fd02d9f4b8
All checks were successful
continuous-integration/drone/push Build is passing
harness.meta.HookCtx (frozen): .domain, .base_url, .meta (RecipeMeta), .deps (provisioned dep creds from $CCCI_DEPS_FILE or None), .op (current lifecycle op or None); built via meta.hook_ctx() at each hook call site. All recipe callables now take ctx: EXTRA_ENV(ctx), UPGRADE_EXTRA_ENV(ctx), READY_PROBE(ctx), BACKUP_VERIFY(ctx), SCREENSHOT(page, ctx), ops.py pre_<op>(ctx). Dict-valued EXTRA_ENV/UPGRADE_EXTRA_ENV unchanged (only the callable signature moved). Call sites converted: deploy_app env shaping, perform_upgrade, wait_ready_probes (gains op=), _perform_op BACKUP_VERIFY, screenshot.capture, _run_pre_hook. Legacy signatures fail FAST with a clear migration message: the registry carries hook_params per hook key, enforced at meta.load() (MetaError names the old vs new signature); ops.py pre-op hooks get the same check at the orchestrator call site (meta.check_hook_signature) — no silent TypeError mid-run. Migrated every in-repo user mechanically (17 ops.py files; cryptpad/lasuite-*/ mailu EXTRA_ENV; mumble+lasuite-drive READY_PROBE; ghost/discourse BACKUP_VERIFY) — seeded values, probes and assertions byte-identical (domain -> ctx.domain; keycloak pre_restore's meta arg -> ctx.meta). Unit tests: hook_ctx field contract, ctx.deps from the run deps file, legacy- signature MetaError (READY_PROBE/EXTRA_ENV/SCREENSHOT + pre-op checker), ctx signatures accepted. Docs table regenerated (signature docs in key docs). Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 180 passed; scripts/lint.sh -> PASS.
56 lines
2.3 KiB
Python
56 lines
2.3 KiB
Python
"""ghost — pre-op seed hooks (Phase 1e HC3 / Phase 2 P4 backup data-integrity).
|
|
|
|
The orchestrator runs these BEFORE each op; the matching test_<op>.py asserts post-op (assertion
|
|
only). The CURRENT ghost recipe (1.2.0+6.21.2-alpine) stores ALL its content — posts, users,
|
|
settings — in a **MySQL** `ghost` database (compose `db` service, `mysql:8.0`), NOT sqlite (the
|
|
older recipe_meta comment was stale; the live compose uses `database__client: mysql`). The recipe's
|
|
`db` service is backupbot-labelled with a **logical dump** pre-hook
|
|
(`mysqldump -u root -p... ghost --tab /var/lib/mysql-files/`, `backup.path=/var/lib/mysql-files/`),
|
|
so the marker must live in the `ghost` database to ride that dump.
|
|
|
|
We seed a dedicated `ci_marker` table (Ghost's own knex migrations never touch it) via the `mysql`
|
|
CLI in the `db` service. MYSQL_PWD (not `-p<pw>`) avoids the client's "password on the command line
|
|
is insecure" stderr noise; `-N -s` strips column names + box decoration so read-backs are clean
|
|
scalars. The marker rides backup→restore the same way a real post's row would.
|
|
"""
|
|
|
|
import os
|
|
import sys
|
|
|
|
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "runner"))
|
|
from harness import lifecycle # noqa: E402
|
|
|
|
|
|
def _mysql(domain, sql):
|
|
cmd = 'MYSQL_PWD="$(cat /run/secrets/db_password)" ' f'mysql -u root -N -s ghost -e "{sql}"'
|
|
return lifecycle.exec_in_app(domain, ["sh", "-c", cmd], service="db").strip()
|
|
|
|
|
|
def _seed(domain, value):
|
|
_mysql(
|
|
domain,
|
|
"CREATE TABLE IF NOT EXISTS ci_marker(v VARCHAR(255)); DELETE FROM ci_marker; "
|
|
f"INSERT INTO ci_marker VALUES('{value}');",
|
|
)
|
|
got = _mysql(domain, "SELECT v FROM ci_marker;")
|
|
assert got == value, f"seed did not commit (read back {got!r}, expected {value!r})"
|
|
|
|
|
|
def pre_upgrade(ctx):
|
|
_seed(ctx.domain, "upgrade-survives")
|
|
|
|
|
|
def pre_backup(ctx):
|
|
_seed(ctx.domain, "original")
|
|
|
|
|
|
def pre_restore(ctx):
|
|
# diverge from the backup so a successful restore is observable: drop the marker table.
|
|
_mysql(ctx.domain, "DROP TABLE IF EXISTS ci_marker;")
|
|
got = _mysql(
|
|
ctx.domain,
|
|
"SELECT COUNT(*) FROM information_schema.tables "
|
|
"WHERE table_schema='ghost' AND table_name='ci_marker';",
|
|
)
|
|
assert got == "0", f"drop did not take (information_schema still lists ci_marker: {got!r})"
|