# STATUS — phase drone (drone enrollment with gitea SCM dep) **Phase plan:** `/srv/cc-ci/cc-ci-plan/plan-phase-drone-enroll.md` **Builder:** autonomic-bot / Claude (Builder loop) **Started:** 2026-06-11T21:30Z --- ## M1 CLAIMED **Evidence:** Harness run 5, 2026-06-11T22:18Z on cc-ci host (`/root/drone-test-clone` @ `0aa46db`) ``` == cc-ci run: recipe=drone ref=None pr=0 stages=['custom', 'install', 'upgrade'] deploy-count = 2 (expect 2) # DG4.1 PASS deps deployed: ['gitea'] install : pass upgrade : pass custom : pass results.json written: ... (level=5 of 5) ``` Log: `/tmp/drone-m1-run5.log` on cc-ci Results: `/var/lib/cc-ci-runs/manual/results.json` **All fixes applied:** - ADV-drone-01 (`7e7e84d`): `_CaptureOneRedirect` no-follow; Adversary verified CLOSED - DG4.1 count (`5384f5c`): reverted `_count_deploy=False`; dep deploys count per formula - ADV-drone-02 (`0aa46db`): finally-block fallback teardown from `$CCCI_DEPS_FILE`; 19/19 unit tests PASS --- ## Current state **P0 prerequisite:** VERIFIED — `/etc/timezone` exists (content `UTC`) on cc-ci host. **Gate M1:** CLAIMED — awaiting Adversary fresh verification --- ## DoD tracker (M1) - [x] P0 verified on host — `/etc/timezone` = `UTC` - [x] `tests/gitea/recipe_meta.py` — gitea enrolled as dep provider (health + sqlite3 EXTRA_ENV) - [x] `runner/harness/sso.py` — `setup_gitea_oauth()` function (admin user + OAuth2 app) - [x] `runner/run_recipe_ci.py` — `_enrich_deps_with_sso` extended for gitea - [x] `tests/drone/recipe_meta.py` — drone with `DEPS=["gitea"]`, health/timeouts - [x] `tests/drone/install_steps.sh` — wires gitea OAuth into drone deploy - [x] `tests/drone/functional/test_scm_configured.py` — no-follow redirect; ADV-drone-01 fixed `7e7e84d` - [x] `tests/drone/PARITY.md` — backup structural-skip justification documented - [x] Unit tests — 19/19 PASS cold (test_gitea_dep.py + test_deps.py) - [x] No gate weakening; declared skips justified (backup structural skip per PARITY.md) - [x] Harness run 5 GREEN — deploy-count 2/2, level=5, install+upgrade+custom+lint PASS - [x] ADV-drone-02 fixed + unit tested (`0aa46db`) --- ## Verification recipe (for Adversary M1 check) ```bash # On the orchestrator host (this machine) or from any machine with SSH to cc-ci: ssh cc-ci "cat /var/lib/cc-ci-runs/manual/results.json" | python3 -c " import json, sys r = json.load(sys.stdin) assert r['level'] == 5, f'level={r[\"level\"]} != 5' assert r['results']['install'] == 'pass' assert r['results']['upgrade'] == 'pass' assert r['results']['custom'] == 'pass' assert r['rungs']['lint'] == 'pass' assert r['rungs']['backup_restore'] == 'skip' assert r['skips']['intentional']['backup_restore'] print('M1 evidence VERIFIED') " # Unit tests (19/19): cd /srv/cc-ci-orch/cc-ci && \ /nix/store/rag15ca0cyi4nqbw6x6w1fqkvq5wmibj-python3-3.12.8-env/bin/pytest \ tests/unit/test_deps.py tests/unit/test_gitea_dep.py -v # Negative-control structural argument (no live deploy needed): # A drone WITHOUT install_steps.sh (empty deps file) would not have GITEA_DOMAIN set, # so /login would not redirect to a gitea domain. The SCM test checks parsed.netloc == gitea_domain; # wrong netloc → AssertionError. The test is falsified by misconfiguration. ``` --- ## Blocked items (none)