8b8fc1ff8e
Some checks failed
continuous-integration/drone/push Build is failing
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
61 lines
3.2 KiB
Nix
61 lines
3.2 KiB
Nix
# Phase 2w / WC6 + phase canon — WEEKLY full-cold canonical sweep. A systemd TIMER fires weekly and
|
|
# runs `runner/nightly_sweep.py`: faithfully mirror-sync each recipe to upstream, then a SERIAL
|
|
# full-cold run across enrolled (WARM_CANONICAL) recipes — but only for those with a NEW RELEASE TAG
|
|
# newer than their canonical (canon §2.D), cold-testing that tagged version and promoting its
|
|
# canonical on green (canon §2.A tagged-promote). Serial = MAX_TESTS honored (one at a time); skips
|
|
# itself if a test is already in flight.
|
|
#
|
|
# canon M1.4 (hollow-sweep fix): the sweep runs FROM the deployed checkout at $CCCI_REPO=/etc/cc-ci
|
|
# (the nixos flake source, kept current by the deploy `git pull` + nixos-rebuild), NOT from a
|
|
# nix-store copy of runner/. The store copy carried no tests/, so enrolled_recipes() resolved
|
|
# TESTS_DIR to a nonexistent dir → [] → the timer was a no-op ("hollow sweep"). Running from
|
|
# /etc/cc-ci (which has runner/ AND tests/) is the same checkout run_recipe_ci already executes from,
|
|
# and lets sweep-logic changes ship via a checkout pull without a store rebuild.
|
|
{ pkgs, ... }:
|
|
let
|
|
# Phase `nixenv`: the sweep drives nightly_sweep.py (pytest/playwright) through the SAME
|
|
# entrypoint the Drone runner uses — `cc-ci-run` (pkgs.cc-ci-run, defined once in packages.nix).
|
|
# So the python env + recipe-test tooling are IDENTICAL to the Drone path by construction: no
|
|
# duplicate pyEnv, no parallel runtimeInputs list, and no host-PATH-prepend patch (the old
|
|
# DEFECT-3 fix) — git-lfs/bash/util-linux/openssl/etc. now come from cc-ci-run's runtimeInputs,
|
|
# which is the single shared `ccciRuntimeTools`. This wrapper only sets the sweep-specific
|
|
# environment (HOME, the deployed-checkout repo) before handing off.
|
|
sweep = pkgs.writeShellApplication {
|
|
name = "cc-ci-nightly-sweep";
|
|
runtimeInputs = [ pkgs.cc-ci-run ];
|
|
text = ''
|
|
export HOME=/root
|
|
# canon M1.4: read enrollment + run the harness from the deployed checkout (has tests/).
|
|
export CCCI_REPO=/etc/cc-ci
|
|
cd "$CCCI_REPO"
|
|
exec cc-ci-run "$CCCI_REPO/runner/nightly_sweep.py"
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
systemd.services.nightly-sweep = {
|
|
description = "Weekly canonical sweep: mirror-sync + new-release-tag-gated full-cold runs that promote canonicals";
|
|
after = [ "deploy-proxy.service" "warm-keycloak.service" "docker.service" ];
|
|
environment.HOME = "/root";
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
# A full sweep across several recipes (each a cold deploy/test/teardown) is long; bound it.
|
|
TimeoutStartSec = "21600"; # 6h ceiling
|
|
ExecStart = "${sweep}/bin/cc-ci-nightly-sweep";
|
|
};
|
|
};
|
|
|
|
systemd.timers.nightly-sweep = {
|
|
description = "Weekly trigger for the full-cold canonical sweep (canon §2.F)";
|
|
wantedBy = [ "timers.target" ];
|
|
timerConfig = {
|
|
# canon §2.F: WEEKLY (operator preference) — a full-cold sweep over ~21 recipes is heavy;
|
|
# weekly is the chosen cadence. Sunday 03:00 UTC = a low-traffic slot (exact day/time not
|
|
# critical). Persistent catches up a missed run after downtime.
|
|
OnCalendar = "Sun *-*-* 03:00:00";
|
|
Persistent = true;
|
|
RandomizedDelaySec = "600";
|
|
};
|
|
};
|
|
}
|