d072d7e2c2
All checks were successful
continuous-integration/drone/push Build is passing
keycloak is the always-on shared OIDC dep provider at warm-keycloak.ci..., the SAME stable domain a data-warm canonical would use → the sweep's promote would collide with the live provider that lasuite-*/drone depend on. keycloak is kept current by roll_warm_infra (WC1.1) instead. WARM_CANONICAL=False; exception recorded in DECISIONS. Enrolled set now 20. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
17 lines
1021 B
Python
17 lines
1021 B
Python
# Per-recipe harness config for keycloak (DB-backed: keycloak + mariadb). Read by the shared
|
|
# conftest — enrolling this recipe needs NO change to runner/harness code (D5).
|
|
HEALTH_PATH = "/realms/master" # 200 JSON once keycloak is up (not "/", which redirects)
|
|
HEALTH_OK = (200,)
|
|
DEPLOY_TIMEOUT = (
|
|
900 # JVM + DB migration are slow on a 2-vCPU VM; observed 502 fallback up to ~10min
|
|
)
|
|
HTTP_TIMEOUT = 900
|
|
|
|
# canon §2.B EXCEPTION (recorded in DECISIONS): keycloak is NOT a data-warm canonical. It is the
|
|
# project's LIVE-WARM OIDC dep provider — an always-on shared service at the SAME stable domain a
|
|
# data-warm canonical would use (warm-keycloak.ci.commoninternet.net). Enrolling it would make the
|
|
# sweep's promote deploy/teardown collide with the live provider that lasuite-*/drone depend on for
|
|
# SSO. keycloak is instead kept current by the sweep's roll_warm_infra step (the health-gated
|
|
# warm/infra reconciler, WC1.1) — so it never lacks coverage. WARM_CANONICAL stays False.
|
|
WARM_CANONICAL = False
|