cc-ci/machine-docs/JOURNAL-gtea.md

# JOURNAL — phase gtea (gitea full-test enrollment)

Builder private log. Append-only.

---

## 2026-06-15 — Phase start + initial suite build

### Context read

- Phase plan: /srv/cc-ci/cc-ci-plan/plan-phase-gtea-gitea-fulltests.md
- Reference tests: /srv/cc-ci-orch/references/recipe-maintainer/recipe-info/gitea/tests/
  - health_check.py — checks HTTP 200 from root URL
  - git_push.py — create repo → clone → push → verify via API → delete repo
  - NOTE: These files exist ONLY in the local references directory, NOT in the upstream
    recipe-maintainers/gitea repo (which has no tests/ directory). PARITY.md updated to
    reflect this accurately (references are from recipe-info corpus, not the upstream recipe).
- gitea recipe on cc-ci: compose.yml (backupbot.backup=true), compose.sqlite3.yml
- PR #1 (lfs-plain-gitea → main): adds compose.lfs.yml + LFS_JWT_SECRET in app.ini.tmpl
- Versions in abra release dir: 2.0.0+1.18.0, 2.1.2+1.19.3, 2.6.0+1.21.5, 3.0.0+1.22.2-rootless
- Adversary notes: latest recipe tag is 3.5.3+1.24.2-rootless; LFS PR bumps to 3.6.0

### Design decisions

**LFS dep-vs-recipe-under-test split mechanism:**
- EXTRA_ENV(ctx) checks TWO conditions: (1) compose.lfs.yml exists in $ABRA_DIR/recipes/gitea/,
  AND (2) RECIPE=gitea env var is set. Both conditions required.
- Condition (1) ensures LFS is never enabled on main (overlay absent).
- Condition (2) ensures LFS is never enabled when gitea is drone's dep (RECIPE=drone).
- The dep path is thus byte-for-byte identical whether or not compose.lfs.yml exists.
- Decision documented in DECISIONS.md (phase gtea).

**Admin user management:**
- gitea has no built-in admin user from abra deploy. Admin is created via `gitea admin user create`.
- ops.pre_install creates admin user `ci_admin` with a random 32-char hex password.
- Credentials stored at /tmp/ccci-gitea-admin-{domain}.json (mode 600) for reuse across hook calls.
- All subsequent pre_* hooks read from this file (ops module re-imported per op).

**Marker repo:**
- Marker = git repo named `ci-marker` owned by `ci_admin`, auto_init=True.
- pre_upgrade/pre_backup: ensure marker exists (idempotent create)
- pre_restore: DELETE the marker repo (diverge from backup state)
- test_upgrade: assert marker survived chaos redeploy
- test_backup: assert marker exists at backup time
- test_restore: assert marker returned (restore reverted deletion)

### Files written

1. tests/gitea/recipe_meta.py — UPDATED (added BACKUP_CAPABLE, READY_PROBE, SCREENSHOT,
   LFS-conditional EXTRA_ENV; header updated to dual-role)
2. tests/gitea/ops.py — NEW (admin user + marker repo hooks)
3. tests/gitea/test_install.py — NEW (assert_serving + API + admin auth + Playwright)
4. tests/gitea/test_upgrade.py — NEW (marker survived upgrade)
5. tests/gitea/test_backup.py — NEW (marker captured in backup)
6. tests/gitea/test_restore.py — NEW (marker returned after restore)
7. tests/gitea/custom/test_health.py — NEW (parity: HTTP 200 from root)
8. tests/gitea/custom/test_git_push.py — NEW (parity: create→clone→push→verify→delete)
9. tests/gitea/custom/test_admin_api.py — NEW (beyond-parity: user+org+token CRUD)
10. tests/gitea/custom/test_lfs_roundtrip.py — NEW (LFS capstone; skips on main)
11. tests/gitea/PARITY.md — NEW

### Unit test results after changes

```
tests/unit/test_gitea_dep.py: 10/10 PASSED
tests/unit/test_meta.py: 43/43 PASSED
All unit tests: 269 passed, 1 pre-existing failure (test_warm_reconcile.py - unrelated)
```

### Next: run harness locally (BACKLOG item 2)

---

## 2026-06-15 — Harness run + M1 claim

### Bugs found and fixed during harness run

1. **Playwright `_csrf` selector (test_install.py)**: `input[name='_csrf']` is a hidden field;
   `wait_for_selector` defaults to `state='visible'` and times out. Fixed: use `input#user_name`
   (the visible username field). Root cause: gitea renders CSRF as `type="hidden"`.

2. **git credential injection (test_git_push.py + test_lfs_roundtrip.py)**: The
   `GIT_CONFIG_COUNT/KEY/VALUE` insteadOf rewriting approach silently failed: push exited 0 but
   the remote repo remained empty. Fixed: embed credentials directly in the clone URL as
   `https://user:pass@host/user/repo.git`. Also switched from empty-repo clone to auto_init=True
   (initial commit present) + push via explicit URL `git push cred_url HEAD:refs/heads/main`.

3. **double /api/v1 in LFS restart poll (test_lfs_roundtrip.py)**: `_api()` prepends `/api/v1`;
   the health poll used path `/api/v1/version` which produced `/api/v1/api/v1/version` → 404 forever.
   Fixed: changed path to `/version`.

4. **Token scope required (test_admin_api.py)**: gitea 1.22+ requires `scopes` in token creation
   body. Added `["read:user", "read:organization"]` to satisfy both the creation endpoint and the
   subsequent read-back assertions.

5. **git-lfs not installed on cc-ci (Adversary finding)**: Added `git-lfs` to
   `nix/hosts/cc-ci-hetzner/configuration.nix` systemPackages. Deployed via
   `nixos-rebuild switch --flake '/root/builder-clone?submodules=1#cc-ci' 2>&1`. Note: secrets/
   is a git submodule (gitignored but tracked); must use `?submodules=1` in flake URL.
   git-lfs 3.6.1 confirmed installed post-deploy.

### Harness results (run 846690)

```
install : PASS
upgrade : PASS
backup  : PASS
restore : PASS
custom  : PASS  (admin_api PASS, git_push PASS, health PASS, lfs_roundtrip SKIPPED ✓)
Level: 5/5
```

LFS test self-skips with expected message: "compose.lfs.yml absent in gitea recipe checkout".

### M1 CLAIMED

Commit chain: 6ac9989 → 74bc5f0 (selector fix → full test suite → all harness fixes → git-lfs NixOS)
Adversary findings from BUILDER-INBOX consumed in 446bafe.
M1 claim commit: see `claim(gtea):` below.

### Next: await Adversary M1 PASS → proceed to BACKLOG items 6-8 (real CI + LFS PR)