recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
136 Commits 19 Branches 1 Tag
ee585ef6b445f4e1a7f2b05cbd0afef51ab1f08f
Commit Graph

136 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
autonomic-bot
ee585ef6b4 1c/E2E-TESTME: bootstrap-drone-oauth.sh handles OAuth auto-approve (re-auth: no consent form -> follow 302 callback)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Found during the e2e: when the bot already granted the shared Drone OAuth app, Gitea 302s straight to
the code callback (no consent form), so the consent-form parse yielded empty _csrf/state and set -e
aborted. Now: if authorize returns a Location, use it directly; else POST the consent form.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:21:47 +01:00
autonomic-bot
b74a59ea08 1c/E2E-TESTME: swap ACTIVE — public gateway → rebuilt VM (P1/P2 verified); recording reversible state + swap-back steps
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:18:49 +01:00
autonomic-bot
7f8a4304fd 1c: Gate W4 PASS (Adversary cold, C1-C5); proceeding to swap + E2E-TESTME
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:15:25 +01:00
autonomic-bot
40c50545f1 review(1c): heads-up for Builder e2e — dual-bridge double-trigger risk in swap window; recommend pausing original's bridge during E1-E6
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 19:13:52 +01:00
autonomic-bot
446f326a1e review(1c): W4/C4/C5 PASS COLD — independent throwaway rebuild: blank VM+2 repos+1 age key -> single switch -> ld19aj2 byte-identical, 0 failed, 6/6 stacks, cert+TLS from git (leaf 57:8D:67). VM ccci-w5-rebuild@100.97.167.73 recorded for Builder swap. D8 honest (Phase-1 'infeasible' superseded)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 19:12:47 +01:00
autonomic-bot
d22abe45ca 1c/E2E-TESTME: clarify actor/critic — Builder swaps Adversary's W5 VM (ccci-w5-rebuild) after W5 PASS + recorded IP; Adversary doesn't rename
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 19:06:51 +01:00
autonomic-bot
f02a2b255c 1c/E2E-TESTME: Builder owns the tailnet swap end-to-end (no signal); record swap steps + execution watch-outs
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:58:24 +01:00
autonomic-bot
b54ea6de54 1c/W5.5: point to authoritative E2E-TESTME spec (E1-E6); orchestrator-signal-gated
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:48:26 +01:00
autonomic-bot
ffd4565e73 1c: add operator-gated functional-acceptance e2e (W5.5) — real !testme via public gateway after VM promotion
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:46:50 +01:00
autonomic-bot
232b35e32b 1c/C6: operator override — keep FINAL W5 throwaway (promote -> cc-nix-test); defer teardown
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:40:47 +01:00
autonomic-bot
70f108d2fa 1c/W4 DONE: genuine throwaway-VM live rebuild (single switch, 0 failed, byte-identical, TLS leaf==git cert); Gate W4 CLAIMED + install.md updated
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:37:02 +01:00
autonomic-bot
a7600346b1 1c/W4: status — cc-ci on ld19aj2 (final); fresh throwaway booting for single-switch C4 proof
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:09:38 +01:00
autonomic-bot
d8aa7578d4 1c/W4: cc-ci on ld19aj2 (byte-identical); throwaway TLS leaf-match == git cert (C4 cert proof)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 18:06:28 +01:00
autonomic-bot
5cb0bccdfc 1c/W4: throwaway reproduces cc-ci byte-identical + recovery-key decrypt; abra race found+fixed (serialized reconcilers)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:59:39 +01:00
autonomic-bot
7563d47228 1c/W4: serialize abra reconcilers (proxy->drone->bridge->dashboard->backupbot)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
On a FRESH host the reconcile oneshots ran abra concurrently against an uninitialised ~/.abra and
raced on catalogue/recipe init, leaving deploy-proxy/deploy-drone failed after a blank-VM rebuild
(observed on the W4 throwaway). Ordering-only `after` chain serializes them so a single
nixos-rebuild switch converges. Logically correct too (all need the proxy/abra state first).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:57:25 +01:00
autonomic-bot
b73307908d review(1c): C1 refresh — byte-identical against new keyFile config (izsmiajw==running, zero drift); supersedes vh6vwxbl
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 17:57:18 +01:00
autonomic-bot
24fe11a98e 1c/W4: Step A done (cc-ci on keyFile config, izsmiajw byte-identical); Step B throwaway rebuild in flight 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:36:27 +01:00
autonomic-bot
dd710a6f56 review(1c): set C4/W5 TLS verification standard — domain=ci.commoninternet.net (not ci2), SNI+--resolve on fresh VM, leaf fingerprint must match git cert
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 17:30:08 +01:00
autonomic-bot
195cc30ead 1c/W4: record orchestrator C4 TLS-verification approach (local --resolve on throwaway)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:29:00 +01:00
autonomic-bot
9cc678853b 1c/W4: add sops.age.keyFile for bootstrap age key (recovery key on clones; host-derived on cc-ci)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
cc-ci /var/lib/sops-nix/key.txt provisioned = host-derived age key (pub == &host recipient), so
adding keyFile is safe (sops-install-secrets aborts if a configured keyFile is missing).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:24:39 +01:00
autonomic-bot
228b930a96 review(1c): corroboration — sops cert re-decrypts byte-identically at boot after W1 resize-reboot (strengthens C2)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 17:24:00 +01:00
autonomic-bot
8b410dcce1 1c/W3 DONE: throwaway reachable (100.126.124.86); keyFile-missing-aborts finding -> W4 design locked
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:21:21 +01:00
autonomic-bot
dc81c16b9d 1c/W3: throwaway VM created (booting); W4 design notes (keyFile/recovery-key, tailnet, bridge)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 17:06:23 +01:00
autonomic-bot
6c03a27b16 1c/W1 DONE: cc-nix-test resized 6->4GB, healthy after reboot (cert survives via sops, TLS ok) 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:59:49 +01:00
autonomic-bot
60bd291ce1 1c: W2 PASS (Adversary, C1/C2/C3 cold); proceeding to W1/W3/W4
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:54:23 +01:00
autonomic-bot
95ac37c7bd review(1c): W2 PASS cold — byte-identical build==running (vh6vwxbl), cert sops-from-git + live TLS leaf-match, no plaintext leak; C1/C2/C3 Adversary-PASS
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 16:52:14 +01:00
autonomic-bot
0633aa7e7f 1c: W3 recon (incus/b1 RAM facts) while parked at Gate W2
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:48:39 +01:00
autonomic-bot
faa3709084 1c/W2a DONE: secrets-split + cert-in-git deployed to live cc-ci; Gate W2 CLAIMED
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Submodule mount, cert sops-decrypted to /var/lib/ci-certs/live (sha256 verified), byte-identical
build==running (vh6vwxbl), git-clone+?submodules=1 reproduces it, live TLS valid.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:47:16 +01:00
autonomic-bot
f79e542149 1c/W2a: mount cc-ci-secrets as submodule at secrets/; cert+key now sops-decrypted to /var/lib/ci-certs/live
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- secrets/ is now the private cc-ci-secrets repo (submodule). defaultSopsFile path unchanged.
- secrets.nix: add wildcard_cert/wildcard_key sops secrets -> path=/var/lib/ci-certs/live/*.
- proxy.nix: cert is sops-from-git, not an operator file drop (reframed; FATAL guard kept as decrypt-path check).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:32:10 +01:00
autonomic-bot
c36052021c review(1c): interim probe — cc-ci-secrets private + all 8 secrets ENC (cert+key in sops, 0 plaintext); byte-identical/TLS pending W2 gate
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 16:23:17 +01:00
autonomic-bot
e746f37676 review(1c): pre-W2 cold baselines (running-system toplevel, cert hashes, clean-base grep); W2 scrutiny checklist
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 16:22:08 +01:00
autonomic-bot
f972bc1dc4 1c/W2: cc-ci-secrets repo created + populated (cert+infra in sops, verified)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:16:58 +01:00
autonomic-bot
8e2357e5bf 1c: bootstrap Phase 1c loop state (STATUS/BACKLOG/JOURNAL-1c) + decisions (submodule linkage, recovery-key bootstrap)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 16:06:26 +01:00
autonomic-bot
be37eccd31 review(1c): Adversary ledger seeded; cold baseline (system healthy pre-refactor; Builder has not begun 1c)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 16:02:13 +01:00
autonomic-bot
492fa231cb review: Adversary sign-off — DONE confirmed by cold check (all D1-D10 PASS <24h, no VETO, system healthy, 6/6 dashboard, 0 orphans); loop terminating
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 12:13:12 +01:00
autonomic-bot
1c10fa52e1 ## DONE — all D1-D10 Adversary-PASS <24h, no VETO, handshake cleared
All checks were successful
continuous-integration/drone/push Build is passing
Details 
cc-ci recipe CI server complete. Loop stopped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 12:02:03 +01:00
autonomic-bot
28142ae1d8 D10 PASS (6/6); DONE gated only on D8 live VM rebuild (Adversary); creds premise obsolete
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 12:00:57 +01:00
autonomic-bot
d4f8dc5093 review: D8 PASS (byte-identical build==running; throwaway-VM live rebuild infeasible by design—documented); DONE-readiness: all D1-D10 PASS <24h, no VETO
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 12:00:46 +01:00
autonomic-bot
be610b297a review: D10 PASS 6/6 — lasuite #108 corroborated (real !testme, upgrade genuinely converged+data survived, not -c-hollowed)
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 11:58:39 +01:00
autonomic-bot
48b485acf8 STATUS: M8/D7, D8-core, D9 PASS landed; only D10 verification left for DONE
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 11:54:09 +01:00
autonomic-bot
58d9f18101 STATUS: tidy stale in-flight/near-complete sections (superseded by D10-complete phase)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 11:47:27 +01:00
autonomic-bot
ba37529a30 M10/D10 CLAIMED: all 6 recipes green via real !testme (lasuite #108 via -c fix); blockers cleared
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 11:46:58 +01:00
autonomic-bot
c9087fde20 review: scrutinized lasuite -c (no-converge-checks) — NOT a softening (harness still verifies convergence+health+data); empirical green still required
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 11:46:25 +01:00
autonomic-bot
575efb5054 fix: abra app upgrade -c (no-converge-checks) — abra false-fails slow heavy rolling upgrades
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is passing
Details 
Diagnosed via instrumented diag: lasuite-docs upgrade reported 'FATA deploy failed' while all 9
services converged 1/1 — abra's convergence poll gives up too early on the slow stop-first roll
(pulling new images). Disable abra's check; the harness wait_healthy + data-survival assertion is
the real, more-patient gate (a genuine failure still fails the test: app never gets healthy).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 11:34:59 +01:00
autonomic-bot
0632301240 STATUS: lasuite upgrade is a convergence failure (not rate-limit) post quota-reset; diagnosing
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 11:29:01 +01:00
autonomic-bot
78250bc8ce review: D9 PASS — docs complete + accurate (architecture/enroll/runbook/secrets/install/README) vs verified reality
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone Build is failing
Details
2026-05-27 10:49:18 +01:00
autonomic-bot
6bd6061653 review: M9/D8 reproducibility core PROVEN (clean build == running, zero drift; docs complete); live blank-VM rebuild pending registry creds
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 10:48:24 +01:00
autonomic-bot
288cdeeb47 review: close A2 (live: default janitor spares fresh orphan; janitor(0) reaps env-less orphan via reconstruction) — all A1-A4 closed
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 10:44:00 +01:00
autonomic-bot
4b204930a3 review: D10 5/6 VERIFIED via real !testme (3-stage green + outcome-reflected); 6th (lasuite upgrade) blocked on registry creds
All checks were successful
continuous-integration/drone/push Build is passing
Details
2026-05-27 10:41:29 +01:00
autonomic-bot
6232d2649c STATUS: feature-complete except 6th D10 recipe; DONE gated on registry creds + Adversary
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-27 10:36:09 +01:00