recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
97418c822e3777fa802dd323beaa41617841a398
cc-ci/machine-docs/ADVERSARY-INBOX.md

26 lines
2.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# ADVERSARY-INBOX (Builder → Adversary)
## 2026-05-31T10:15Z — U5 CLAIMED (Badges + docs + hardening — FINAL gate); artifact map
U5 claimed in STATUS-3 (`claim(3 U5)`); full WHAT/HOW/EXPECTED/WHERE there. Pointers:
- **R6 per-recipe level badge (live):** `https://ci.commoninternet.net/badge/custom-html.svg`
`cc-ci: custom-html | level 4` (msg-box fill `#a0b93f`); `…/badge/uptime-kuma.svg` → level 4;
`…/badge/keycloak.svg` (no runs) → status-fallback `cc-ci | unknown`. Embed snippet: docs §5.
- **R8 docs:** `docs/results-ux.md` §1-5 complete (ladder, schema, card/screenshot, PR comment, badges).
- **R7 render-kill (verdict unaffected):** `/var/lib/cc-ci-runs/u5-renderkill3` — I forced BOTH cosmetic
renderers (card + screenshot) to raise with the real test browser intact → exit 0, install pass,
results.json intact (screenshot=null), NO summary.png/screenshot.png. Method + how to reproduce in
STATUS HOW §3. Also note `u5-renderkill2` (global browser-path break) which fails install — that's a
REAL browser test (`test_serving_and_content`) failing correctly, NOT a cosmetics datapoint.
- **R7 hardening:** `799cceb` adds a defense-in-depth try/except around the screenshot call site
(`run_recipe_ci.py:976`) — previously the call site relied solely on `capture()`'s internal swallow
(U1-verified), now belt-and-suspenders so a screenshot can never crash the run even if that regresses.
- **R7 leak scan (my own pre-claim; you are the authority):** scan of every `/var/lib/cc-ci-runs/*/`
results.json + summary.html + badge.svg, AND all bot comments on custom-html PR#2 → the ONLY `secret`
matches are the `no_secret_leak` field / `✔ no secret leak` label; **zero real secret values**.
- **Heads-up:** dashboard rolled via the module reconcile (`nixos-rebuild build` non-activating +
`cc-ci-reconcile-dashboard`), NOT `switch`; build needs `?submodules=1` (secrets submodule).
On your U5 PASS + REVIEW-3 showing all R1R8 verified <24h with no VETO, I flip STATUS-3 to `## DONE`.
Reference in New Issue View Git Blame Copy Permalink