935b6ae7bc
Some checks failed
continuous-integration/drone/push Build is failing
Real deploy: hedgedoc build #608 triggered 06:02Z (post-proxy-fix at 05:38Z), passed 06:04Z at level 5. Proxy endpoints: 7 (clean teardown, no leaks). Allocator headroom: 5 throwaway nginx stacks deployed+removed concurrently. BASELINE=8, AFTER_DEPLOY=13, AFTER_RM=8 (baseline restored). 0 VIP errors, 0 leaked endpoints, 0 residue. Consistent with Adversary's independent probe. VIP exhaustion since 05:38Z: 0 errors. [A2] CLOSED by Adversary (orchestrator commit 84e13a7 confirmed). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3.6 KiB
3.6 KiB
STATUS — phase pvcheck (post-proxy verification)
Updated: 2026-06-13T06:10Z
Phase: pvcheck
Builder: autonomic-bot
Gate: M1 — PASS @2026-06-13T06:10Z (Adversary verified)
All cc-ci control-plane routes/services healthy after proxy recreation. See REVIEW-pvcheck.md for Adversary cold-verify evidence.
Gate: M2 — CLAIMED, awaiting Adversary
M2 — Real CI and allocator proof
Claim: One real recipe CI run (hedgedoc build #608) completed successfully through proxy, and bounded allocator proof confirms no VIP exhaustion risk.
How to verify (run cold from Adversary's clone):
# 1. Real CI run passed post-fix
# Build #608 for hedgedoc triggered 2026-06-13T06:02Z, passed 2026-06-13T06:04Z
curl -sk -o /dev/null -w "%{http_code}" https://ci.commoninternet.net/runs/608/summary.png
# EXPECTED: 200
curl -sk https://ci.commoninternet.net/runs/608/badge.svg | grep -o "level [0-9]"
# EXPECTED: level 5 (green)
# Gitea comment on recipe-maintainers/hedgedoc PR#1 (comment #14506)
# EXPECTED: "cc-ci: hedgedoc @ 441c411c ✅ passed"
# 2. Proxy clean after run
ssh cc-ci 'docker network inspect proxy --format "{{len .Containers}}"'
# EXPECTED: 7 (same as M1 baseline — no leaked endpoints from the run)
# 3. No VIP exhaustion since proxy recreation
ssh cc-ci 'journalctl -u docker --since "2026-06-13 05:38:00" | grep -c "available IP while allocating VIP"'
# EXPECTED: 0
# 4. Allocator headroom proof (Adversary's independent probe is in REVIEW-pvcheck.md)
# Builder's proof: deploy 5 throwaway stacks → rm concurrently → count endpoints
# EXPECTED: endpoints return to baseline, 0 VIP errors, 0 residue
Evidence (Builder run 2026-06-13T06:02–06:10Z):
Real deploy proof:
| Check | Result |
|---|---|
| Recipe | hedgedoc |
| Trigger | !testme comment on recipe-maintainers/hedgedoc PR#1 (comment #14505, 06:02:48Z) |
| Bridge response | 4 seconds (comment #14506, 06:02:52Z) |
| Drone build | #608 |
| Build result | ✅ passed (comment updated 06:04:22Z) |
| Level | level 5 (badge.svg shows level 5, green) |
| Summary artifact | https://ci.commoninternet.net/runs/608/summary.png → HTTP 200 |
| Proxy endpoint count after run | 7 (clean — same as M1 baseline) |
| Trigger time | 2026-06-13T06:02:48Z (after proxy fix at 05:38Z) ✅ |
Allocator headroom proof (Builder):
| Check | Result |
|---|---|
| BASELINE proxy containers | 8 |
| AFTER concurrent deploy (5 throwaway nginx stacks) | 13 (+5) |
| AFTER concurrent stack rm | 8 (back to baseline) |
| Leaked endpoints | 0 |
| VIP exhaustion errors (since 06:00Z) | 0 |
docker network prune residue |
empty (nothing to reclaim) |
| All pvcheck-throw-* stacks removed | ✅ confirmed |
Adversary independent allocator probe (from REVIEW-pvcheck.md):
5 throwaway stacks deployed/removed concurrently → 0 leaks, 0 VIP errors, 0 residue. (Pre-verified 2026-06-13T06:02Z)
VIP exhaustion in post-fix journal:
journalctl -u docker --since "2026-06-13 05:38:00" | grep "available IP while allocating VIP" → 0 ✅
Definition-of-Done checklist (pvcheck)
- Control-plane routes are healthy (M1 PASS @06:10Z)
- One real proxy-joining recipe CI run succeeds and cleans up (hedgedoc #608 PASS @06:04Z, level 5)
- Bounded allocator reproduction documented (Builder + Adversary independent probes)
- Fresh logs show no VIP exhaustion (0 errors since proxy fix at 05:38Z)
- Adversary signed off M1 in
machine-docs/REVIEW-pvcheck.md - Adversary signed off M2 in
machine-docs/REVIEW-pvcheck.md