fd02d9f4b8
All checks were successful
continuous-integration/drone/push Build is passing
harness.meta.HookCtx (frozen): .domain, .base_url, .meta (RecipeMeta), .deps (provisioned dep creds from $CCCI_DEPS_FILE or None), .op (current lifecycle op or None); built via meta.hook_ctx() at each hook call site. All recipe callables now take ctx: EXTRA_ENV(ctx), UPGRADE_EXTRA_ENV(ctx), READY_PROBE(ctx), BACKUP_VERIFY(ctx), SCREENSHOT(page, ctx), ops.py pre_<op>(ctx). Dict-valued EXTRA_ENV/UPGRADE_EXTRA_ENV unchanged (only the callable signature moved). Call sites converted: deploy_app env shaping, perform_upgrade, wait_ready_probes (gains op=), _perform_op BACKUP_VERIFY, screenshot.capture, _run_pre_hook. Legacy signatures fail FAST with a clear migration message: the registry carries hook_params per hook key, enforced at meta.load() (MetaError names the old vs new signature); ops.py pre-op hooks get the same check at the orchestrator call site (meta.check_hook_signature) — no silent TypeError mid-run. Migrated every in-repo user mechanically (17 ops.py files; cryptpad/lasuite-*/ mailu EXTRA_ENV; mumble+lasuite-drive READY_PROBE; ghost/discourse BACKUP_VERIFY) — seeded values, probes and assertions byte-identical (domain -> ctx.domain; keycloak pre_restore's meta arg -> ctx.meta). Unit tests: hook_ctx field contract, ctx.deps from the run deps file, legacy- signature MetaError (READY_PROBE/EXTRA_ENV/SCREENSHOT + pre-op checker), ctx signatures accepted. Docs table regenerated (signature docs in key docs). Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 180 passed; scripts/lint.sh -> PASS.
38 lines
2.2 KiB
Python
38 lines
2.2 KiB
Python
# Per-recipe harness config for lasuite-meet (Phase 2 Q3.3 — La Suite / impress sibling of
|
|
# lasuite-docs + lasuite-drive; real-time video meetings via LiveKit, OIDC-dependent).
|
|
#
|
|
# Stack: app (React SPA) + backend (Django) + celery + db (postgres) + redis + livekit (SFU/WebSocket
|
|
# signaling) + web (nginx). OIDC (keycloak) is REQUIRED by the recipe.
|
|
#
|
|
# Health: the SPA is served at `/` and returns 200 unauthenticated (login is OIDC-gated, exercised by
|
|
# the SSO functional tests, not the install health check).
|
|
HEALTH_PATH = "/"
|
|
HEALTH_OK = (200, 301, 302)
|
|
# Moderate stack (no onlyoffice/collabora office backends — lighter than lasuite-drive); livekit +
|
|
# impress front/backend + postgres. Generous but smaller window than drive.
|
|
DEPLOY_TIMEOUT = 1200
|
|
HTTP_TIMEOUT = 600
|
|
|
|
# SSO-dependent (recipe.toml requires=["keycloak"], [sso] provider=keycloak). OIDC is wired at
|
|
# INSTALL time (the only deps mode since rcust P2b) against the live-warm keycloak: the
|
|
# orchestrator provisions the per-run realm BEFORE the single `abra app deploy`, and
|
|
# tests/lasuite-meet/install_steps.sh writes the OIDC env + client secret into that one deploy
|
|
# (no post-deploy reconverge). Meet boots fine with OIDC env set because keycloak is live-warm.
|
|
DEPS = ["keycloak"]
|
|
|
|
|
|
def EXTRA_ENV(ctx):
|
|
# lasuite-meet routes LiveKit's WebSocket signaling on a DOMAIN-derived **nested** subdomain
|
|
# `LIVEKIT_DOMAIN="livekit.${DOMAIN}"`. The cc-ci wildcard TLS cert is `*.ci.commoninternet.net`
|
|
# (single label only), so a 2-label name like `livekit.lasuite-meet-pr0-abc.ci.commoninternet.net`
|
|
# is NOT covered → TLS failure on that router. Flatten to a single-label SIBLING under the
|
|
# wildcard (`livekit-<domain>`) so the existing wildcard cert covers it and Traefik routes it with
|
|
# no cert/gateway change. Same fix as lasuite-drive's minio/collabora siblings (DECISIONS.md
|
|
# "Phase 2 — nested DOMAIN-derived subdomains").
|
|
return {
|
|
"LIVEKIT_DOMAIN": f"livekit-{ctx.domain}",
|
|
# abra's internal per-deploy convergence TIMEOUT (default 300s) is too short for this stack on
|
|
# a cold image cache; bump it (kept under DEPLOY_TIMEOUT so Python never kills abra mid-wait).
|
|
"TIMEOUT": "1000",
|
|
}
|