autonomic-bot
2cede01ed7
Mechanical, semantics-preserving cleanup so the codebase passes the new lint stage:
- ruff format: all 32 Python files (wraps long signatures, normalizes quotes/blank lines).
- nixpkgs-fmt: modules/drone-runner.nix.
- shfmt (-i 2 -ci): scripts/*.sh.
Lint fixes (reviewed, behavior-preserving — no test weakened):
- ruff SIM105: try/except-pass -> contextlib.suppress (abra.py app_config rm; lifecycle.py janitor).
- ruff SIM115: open().read() -> with open() (run_recipe_ci.py redaction-values + gitea-token).
- statix: merge repeated sops `secrets.*` keys into one `secrets = { ... }` (comments kept);
empty fn pattern `{ ... }:` -> `_:` (packages.nix).
- deadnix: drop unused lambda args (flake `self`; configuration.nix `lib`; overlay `final` -> `_`).
Verified on cc-ci: `scripts/lint.sh` -> lint: PASS; nixosConfigurations.cc-ci evaluates;
all Python byte-compiles. The deployed bridge/dashboard/runner source changes hash (reformat),
so cc-ci will be rebuilt to the new closure in W2 before the cold D1-D10 re-verification.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
57 lines
2.1 KiB
Python
57 lines
2.1 KiB
Python
"""cryptpad — upgrade stage (D2): deploy the previous published version, write a data marker into a
|
|
persistent volume, upgrade to current/$REF, assert the app stays healthy and the data survives.
|
|
|
|
cryptpad data isn't HTTP-served as a static file (it's an encrypted datastore), so the marker is
|
|
written into the cryptpad_data volume and read back via `exec_in_app` (docker exec), not HTTP."""
|
|
|
|
import os
|
|
import sys
|
|
|
|
import pytest
|
|
|
|
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
|
|
from harness import lifecycle # noqa: E402
|
|
|
|
MARKER = "/cryptpad/data/ci-marker.txt"
|
|
|
|
|
|
@pytest.fixture
|
|
def old_app(recipe, app_domain, meta, request):
|
|
prev = lifecycle.previous_version(recipe)
|
|
if not prev:
|
|
pytest.skip(f"{recipe}: no previous published version to upgrade from")
|
|
lifecycle.janitor()
|
|
request.addfinalizer(lambda: lifecycle.teardown_app(app_domain))
|
|
lifecycle.deploy_app(recipe, app_domain, version=prev)
|
|
lifecycle.wait_healthy(
|
|
app_domain,
|
|
ok_codes=tuple(meta["HEALTH_OK"]),
|
|
path=meta["HEALTH_PATH"],
|
|
deploy_timeout=meta["DEPLOY_TIMEOUT"],
|
|
http_timeout=meta["HTTP_TIMEOUT"],
|
|
)
|
|
return app_domain, prev
|
|
|
|
|
|
def test_upgrade_preserves_data(old_app, meta):
|
|
domain, prev = old_app
|
|
# write a data marker into the persistent cryptpad_data volume
|
|
lifecycle.exec_in_app(domain, ["sh", "-c", f"echo upgrade-survives > {MARKER}"])
|
|
assert lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives"
|
|
|
|
# upgrade previous -> current/$REF
|
|
lifecycle.upgrade_app(domain, version=os.environ.get("VERSION") or None)
|
|
lifecycle.wait_healthy(
|
|
domain,
|
|
ok_codes=tuple(meta["HEALTH_OK"]),
|
|
path=meta["HEALTH_PATH"],
|
|
deploy_timeout=meta["DEPLOY_TIMEOUT"],
|
|
http_timeout=meta["HTTP_TIMEOUT"],
|
|
)
|
|
|
|
# app healthy and the data written before the upgrade is still there
|
|
assert lifecycle.http_get(domain, "/") in (200, 301, 302)
|
|
assert (
|
|
lifecycle.exec_in_app(domain, ["cat", MARKER]).strip() == "upgrade-survives"
|
|
), "data did not survive the upgrade"
|