recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9a8ee53c7ad0cd1e6e7a88e002bab6dddbadd124
cc-ci/machine-docs/REVIEW-mirror.md
autonomic-bot 81d933cac3
Some checks failed
continuous-integration/drone/push Build is failing
Details
continuous-integration/drone Build is passing
Details
review(mirror): Ph1 PASS, Ph3 PASS, Ph2 PARTIAL FAIL (A-mirror-1 OPEN) @00:40Z 
Ph1: 3 mirrors cold-verified — lasuite-drive/mailu/mumble all HTTP 200,
empty=false, default_branch=main, HEAD SHAs match upstream exactly.

Ph3: POLL_REPOS has 20 repos; all 9 new recipes present + all have tests/.

Ph2: tests authored (recipe_meta.py, test_health_check, test_branding, PARITY.md)
but builds #153/#154 predate authoring (2026-05-28 vs 2026-06-02). Plan requires
!testme green AFTER authoring. Filing A-mirror-1. Phase 4 deploy NOT blocked.

Ph4 operator deploy: OK to proceed. A-mirror-1 must close before Phase 5 DONE.
2026-06-02 00:29:28 +00:00

137 lines
6.2 KiB
Markdown
Raw Blame History

# REVIEW — cc-ci Adversary, mirror+enroll phase
**Phase:** mirror + enroll ALL recipes
**SSOT:** `/srv/cc-ci/cc-ci-plan/plan-mirror-enroll-all-recipes.md`
**Adversary:** independent Adversary loop in /srv/cc-ci/cc-ci-adv
---
## Pre-flight snapshot @2026-06-02T00:18Z (independent cold probe)
Performed independent cold-start survey before Builder claims any gate.
### Mirror state (cold-verified via Gitea API)
| Recipe | Mirror exists? | Source |
|---|---|---|
| lasuite-drive | **NO** (404) | upstream git.coopcloud.tech 200 ✓ |
| mailu | **NO** (404) | upstream git.coopcloud.tech 200 ✓ |
| mumble | **NO** (404) | upstream git.coopcloud.tech 200 ✓ |
| bluesky-pds | YES (200) | — |
| discourse | YES (200) | — |
| ghost | YES (200) | — |
| immich | YES (200) | — |
| mattermost-lts | YES (200) | — |
| plausible | YES (200) | — |
Matches plan's current-state table exactly.
### Live bridge POLL_REPOS (cold-verified via docker service inspect on cc-ci)
```
recipe-maintainers/cc-ci,recipe-maintainers/custom-html,recipe-maintainers/custom-html-tiny,
recipe-maintainers/keycloak,recipe-maintainers/cryptpad,recipe-maintainers/matrix-synapse,
recipe-maintainers/lasuite-docs,recipe-maintainers/lasuite-meet,recipe-maintainers/n8n,
recipe-maintainers/hedgedoc,recipe-maintainers/uptime-kuma
```
Enrolled: 10 recipes + cc-ci meta. NOT enrolled: bluesky-pds, discourse, ghost, immich,
lasuite-drive, mailu, mattermost-lts, mumble, plausible (9 recipes).
### tests/ directory state (cold-verified on builder-clone)
All 9 unenrolled recipes HAVE `tests/<recipe>/` in builder-clone ✓:
bluesky-pds, discourse, ghost, immich, lasuite-drive, mailu, mattermost-lts, mumble, plausible
hedgedoc: NO `tests/hedgedoc/` (enrolled but untested — plan Phase 2 must author suite) ✓
---
## Verdicts / Gate records
### Gate: Ph1+Ph2+Ph3 CLAIMED @2026-06-02T00:25Z — VERDICT: Ph1 PASS, Ph3 PASS, Ph2 PARTIAL FAIL
Cold-verified from /srv/cc-ci/cc-ci-adv (fresh git pull) at 2026-06-02T00:40Z.
#### Ph1 — 3 mirrors created: PASS ✓
| Mirror | HTTP | empty | default_branch | Mirror HEAD SHA | Upstream HEAD SHA | Match |
|---|---|---|---|---|---|---|
| lasuite-drive | 200 | false | main | f4135d78 | f4135d78 | ✓ |
| mailu | 200 | false | main | 23309a1a | 23309a1a | ✓ |
| mumble | 200 | false | main | 9fa5e949 | 9fa5e949 | ✓ |
Content verified: lasuite-drive contains compose.yml, .env.sample etc.; mumble contains compose.yml, README.md etc. — real recipe content, not empty repos.
#### Ph3 — 9 recipes enrolled in POLL_REPOS: PASS ✓
```
POLL_REPOS count: 20 repos (cc-ci + 19 recipes)
```
All 9 new recipes present in `nix/modules/bridge.nix`:
bluesky-pds ✓, discourse ✓, ghost ✓, immich ✓, lasuite-drive ✓, mailu ✓, mattermost-lts ✓, mumble ✓, plausible ✓
All 9 have `tests/<recipe>/` in the repo ✓ (bluesky-pds: 9 files, discourse: 8, ghost: 9, immich: 8, lasuite-drive: 10, mailu: 3, mattermost-lts: 8, mumble: 7, plausible: 8)
#### Ph2 — hedgedoc test suite: PARTIAL FAIL ✗ → A-mirror-1 OPEN
Files authored and present:
- `tests/hedgedoc/recipe_meta.py` (HEALTH_PATH=/, HEALTH_OK=(200,302), DEPLOY_TIMEOUT=600) ✓
- `tests/hedgedoc/functional/test_health_check.py` (GET / → 200 or 302) ✓
- `tests/hedgedoc/functional/test_branding.py` (brand markers OR asset markers) ✓
- `tests/hedgedoc/PARITY.md` (scope + deferred) ✓
**GAP:** The plan explicitly requires "verify it green via !testme before relying on it."
- Drone builds #153 and #154 on hedgedoc PR#1 both PASSED — but they ran on 2026-05-28T01:10Z and
2026-05-28T01:20Z, **BEFORE** the new hedgedoc tests were authored (claim commit 242d56b at
2026-06-02T00:25Z).
- The new test files (test_health_check.py, test_branding.py) have NOT been run via !testme
since being committed to main.
- Finding filed as **A-mirror-1** (see BACKLOG-mirror.md).
**Phase 4 operator deploy: OK to proceed** — the deploy itself (nixos-rebuild with new POLL_REPOS)
does not depend on hedgedoc test quality. A-mirror-1 must be resolved before Phase 5 verification
relies on hedgedoc results. Builder should run !testme on hedgedoc PR#1 *after* this claim and
confirm the new tests pass.
**Summary:** Ph1 PASS ✓ | Ph3 PASS ✓ | Ph2 PARTIAL — tests authored but not post-authoring !testme verified.
Phase 4 operator deploy may proceed. A-mirror-1 must be closed (hedgedoc !testme PASS) before Phase 5 DONE.
**Adversary notes builder-break-it:**
- !testmexyz was posted on hedgedoc PR#1 at 2026-05-28T01:20Z → no build triggered ✓ (correct)
---
## Break-it probes @2026-06-02T00:25Z
### BP-mirror-1: Bridge auth (non-org-member rejection)
`GET /orgs/recipe-maintainers/members/nonexistentuser12345` → 404 ✓ (correctly rejected)
Auth enforcement confirmed working at this snapshot.
### BP-mirror-2: Bridge current POLL_REPOS (live vs config)
Live bridge task `9mtdhzx7eylfleg6qd94tseua` started with correct POLL_REPOS including:
custom-html-tiny, lasuite-meet, uptime-kuma — all additions from Phases 3/5 ✓
Note: `docker service inspect` showed TWO POLL_REPOS env var entries in service JSON.
The LAST one (uptime-kuma included) is the current spec; the earlier was from a pre-update
spec snapshot. Running container correctly uses the full list (confirmed via service log).
### BP-mirror-3: Box cleanliness
`docker stack ls` on cc-ci shows exactly 5 legitimate stacks:
backups, ccci-bridge, ccci-dashboard, drone, traefik. No orphaned test app stacks ✓
Disk: 35G used / 150G total (25%) — healthy headroom for mirror creation work ✓
### BP-mirror-4: hedgedoc PR #1 open (pre-existing probe PR)
`recipe-maintainers/hedgedoc/pulls/1` is still open — it's the Phase 1d DG6 generic suite
probe (`ci/testme-probe` branch). This PR predates the mirror phase. When the Builder
authors the hedgedoc test suite (Phase 2), this open PR is a natural place to run !testme.
**No action needed now**; noted as context for Phase 2 verification.
### BP-mirror-5: Upstream recipe availability for 3 missing mirrors
- `git.coopcloud.tech/coop-cloud/lasuite-drive` → 200 ✓
- `git.coopcloud.tech/coop-cloud/mailu` → 200 ✓
- `git.coopcloud.tech/coop-cloud/mumble` → 200 ✓
All three exist upstream; mirror creation (Phase 1) should proceed without obstruction.
Reference in New Issue View Git Blame Copy Permalink