install 2 passed on host (~2.7m): synapse client API 200 + real versions JSON, no extra config
(SYNAPSE_SERVER_NAME=DOMAIN). upgrade/backup author postgres-marker assertions exercising the
recipe's pg_backup.sh dump/restore hook (the meaningful matrix data path); verifying next.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
backup-bot-two's .env.sample ends with a newline-less comment, so set_env's bare
append concatenated RESTIC_REPOSITORY onto it (commenting it out). The backupbot
container then lacked RESTIC_REPOSITORY and 'abra app backup create' KeyError'd —
breaking the backup stage for recipes without a custom backup hook (cryptpad).
set_env now ensures a trailing newline before appending (applied to drone.nix too,
same latent bug). Re-verify keycloak backup, which earlier passed off an older deploy.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds a shared-harness EXTRA_ENV mechanism (recipe_meta.py dict or domain-callable),
applied in deploy_app at every deploy path — no per-recipe harness surgery (D5).
cryptpad uses it for its required distinct SANDBOX_DOMAIN. Tests assert data
survival via a marker file in the backed-up cryptpad_data volume (exec_in_app,
since cryptpad data isn't HTTP-served).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Two fixes surfaced by the first real recipe-ci run through Drone:
- abra app backup/restore now pass -C -o (current checkout, no remote fetch) like
every other recipe-touching call — without -o they fetch recipe tags from the
(private) remote and fail 'authentication required: Unauthorized'.
- fetch_recipe's catalogue path rm's the recipe dir first so a leftover private-mirror
remote from a prior SRC+REF run can't poison version resolution / backup.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The exec runner sets HOME to a per-build workspace, leaving ~/.abra empty
(FATA directory is empty: .../home/drone/.abra/servers). Force HOME=/root in the
step so abra and the harness's ~/.abra/recipes resolve to the real config, as the
manual runs did. Safe at capacity=1 (no concurrent build shares /root/.abra).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Splits .drone.yml into a push-triggered self-test pipeline and a custom-triggered
recipe-ci pipeline. The bridge fires event=custom builds with RECIPE/REF/PR/SRC
params; recipe-ci runs the shared harness (install/upgrade/backup + recipe-local)
with STAGES set and CCCI_JANITOR_MAX_AGE=0 (safe at capacity=1), concurrency limit 1.
Connects the verified !testme trigger to actual recipe CI (D2/D10 path).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bound live test apps on the single 28GiB node. DRONE_RUNNER_CAPACITY=1 (MAX_TESTS)
caps concurrent builds; Drone auto-queues the rest natively. deploy-drone reconcile
sets the cc-ci repo build timeout to 60m (best-effort PATCH, non-fatal) so a hung
build is killed and frees its slot. Janitor remains the backstop for SIGKILL'd builds.
Verified on host: DRONE_RUNNER_CAPACITY=1; repo timeout=60 via Drone API.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Polling is now the primary, read-only trigger (always-on thread); the /hook
webhook is an optional admin-registered push optimization deduped by comment id.
Authorize commenters via GET /orgs/{owner}/members/{user} (204, read-level) +
optional allowlist, replacing the admin-requiring /collaborators permission
endpoint. Bot never self-registers webhooks. Enroll = POLL_REPOS + tests/<recipe>/.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
D4 snapshots recipe-shipped tests/ and runs them against the live app. abra -C -o
everywhere + token clone for private mirror PRs. keycloak install green with no
harness surgery (D5). docs/enroll-recipe.md.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
keycloak+mariadb deployed via only tests/keycloak/recipe_meta.py + test_install.py
(realm health + Playwright admin login). Proves recipe-agnostic enrollment (D5).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Recipe-agnostic harness (no surgery to enroll a recipe): recipe_meta.py for
health path/codes/timeouts; run_recipe_local discovers + runs recipe-shipped
tests/ against the live app. install non-regressed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
teardown_app now docker-stack-rm fallback, removes .env only after stack gone,
retries volume rm, and verifies no residual (raises TeardownError). janitor matches
the real <recipe[:4]>-<6hex> scheme + reaps env-less orphans via docker. Verified.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
3-stage run green (install/upgrade/backup), clean teardown. backupbot deployed
via reconcile oneshot; PTY (script) for abra backup/restore; -m for secret generate
(no value leak). M5 CLAIMED.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Bridge healthz 200 over public DNS; HMAC verified. Gitea sends no deliveries
(suspect webhook host allowlist). Recorded in STATUS Blocked + operator options.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Orchestrator decision: deploy canonical coop-cloud traefik via abra instead of a
hand-rolled module. abra packaged in Nix (pinned). custom-html deployed over HTTPS
(200) via the gateway and torn down clean. docs/install.md seeded.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Host decrypts /run/secrets/test_secret via its ssh host key (age identity);
off-box master recovery recipient. sops-nix pinned to a buildGoModule-era rev
for nixpkgs 24.11 compat.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
