gitea REF=main PR=0 (real CI on main)
- Build #676: !testme on PR #1 (lfs-plain-gitea head, LFS capstone)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 20:35:47 +00:00
autonomic-bot
a10603638a review(gtea): M1 ADVERSARY PASS @2026-06-15T20:32Z
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is failing
Details 
level=5/5 verified; 53/53 unit tests PASS (Adversary cold run from adv-clone);
code review: all test hooks have teeth; dep path correct; LFS skip correct.
One non-blocking finding: stale screenshot (pre-existing harness bug, manual run_id reuse).
 2026-06-15 20:32:56 +00:00
autonomic-bot
86deceb36f feat(gtea): add recipe-maintainers/gitea to bridge POLL_REPOS
Some checks failed
continuous-integration/drone/push Build is failing
Details 
Prerequisite for M2: enables the bridge to pick up !testme comments
on gitea recipe PRs (PR #1 lfs-plain-gitea) and post results back.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-06-15 20:32:22 +00:00