8cd72fd78d
All checks were successful
continuous-integration/drone/push Build is passing
a) compose.ccci.yml is FIRST-CLASS: the harness auto-copies tests/<recipe>/ compose.ccci.yml into the run's recipe checkout (ABRA_DIR-aware, lifecycle. provide_ccci_overlay) and auto-chaoses the pinned base deploy on its presence (kills the R7 implicit coupling). ghost/discourse install_steps.sh (copy-only boilerplate) deleted; CHAOS_BASE_DEPLOY removed from both metas + the registry. b) install-time deps wiring is the ONLY mode: deps with DEPS provision BEFORE the single deploy; legacy post-deploy provisioning + the setup_custom_tests.sh invocation machinery deleted. lasuite-docs migrated to install_steps.sh OIDC wiring (same env names/values as the old hook — only the timing moved); lasuite-drive's remaining post-deploy MinIO bucket one-shot moved to ops.py pre_install; both setup_custom_tests.sh files deleted; OIDC_AT_INSTALL removed from drive/meet metas + the registry. c) SKIP_GENERIC meta key deleted (zero users). Env form CCCI_SKIP_GENERIC* stays as the documented dev-only escape hatch; when active in a drone CI run the orchestrator prints a loud !! warning (manifest embedding lands in P5). d) conftest cleanup: dead pre-deploy-once fixtures deployed/deployed_app deleted (zero users), app_domain + _short + _wait_healthy dropped (only users were the deleted fixtures); deps_apps+deps_creds consolidated into ONE deps fixture (entries expose .domain etc. as attributes; dict access intact); the 6 lasuite test files renamed deps_creds->deps (fixture name only — assertions and flows byte-identical). requires_deps marker + F2-11 skip-report plumbing unchanged. Registry is now exactly the 14 final keys; docs §4 table regenerated. Stale setup_custom_tests/OIDC_AT_INSTALL prose in docstrings/comments/assert MESSAGES updated (no assert logic or expected value touched). Verified on cc-ci: cc-ci-run -m pytest tests/unit -q -> 175 passed; scripts/lint.sh -> PASS.
63 lines
4.0 KiB
Python
63 lines
4.0 KiB
Python
# Per-recipe harness config for lasuite-drive (Phase 2 Q3.2 — multi-service + object-storage/S3 +
|
|
# WOPI office, OIDC-dependent). Sibling of lasuite-docs (same La Suite / impress lineage).
|
|
#
|
|
# Stack: app(frontend SPA) + backend(Django/drive) + celery + celery-beat + db(postgres) + redis +
|
|
# mailcatcher + minio(S3) + minio-createbuckets(one-shot) + collabora(WOPI office). ~10 services →
|
|
# generous timeouts.
|
|
#
|
|
# Health: the React SPA is served at `/` by the `app` service and returns 200 unauthenticated
|
|
# (login is OIDC-gated, exercised by the SSO functional tests, not by the install health check).
|
|
HEALTH_PATH = "/"
|
|
HEALTH_OK = (200, 301, 302)
|
|
# This is the heaviest stack in the Phase-2 set: 12 services incl. BOTH office backends
|
|
# (collabora/code ~1GB + onlyoffice/documentserver ~2GB) plus impress front/backend, postgres,
|
|
# minio, redis, nginx. Cold image pull + onlyoffice's multi-minute internal boot exceed the
|
|
# default abra TIMEOUT (300s) and even 900s, so allow a wide window (abra TIMEOUT below stays
|
|
# under DEPLOY_TIMEOUT so the Python subprocess never kills abra mid-wait).
|
|
DEPLOY_TIMEOUT = 1800
|
|
HTTP_TIMEOUT = 900
|
|
|
|
# Base deploy/lifecycle proven cold-green @2026-05-28 (install: pass; 12 services incl.
|
|
# onlyoffice+collabora) once the Docker Hub rate limit was fixed. Declaring DEPS makes the
|
|
# orchestrator provision keycloak (realm/client/user) BEFORE the single deploy;
|
|
# functional/test_oidc_with_keycloak.py then exercises the SSO flow.
|
|
DEPS = ["keycloak"]
|
|
|
|
# OIDC is wired at INSTALL time (the only deps mode since rcust P2b; Q3.2a pioneered it here):
|
|
# the orchestrator provisions the per-run realm on the live-warm keycloak BEFORE the single
|
|
# `abra app deploy`, and tests/lasuite-drive/install_steps.sh writes the OIDC env + client secret
|
|
# into the .env that one deploy reads. No post-deploy reconverge (the flaky 12-service collabora
|
|
# WOPI race is structurally gone). The post-deploy MinIO bucket one-shot lives in ops.py
|
|
# pre_install (the former setup_custom_tests.sh, deleted in P2b).
|
|
|
|
|
|
def READY_PROBE(domain):
|
|
"""Readiness signals beyond replica-convergence + the app HEALTH_PATH (Q3.2/F2-12). collabora's
|
|
coolwsd reports its container 1/1 'running' while still doing jail/config init, and its WOPI
|
|
discovery endpoint 404s until ready — so the harness waits for `/hosting/discovery` → 200 on the
|
|
collabora sibling host after the install deploy AND after the upgrade chaos redeploy. This is what
|
|
makes the heavy prev→PR-head crossover reliably green (the new collabora 25.04.9.x finishes init
|
|
within swarm's healthcheck retries; abra's own converge monitor was too impatient — F2-12)."""
|
|
label, _, rest = domain.partition(".")
|
|
return [{"host": f"collabora-{domain}", "path": "/hosting/discovery", "ok": (200,)}]
|
|
|
|
|
|
def EXTRA_ENV(domain):
|
|
# Two of lasuite-drive's services route on DOMAIN-DERIVED **nested** subdomains —
|
|
# `MINIO_DOMAIN="minio.${DOMAIN}"` and `COLLABORA_DOMAIN="collabora.${DOMAIN}"`. The cc-ci
|
|
# wildcard TLS cert is `*.ci.commoninternet.net` (single label only), so a 2-label name like
|
|
# `minio.lasuite-drive-pr0-abc.ci.commoninternet.net` is NOT covered → TLS failure on those
|
|
# routers. Flatten each to a single-label SIBLING under the wildcard (`minio-<domain>`,
|
|
# `collabora-<domain>`) so the existing wildcard cert covers them and Traefik routes them with
|
|
# no cert/gateway change. See DECISIONS.md "Phase 2 — nested DOMAIN-derived subdomains".
|
|
# `AWS_S3_DOMAIN_REPLACE` derives from MINIO_DOMAIN in-compose, so setting MINIO_DOMAIN is enough.
|
|
return {
|
|
"MINIO_DOMAIN": f"minio-{domain}",
|
|
"COLLABORA_DOMAIN": f"collabora-{domain}",
|
|
# abra's internal per-deploy convergence timeout (recipe TIMEOUT env, default 300s) is too
|
|
# short for this 12-service stack on a cold image cache (impress frontend/backend, minio,
|
|
# postgres, redis, collabora ~1GB, onlyoffice ~2GB). Bump so abra waits long enough for
|
|
# convergence; kept under DEPLOY_TIMEOUT (1800) so Python never kills abra mid-wait.
|
|
"TIMEOUT": "1500",
|
|
}
|