fd02d9f4b8
All checks were successful
continuous-integration/drone/push Build is passing
harness.meta.HookCtx (frozen): .domain, .base_url, .meta (RecipeMeta), .deps (provisioned dep creds from $CCCI_DEPS_FILE or None), .op (current lifecycle op or None); built via meta.hook_ctx() at each hook call site. All recipe callables now take ctx: EXTRA_ENV(ctx), UPGRADE_EXTRA_ENV(ctx), READY_PROBE(ctx), BACKUP_VERIFY(ctx), SCREENSHOT(page, ctx), ops.py pre_<op>(ctx). Dict-valued EXTRA_ENV/UPGRADE_EXTRA_ENV unchanged (only the callable signature moved). Call sites converted: deploy_app env shaping, perform_upgrade, wait_ready_probes (gains op=), _perform_op BACKUP_VERIFY, screenshot.capture, _run_pre_hook. Legacy signatures fail FAST with a clear migration message: the registry carries hook_params per hook key, enforced at meta.load() (MetaError names the old vs new signature); ops.py pre-op hooks get the same check at the orchestrator call site (meta.check_hook_signature) — no silent TypeError mid-run. Migrated every in-repo user mechanically (17 ops.py files; cryptpad/lasuite-*/ mailu EXTRA_ENV; mumble+lasuite-drive READY_PROBE; ghost/discourse BACKUP_VERIFY) — seeded values, probes and assertions byte-identical (domain -> ctx.domain; keycloak pre_restore's meta arg -> ctx.meta). Unit tests: hook_ctx field contract, ctx.deps from the run deps file, legacy- signature MetaError (READY_PROBE/EXTRA_ENV/SCREENSHOT + pre-op checker), ctx signatures accepted. Docs table regenerated (signature docs in key docs). Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 180 passed; scripts/lint.sh -> PASS.
63 lines
4.0 KiB
Python
63 lines
4.0 KiB
Python
# Per-recipe harness config for lasuite-drive (Phase 2 Q3.2 — multi-service + object-storage/S3 +
|
|
# WOPI office, OIDC-dependent). Sibling of lasuite-docs (same La Suite / impress lineage).
|
|
#
|
|
# Stack: app(frontend SPA) + backend(Django/drive) + celery + celery-beat + db(postgres) + redis +
|
|
# mailcatcher + minio(S3) + minio-createbuckets(one-shot) + collabora(WOPI office). ~10 services →
|
|
# generous timeouts.
|
|
#
|
|
# Health: the React SPA is served at `/` by the `app` service and returns 200 unauthenticated
|
|
# (login is OIDC-gated, exercised by the SSO functional tests, not by the install health check).
|
|
HEALTH_PATH = "/"
|
|
HEALTH_OK = (200, 301, 302)
|
|
# This is the heaviest stack in the Phase-2 set: 12 services incl. BOTH office backends
|
|
# (collabora/code ~1GB + onlyoffice/documentserver ~2GB) plus impress front/backend, postgres,
|
|
# minio, redis, nginx. Cold image pull + onlyoffice's multi-minute internal boot exceed the
|
|
# default abra TIMEOUT (300s) and even 900s, so allow a wide window (abra TIMEOUT below stays
|
|
# under DEPLOY_TIMEOUT so the Python subprocess never kills abra mid-wait).
|
|
DEPLOY_TIMEOUT = 1800
|
|
HTTP_TIMEOUT = 900
|
|
|
|
# Base deploy/lifecycle proven cold-green @2026-05-28 (install: pass; 12 services incl.
|
|
# onlyoffice+collabora) once the Docker Hub rate limit was fixed. Declaring DEPS makes the
|
|
# orchestrator provision keycloak (realm/client/user) BEFORE the single deploy;
|
|
# functional/test_oidc_with_keycloak.py then exercises the SSO flow.
|
|
DEPS = ["keycloak"]
|
|
|
|
# OIDC is wired at INSTALL time (the only deps mode since rcust P2b; Q3.2a pioneered it here):
|
|
# the orchestrator provisions the per-run realm on the live-warm keycloak BEFORE the single
|
|
# `abra app deploy`, and tests/lasuite-drive/install_steps.sh writes the OIDC env + client secret
|
|
# into the .env that one deploy reads. No post-deploy reconverge (the flaky 12-service collabora
|
|
# WOPI race is structurally gone). The post-deploy MinIO bucket one-shot lives in ops.py
|
|
# pre_install (the former setup_custom_tests.sh, deleted in P2b).
|
|
|
|
|
|
def READY_PROBE(ctx):
|
|
"""Readiness signals beyond replica-convergence + the app HEALTH_PATH (Q3.2/F2-12). collabora's
|
|
coolwsd reports its container 1/1 'running' while still doing jail/config init, and its WOPI
|
|
discovery endpoint 404s until ready — so the harness waits for `/hosting/discovery` → 200 on the
|
|
collabora sibling host after the install deploy AND after the upgrade chaos redeploy. This is what
|
|
makes the heavy prev→PR-head crossover reliably green (the new collabora 25.04.9.x finishes init
|
|
within swarm's healthcheck retries; abra's own converge monitor was too impatient — F2-12)."""
|
|
label, _, rest = ctx.domain.partition(".")
|
|
return [{"host": f"collabora-{ctx.domain}", "path": "/hosting/discovery", "ok": (200,)}]
|
|
|
|
|
|
def EXTRA_ENV(ctx):
|
|
# Two of lasuite-drive's services route on DOMAIN-DERIVED **nested** subdomains —
|
|
# `MINIO_DOMAIN="minio.${DOMAIN}"` and `COLLABORA_DOMAIN="collabora.${DOMAIN}"`. The cc-ci
|
|
# wildcard TLS cert is `*.ci.commoninternet.net` (single label only), so a 2-label name like
|
|
# `minio.lasuite-drive-pr0-abc.ci.commoninternet.net` is NOT covered → TLS failure on those
|
|
# routers. Flatten each to a single-label SIBLING under the wildcard (`minio-<domain>`,
|
|
# `collabora-<domain>`) so the existing wildcard cert covers them and Traefik routes them with
|
|
# no cert/gateway change. See DECISIONS.md "Phase 2 — nested DOMAIN-derived subdomains".
|
|
# `AWS_S3_DOMAIN_REPLACE` derives from MINIO_DOMAIN in-compose, so setting MINIO_DOMAIN is enough.
|
|
return {
|
|
"MINIO_DOMAIN": f"minio-{ctx.domain}",
|
|
"COLLABORA_DOMAIN": f"collabora-{ctx.domain}",
|
|
# abra's internal per-deploy convergence timeout (recipe TIMEOUT env, default 300s) is too
|
|
# short for this 12-service stack on a cold image cache (impress frontend/backend, minio,
|
|
# postgres, redis, collabora ~1GB, onlyoffice ~2GB). Bump so abra waits long enough for
|
|
# convergence; kept under DEPLOY_TIMEOUT (1800) so Python never kills abra mid-wait.
|
|
"TIMEOUT": "1500",
|
|
}
|