# JOURNAL — cc-ci mirror-enroll Builder

## 2026-06-02 — Phase startup + Phase 0

### Pre-flight survey

```bash
ssh cc-ci 'abra recipe fetch lasuite-drive' → WARN already fetched (exit 0)
ssh cc-ci 'abra recipe fetch mailu'         → WARN already fetched (exit 0)
ssh cc-ci 'abra recipe fetch mumble'        → WARN already fetched (exit 0)
```

Gitea mirror check (via API):
```
lasuite-drive: 404  mailu: 404  mumble: 404
bluesky-pds: 200    discourse: 200  ghost: 200  immich: 200  mattermost-lts: 200  plausible: 200
```

Upstream URLs confirmed from ~/.abra/recipes/<recipe>/.git/config:
- lasuite-drive: https://git.coopcloud.tech/coop-cloud/lasuite-drive.git
- mailu: https://git.coopcloud.tech/coop-cloud/mailu.git
- mumble: https://git.coopcloud.tech/coop-cloud/mumble.git

Adversary independent cold-probe in REVIEW-mirror.md confirms same results.

tests/ state: All 9 unenrolled recipes already have tests/<recipe>/. hedgedoc absent.
POLL_REPOS current: 11 entries (cc-ci + 10 enrolled recipes).

## 2026-06-02 — Phase 1: Create 3 missing mirrors

### Mirror creation via Gitea API + force-sync
```
POST /api/v1/orgs/recipe-maintainers/repos {name:"lasuite-drive",private:true} → HTTP 201 ✓
POST /api/v1/orgs/recipe-maintainers/repos {name:"mailu",private:true} → HTTP 201 ✓
POST /api/v1/orgs/recipe-maintainers/repos {name:"mumble",private:true} → HTTP 201 ✓
```

Force-synced upstream main → Gitea mirror main on cc-ci host:
```
lasuite-drive: upstream f4135d78 → git push --force gitea → [new branch] main ✓
mailu: upstream 23309a1a → git push --force gitea → [new branch] main ✓
mumble: upstream 9fa5e949 → git push --force gitea → [new branch] main ✓
```

Verification (Gitea API):
```
lasuite-drive: full_name=recipe-maintainers/lasuite-drive default_branch=main empty=false ✓
mailu: full_name=recipe-maintainers/mailu default_branch=main empty=false ✓
mumble: full_name=recipe-maintainers/mumble default_branch=main empty=false ✓
```

## 2026-06-02 — Phase 2: hedgedoc test suite

hedgedoc recipe analysis:
- Single-service Node.js app (quay.io/hedgedoc/hedgedoc:1.10.8), port 3000
- Default: sqlite (CMD_DB_URL=sqlite:/database/db.sqlite3), no compose.backup.yml
- backupbot.backup=true in compose labels; volumes: codimd_database, codimd_uploads
- HEALTH_PATH=/ with HEALTH_OK=(200,302): root redirects to /login or /new depending on config

Files created (uptime-kuma template):
- tests/hedgedoc/recipe_meta.py (HEALTH_PATH=/, HEALTH_OK=(200,302), DEPLOY_TIMEOUT=600)
- tests/hedgedoc/functional/test_health_check.py (GET / → 200 or 302)
- tests/hedgedoc/functional/test_branding.py (hedgedoc/codimd/hackmd markers in HTML)
- tests/hedgedoc/PARITY.md (scope documentation)

test_install.py/test_upgrade.py/ops.py deferred (generic tiers provide baseline coverage).

## 2026-06-02 — Phase 3: Enroll 9 unenrolled recipes in POLL_REPOS

Edited nix/modules/bridge.nix POLL_REPOS:
- Before: 11 entries (cc-ci + custom-html, custom-html-tiny, keycloak, cryptpad, matrix-synapse,
  lasuite-docs, lasuite-meet, n8n, hedgedoc, uptime-kuma)
- After: 20 entries (+bluesky-pds, discourse, ghost, immich, lasuite-drive, mailu,
  mattermost-lts, mumble, plausible)

All 9 newly enrolled recipes confirmed to have tests/<recipe>/ (Adversary-confirmed).

## 2026-06-02 — Phase 4: nixos-rebuild switch (deploy expanded POLL_REPOS)

Operator removed the Phase 4 gate (plan commit ad2ade8) — Builder deploys autonomously.

Pre-deploy check:
- /root/cc-ci does not exist on host; using /root/builder-clone (the live host checkout)
- builder-clone was at 51ba205 (old); synced via `git fetch + git rebase origin/main` → 19747bf

Rebuild command:
```
ssh cc-ci 'systemd-run --unit=nixos-rebuild-mirror --collect \
  nixos-rebuild switch --flake "path:/root/builder-clone#cc-ci"'
→ Running as unit: nixos-rebuild-mirror.service
→ Exit: 0
```

Journal output (deploy-bridge.service):
```
Jun 02 00:47:16 nixos systemd[1]: Stopped Reconcile the cc-ci comment-bridge (!testme webhook) swarm service.
Jun 02 00:47:17 nixos systemd[1]: Starting Reconcile the cc-ci comment-bridge...
Jun 02 00:47:18 nixos cc-ci-reconcile-bridge: Loaded image: cc-ci-bridge:3761c4221042
Jun 02 00:47:18 nixos cc-ci-reconcile-bridge: Updating service ccci-bridge_app (id: m8wbajq34lwrhn7m3x9cml4pn)
Jun 02 00:47:19 nixos systemd[1]: Finished Reconcile the cc-ci comment-bridge.
```

Post-deploy verification:
```
ssh cc-ci 'systemctl is-system-running' → running ✓
ssh cc-ci 'nixos-version' → 24.11.20250630.50ab793 ✓
docker service inspect: POLL_REPOS count = 20 ✓
bridge log: poller watching [...20 repos...] every 30s ✓
No rollback needed.
```

## 2026-06-02 — Phase 5: !testme triggerability on 3 newly-enrolled recipes

Posted !testme via Gitea API on:
- ghost PR#2 (7b488a33): "chore: upgrade to 1.3.0+6.42.0-alpine" → HTTP 201 ✓
- immich PR#1 (a846cf38): "fix(backup): back up the postgres database..." → HTTP 201 ✓
- plausible PR#1 (bd8bd93d): "fix(clickhouse): resilient clickhouse-backup fetch..." → HTTP 201 ✓

All posted at ~2026-06-02T00:48Z (after Phase 4 deploy). Bridge polls every 30s.

Bridge triggered (confirmed via bridge log task 2y4celpytdav):
- build #120 ghost@7b488a33 at 00:48:06Z (latency: 15s) ✓
- build #121 immich@a846cf38 at ~00:48:07Z (latency: ~16s) ✓
- build #122 plausible@bd8bd93d at ~00:48:07Z (latency: ~16s) ✓

Build outcomes (from Drone API + results.json):
- #120 ghost: failure (restore) — install+upgrade+backup+custom PASS; restore FAIL
  - ERROR: `Table 'ghost.ci_marker' doesn't exist` (MySQL reimport bug — known Phase 6 issue)
  - backup-verify failed 3/3 attempts (backup race); clean_teardown=true, no_secret_leak=true
- #121 immich: failure (restore) — install+upgrade+backup+custom PASS; restore FAIL
  - ERROR: `relation "ci_marker" does not exist` (PG restore bug — known Phase 6 issue)
  - clean_teardown=true, no_secret_leak=true
- #122 plausible: running at time of DONE (ClickHouse heavy recipe, ~10+ min expected)
  - Adversary verdict: plausible outcome does not affect Ph5 PASS

Adversary verdict @01:16Z: Ph4+Ph5 PASS — trigger mechanism confirmed, D1 ≤60s MET,
all 3 built and reported back. Restore failures are pre-existing Phase 6 scope.

## 2026-06-02T01:16Z — ## DONE written

All Ph0-Ph5 Adversary-verified PASS. No standing VETO. Loop stopped per §7.

## 2026-06-02 — A-mirror-1 resolution: hedgedoc !testme post-authoring

Adversary filed A-mirror-1: hedgedoc tests authored but no post-authoring !testme run existed.

Action: posted !testme on hedgedoc PR#1 (comment 13926, 00:30:30Z) via Gitea API.
Bridge (task 9mtdhzx7eylf) picked up the comment, triggered Drone build #113 at 00:30:46Z.

Build #113 result:
```
number: 113
status: success
started: 2026-06-02T00:30:46Z
finished: 2026-06-02T00:32:07Z (81s runtime)
stages:
  - recipe-ci: success
    steps:
      - clone: success
      - ci: success
```

Both new test files (functional/test_health_check.py, functional/test_branding.py) were
present in cc-ci HEAD (commit 242d56b) when the build ran — this is the post-authoring
!testme run the plan required. Build URL: https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/113