# cc-ci — Co-op Cloud recipe CI server

Comment **`!testme`** on a PR in an enrolled Co-op Cloud recipe repo and cc-ci deploys the recipe
at that commit onto a real single-node Docker Swarm, runs install / upgrade / backup-restore tests
(Python + Playwright) end-to-end, and reports a live, tail-able run with pass/fail back to the PR.

This repo declares the **entire server** as a NixOS flake and holds the test harness, the
per-recipe test trees, and the docs to enroll a recipe or rebuild the box from scratch.

> Status: under active autonomous construction. See `STATUS.md` for the live phase and
> `plan.md`-driven milestones in `BACKLOG.md`. Definition of Done is D1–D10 (see the build plan).

## Layout

```
flake.nix              NixOS host(s) + devshell
hosts/cc-ci/           the cc-ci machine config
modules/               drone, comment-bridge, swarm, dashboard, secrets (Nix modules)
secrets/               sops-encrypted infra secrets
bridge/                !testme webhook listener source
runner/                run_recipe_ci.py + shared pytest harness
dashboard/             results overview generator
tests/<recipe>/        per-recipe install/upgrade/backup tests + playwright/
docs/                  install, enroll-recipe, secrets, architecture, runbook, baseline
```

## Docs

- `docs/install.md` — rebuild the server from scratch (D8)
- `docs/enroll-recipe.md` — add a recipe under CI (D5)
- `docs/secrets.md` — secret model + rotation (D6)
- `docs/architecture.md`, `docs/runbook.md` — design + debugging failed runs
- `docs/baseline.md` — bootstrap snapshot / rollback reference

## Loop state (autonomous build)

`STATUS.md` (phase/blockers), `BACKLOG.md` (work + adversary findings), `REVIEW.md` (independent
verification), `JOURNAL.md` (build log), `DECISIONS.md` (architecture choices). See the build plan
for the two-loop Builder/Adversary protocol.