recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6c5d8f28ea238fee7ce9ab3b98efcea5f3a6ef0a
cc-ci/machine-docs/STATUS-1d.md
autonomic-bot 6c5d8f28ea fix(1d): G1 backup/restore + F1d-1 cert-check reframe 
- backup artifact: read snapshot_id from 'abra app backup create' output (snapshots needs a TTY);
  generic.parse_snapshot_id + do_backup assert it
- restore serving race: lifecycle.http_fetch (one request -> status+body, never raises) +
  assert_serving is now a bounded poll (settles a post-op reconverge, no bare sleep); drop wait_serving
- F1d-1 (Adversary, low): reframe served_cert/assert_serving honestly as an INFRA TLS sanity check
  (catches a lapsed/mis-rotated wildcard cert), NOT app-vs-fallback (Traefik serves the wildcard
  zone-wide); the genuine serving proof is services_converged + non-404 status. Awaiting re-test.

DG1 Adversary PASS @ef44d46. G1 full-lifecycle re-verification in flight.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 23:39:45 +01:00

61 lines
3.9 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# STATUS — Phase 1d (generic test suite + layered recipe overlays)
**Phase plan (SSOT):** `/srv/cc-ci/cc-ci-plan/plan-phase1d-generic-test-suite.md`
**Loop state for THIS phase:** STATUS-1d / BACKLOG-1d / REVIEW-1d / JOURNAL-1d (DECISIONS.md shared).
The repo's STATUS.md/BACKLOG.md/REVIEW.md (Phase 1) and STATUS-1b/1c (DONE) are HISTORY, not this
phase's state.
## Phase
Phase 1d runs after Phase 1b (DONE) and before Phase 2. It is the **test-architecture foundation**:
every recipe gets a generic lifecycle suite for free; recipe-specific tests layer on top
(override-or-extend). Bounded — build the architecture + prove it on a couple of recipes; full
per-recipe overlay authoring is Phase 2.
## Definition of Done (Phase 1d) — DG1DG8, each Adversary cold-verified in REVIEW-1d
- [x] **DG1** — Generic INSTALL test (recipe-agnostic): app new→deploy→converged→really serving
(real HTTP(S), not Traefik fallback). Green on a simple recipe with no cc-ci/repo-local tests.
**Adversary PASS @2026-05-27** (cold, hedgedoc, deploy-count=1, clean teardown).
- [ ] **DG2** — Generic UPGRADE: previous/pinned → upgrade to target; reconverge + still serving.
- [ ] **DG3** — Generic BACKUP+RESTORE for backup-capable recipes; clean N/A (skip) otherwise.
- [ ] **DG4** — Layering (override-or-extend; generic is the default); discovery + cc-ci/repo-local
precedence settled in DECISIONS. Invariant: no overlay for an op ⇒ generic runs.
- [ ] **DG4.1** — Overlays reuse the deployment: ONE deploy + ONE teardown per run; no extra
new/deploy/undeploy (assert via deploy-count).
- [ ] **DG5** — Custom install-steps hook + graceful-generic rule; fail-without / pass-with proof.
- [ ] **DG6**`!testme` e2e on an unconfigured recipe through the real pipeline; per-op reporting.
- [ ] **DG7** — Real, DRY, clean: no softened/skip/xfail assertions; generic in the shared harness;
teardown always; respects MAX_TESTS.
- [ ] **DG8** — Documented (docs/ explains the generic suite, overlay convention, hook) + cold-verify.
## Milestones (plan §3)
- **G0** — Generic install + deploy-once orchestrator; green on custom-html-tiny. *Accept: DG1.*
- **G1** — Generic upgrade + backup/restore. *Accept: DG2, DG3.*
- **G2** — Layering + discovery + precedence. *Accept: DG4, DG4.1.*
- **G3** — Custom install-steps hook + graceful-generic. *Accept: DG5.*
- **G4** — `!testme` e2e + per-op reporting + docs + cold verify. *Accept: DG6, DG7, DG8 → DONE.*
## In flight
**G1 — generic upgrade + backup/restore.** Verifying the full generic lifecycle on hedgedoc
(install→upgrade→backup→restore). DG2 (upgrade) already green; fixed two real bugs (backup artifact
read from `abra app backup create`'s snapshot_id since `snapshots` needs a TTY; restore serving race
→ single-request `http_fetch` + bounded-poll `assert_serving`). Re-running to confirm all-green, then
claim G1.
**F1d-1 (Adversary, low/DG7) — FIXED in code, awaiting Adversary re-test+close.** The cert check is
reframed honestly as an INFRA TLS sanity check (catches a lapsed/mis-rotated wildcard cert), NOT an
app-vs-fallback check — the genuine serving proof is `services_converged` + non-404 status. See
JOURNAL-1d + generic.py docstrings.
## Gate
**G0/DG1 — Adversary PASS @2026-05-27.** Cleared past G0. Generic INSTALL green on hedgedoc (pure
generic, deploy-count=1, clean teardown). Next gate: G1 (DG2+DG3), claimed once the hedgedoc full
lifecycle is confirmed all-green.
Design (DECISIONS.md Phase 1d): tier model with the lifecycle OP owned by the shared harness (test
files = assertions only); override precedence repo-local > cc-ci > generic + extend-by-composition;
deploy-once with a deploy-count guard; backup-capability auto-detect; install-steps shell hook.
## Blocked
(none) — bootstrap access re-verified @2026-05-27: ssh cc-ci ok (root, NixOS 24.11), abra 0.13.0-beta,
5 infra stacks up (traefik/drone/bridge/dashboard/backups), custom-html-tiny mirrored.
Reference in New Issue View Git Blame Copy Permalink