recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
88c11142defcbff14458b84475db4ff60d454cae
cc-ci/machine-docs/BACKLOG-2w.md
autonomic-bot 5dd76d7c8c chore(2w): bootstrap Phase 2w loop state + cleanup orphaned cold apps 
- Seed STATUS-2w / BACKLOG-2w / JOURNAL-2w (WC1-WC9 DoD, W0-W4 milestones).
- Tore down leftover Phase-2 cold apps (lasu-0a6fb2/keyc-07d81e/lasu-dbg);
  disk 91%->86%.
- DECISIONS: warm-domain scheme, per-run realm isolation, warm keycloak as
  declarative infra, cold fallback.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-28 23:14:41 +01:00

2.2 KiB
Raw Blame History

BACKLOG — Phase 2w (warm canonical + --quick)

Single-writer rule (plan §6.1): Builder edits ## Build backlog only; Adversary edits ## Adversary findings only.

Build backlog

W0 — Live-warm keycloak (WC1)

  • W0.1 — sso.py: realm lifecycle primitives (delete_keycloak_realm, list_realms, reap_stale_realms) + unit tests.
  • W0.2 — Orchestrator/deps: live-warm keycloak dep mode — stable warm domain + per-run namespaced realm; delete realm on teardown (don't undeploy); cold-codeploy fallback if no warm keycloak. Per-run realm name unique per (parent, pr, ref) for concurrency isolation.
  • W0.3 — Declarative Nix reconciler nix/modules/warm-keycloak.nix (systemd oneshot converges warm keycloak deployed+healthy at stable domain); wired into the host config.
  • W0.4 — e2e proof: a dependent recipe (lasuite-docs) SSO custom test passes against warm keycloak; concurrent dependents use distinct realms (no collision); leftover realms reaped. → claim WC1 gate.

W1 — Canonical registry + snapshot/restore (WC2, WC3)

  • W1.1 — Canonical registry/reconciler (declarative; tracks recipe→known-good commit; stable domain warm-<recipe>).
  • W1.2 — Snapshot/restore: raw volume copy while undeployed under /var/lib/ci-warm/<recipe>/; one last-known-good, atomic replace; prove restore round-trips data.

W2 — --quick mode (WC4, WC7)

  • W2.1 — run_recipe_ci.py --quick path (reattach → upgrade-to-PR-head → assert → PASS undeploy / FAIL restore+undeploy; never promote).
  • W2.2 — Trigger surface + labeling + no-canonical fallback (WC7).

W3 — Cold-advances-canonical + nightly sweep (WC5, WC6)

  • W3.1 — Promote-on-green-cold (snapshot+tag canonical at teardown on green cold; seed on first green).
  • W3.2 — Nightly full-cold sweep (declarative scheduler, MAX_TESTS-bounded).

W4 — Hardening + docs + cold verify (WC8, WC9)

  • W4.1 — Resource/isolation hardening: disk monitor+prune, per-app serialize, warm excluded from D8.
  • W4.2 — Docs (warm/quick) + the WC9 rollback proof.

Adversary findings

(none yet)