recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
be4f451d3a318fb8a392f0596f024802cd4dc83e
cc-ci/machine-docs/STATUS-5.md
autonomic-bot a147e0772d
Some checks failed
continuous-integration/drone Build is failing
Details
status(5): record lasuite-meet enrollment rollout block
2026-06-01 13:00:34 +00:00

7.7 KiB
Raw Blame History

STATUS — cc-ci Phase 5 Builder

Phase: 5 — Verify /recipe-upgrade + testme-on-pr.sh end-to-end flow SSOT: /srv/cc-ci/cc-ci-plan/plan-phase5-verify-upgrade-flow.md Started: 2026-05-31

Current focus

Minimal enrollment fix for lasuite-meet is committed (f28a2a3). Current work is verifying the live bridge rollout so Phase-5 V5/V6 can continue on lasuite-meet PR #2. Verification is currently paused on host reachability: after nixos-rebuild test --flake path:/root/builder-clone#cc-ci, cc-ci stopped answering Tailscale SSH.

Fixes applied (A5-1, A5-2, related)

A5-2 FIX: bridge/bridge.py commit 5d48436: post_commit_status() added. Bridge POSTs Gitea commit status on recipe PR's head SHA (pending→trigger, success/failure→finish).

A5-1 FIX: nix/modules/bridge.nix commit 5d48436: recipe-maintainers/custom-html-tiny added to POLL_REPOS. Bridge rebuilt: cc-ci-bridge:3761c4221042 (via nixos-rebuild build --flake path:/root/builder-clone#cc-ci on cc-ci + cc-ci-reconcile-bridge).

open-recipe-pr.sh FIX (orchestrator repo): 0df57c6 — replaced python3 with jq (cc-ci has jq, not python3).

testme-on-pr.sh FIX (orchestrator repo): 6910b19 — reads cc-ci/testme context URL instead of first-status URL (fixes wrong BUILD URL when multiple statuses exist).

A5-3 FIX (orchestrator repo, uncommitted): testme-on-pr.sh now ignores a pre-existing cc-ci/testme status on the same PR head after POST=1 until the status tuple changes, so a fresh re-!testme no longer returns a stale prior GREEN/build URL.

ci-test-review helper FIX (orchestrator repo, uncommitted): verify-pr.sh and run-all-recipes.sh now resolve the live host checkout dynamically (/root/builder-clone preferred, /root/cc-ci fallback) instead of hard-coding /root/cc-ci.

V3 — COMPLETE: /recipe-upgrade custom-html-tiny END-TO-END GREEN

Upgrade PR: https://git.autonomic.zone/recipe-maintainers/custom-html-tiny/pulls/2

  • Branch: upgrade-1.1.0+2.42.0, head sha 156a49ac
  • Changes: compose.yml sws 2.38.0→2.42.0; compose.git-pull.yml alpine/git v2.36.3→v2.52.0; version 1.0.1+2.38.0→1.1.0+2.42.0
  • !testme posted → Drone build #29 triggered → SUCCESS (install PASS, upgrade PASS, backup N/A)
  • Commit status: cc-ci/testme state=success target=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/29
  • POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 2VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/29
  • PR comment updated by bridge with 🌻 result

V7 — COMPLETE: mirror reconciliation

  • PR #1 (serve-hidden-files) auto-closed as superseded when PR #2 opened.
  • PR #4 (already-in-upstream-v7) auto-closed as merged-upstream.
  • Mirror main force-synced to upstream main (435df8fc).

V1/V2 partial evidence:

  • V1: !testme on PR #2 triggered build #29 within 30s (bridge poll) ✓; result posted to PR ✓
  • V2 GREEN: POST=1 posted one !testme; POST=0 polled and returned VERDICT=GREEN BUILD= ✓
  • V2 RED: poll-only on PR #5 returned VERDICT=RED BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/34
  • V2 rerun edge: POST=1 MAX_WAIT=80 INTERVAL=5 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 5 now returns the fresh rerun build #43 (not the stale prior #37); PR comments 4 -> 5

V4 — COMPLETE: 2-run regression loop (within the 3-run budget)

Regression PR: https://git.autonomic.zone/recipe-maintainers/custom-html-tiny/pulls/5

  • First head sha 7e1491c6 (v4-red-verify): deliberate bad image tag joseluisq/static-web-server:99.0.0-bad-tag
  • POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html-tiny 5VERDICT=RED BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/34
  • Build #34 result: install PASS, upgrade FAIL, clean_teardown=true, no_secret_leak=true
  • Fix pushed on the same PR branch: head sha 4bd8416a, restoring the known-good upgrade files from upgrade-1.1.0+2.42.0
  • Re-!testme on PR #5 → Drone build #37 → VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/37
  • PR remains open and unmerged; both RED and GREEN results are recorded on the PR

Verification item status

Item Status Evidence
V1 — !testme trigger + result-back PARTIAL build #29 triggered in <30s; commit status + PR comment posted ✓
V2 — testme-on-pr.sh reads verdict DONE GREEN ✓ (build #29/#35); RED ✓ (build #34); rerun fix ✓ (build #43)
V3 — /recipe-upgrade sandbox GREEN DONE custom-html-tiny PR#2; build #29 SUCCESS
V4 — 3-iter regression loop DONE custom-html-tiny PR#5; build #34 RED, build #37 GREEN
V5 — stale-test DEFAULT = comment TODO
V6 — --with-tests opens+verifies cc-ci test PR TODO
V7 — mirror reconciliation DONE PR#1 superseded, PR#4 merged-upstream, main=upstream ✓
V8 — /upgrade-all DEFAULT run TODO
V8a — cc-ci-upgrader agent TODO
V9 — cleanup TODO

V5/V6 groundwork in progress

  • Added orchestration helpers in /srv/cc-ci-orch/.claude/skills/:
    • recipe-upgrade/post-pr-comment.sh — post explanatory/cross-link PR comments via Gitea API
    • ci-test-review/open-cc-ci-pr.sh — open/update recipe-maintainers/cc-ci PRs from a dedicated branch
  • Live candidate check: ssh cc-ci "abra recipe upgrade n8n -m -n" shows a real n8n upgrade path (n8nio/n8n 2.20.6 -> 2.23.1, pgautoupgrade 17-alpine -> 18-alpine).
  • Live recipe PR proof: https://git.autonomic.zone/recipe-maintainers/n8n/pulls/2 (upgrade-3.3.0+2.23.1, head c8d27a2). !testme build #47 returned VERDICT=GREEN BUILD=https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/47.
  • Conclusion: n8n is a good sandbox for V5/V6, but this real upgrade did not naturally surface the stale-test path. Next step is to seed the stale-test case explicitly on a sandbox/scratch branch per Phase 5 §2, then exercise DEFAULT comment-only and --with-tests flows against that seeded case.
  • Second live candidate check: cryptpad app image version-2026.2.0 -> version-2026.5.1 plus nginx 1.29 -> 1.31 on PR https://git.autonomic.zone/recipe-maintainers/cryptpad/pulls/3 (upgrade-0.5.5+v2026.5.1, head 9db61d3) also went GREEN on !testme build #50.
  • Additional live finding: lasuite-meet has a real upgrade path (v1.16.0 -> v1.17.0), but its PR https://git.autonomic.zone/recipe-maintainers/lasuite-meet/pulls/2 stayed VERDICT=PENDING BUILD=? across repeated POST=0 polls because recipe-maintainers/lasuite-meet is not in the bridge's enrolled poll list. That makes it unusable for V5/V6 until explicitly enrolled.
  • Enrollment fix authored and pushed: f28a2a3 fix(bridge): enroll lasuite-meet for !testme adds recipe-maintainers/lasuite-meet to nix/modules/bridge.nix POLL_REPOS.

Verification next step

  • When ssh cc-ci returns, verify the live bridge poller logs include recipe-maintainers/lasuite-meet, then re-run POST=1/POST=0 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh lasuite-meet 2.

Phase 5 gates

(None claimed yet.)

Blocked

  • cc-ci host is currently unreachable over Tailscale after nixos-rebuild test --flake path:/root/builder-clone#cc-ci (used to activate the lasuite-meet bridge enrollment without touching the bootloader). Current probes from the orchestrator:
    • ssh cc-ci ... -> connect to host 100.95.31.88 port 22: Connection timed out
    • tailscale status shows 100.95.31.88 cc-ci ... active; relay "nue"; offline
    • tailscale ping -c 3 cc-ci -> no reply The code change is pushed; live verification is blocked until host reachability returns.