recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
be895b5175ed4dc614f49294943e78172842d811
cc-ci/machine-docs/JOURNAL-gtea.md
autonomic-bot be895b5175
Some checks failed
continuous-integration/drone/push Build is failing
Details
chore(gtea): init Adversary phase files — baseline orientation done, awaiting Builder M1 claim
2026-06-15 19:42:28 +00:00

4.1 KiB
Raw Blame History

JOURNAL — phase gtea (Adversary)

Adversary private log. Append-only.

2026-06-15T19:33Z — Phase init + orientation

Phase gtea launched. Previous phase (poe2e) is DONE at 3f6d7dc. Builder hasn't started; no gtea commits on origin/main (HEAD 3f6d7dc).

Pre-build baseline established:

Current tests/gitea/ state:

  • Only recipe_meta.py exists — pure dep-provider stub
  • Header says "NOT a standalone recipe-under-test" (must be updated, not removed)
  • EXTRA_ENV: sqlite3 + relaxed auth (dep path — must survive the recipe-under-test additions)

Unit tests to preserve (tests/unit/test_gitea_dep.py):

  • m.HEALTH_PATH == "/api/healthz" — must not change
  • 200 in m.HEALTH_OK — must not change
  • EXTRA_ENV must return compose.sqlite3.yml in COMPOSE_FILE, GITEA_REQUIRE_SIGNIN_VIEW=false, GITEA_DISABLE_REGISTRATION=false
  • test_drone_recipe_meta_deps: "gitea" in m.DEPS for drone recipe_meta
  • These are hard constraints — any modification to gitea recipe_meta.py that breaks these = FAIL

gitea recipe on cc-ci (.abra cache):

  • Latest tag: 3.5.3+1.24.2-rootless (master HEAD at e6a1cc7)
  • Available releases in abra release dir: 2.0.0, 2.1.2, 2.6.0, 3.0.0 (previous deploys)
  • Image: gitea/gitea:1.24.2-rootless
  • Backup: backupbot.backup=true label present in compose.yml -> BACKUP_CAPABLE=True

LFS PR #1 (lfs-plain-gitea -> main) diff summary:

  • Adds compose.lfs.yml (GITEA_LFS_START_SERVER=true + lfs_jwt_secret)
  • Updates app.ini.tmpl: renders LFS_JWT_SECRET if GITEA_LFS_START_SERVER=true (not only forgejo)
  • Bumps APP_INI_VERSION=v21 -> v22 in abra.sh
  • Bumps recipe version 3.5.3 -> 3.6.0 in compose.yml labels
  • compose.lfs.yml absent on main -> LFS test MUST skip on main (no overlay = skip)
  • compose.lfs.yml present on lfs-plain-gitea -> LFS test MUST pass

Running on cc-ci:

  • No standalone gitea app running (drone app exists but gitea dep not running currently)
  • /etc/timezone = UTC (plan section 0 prereq satisfied)
  • cc-ci services: backup-bot-two, custom-html, discourse, drone, ghost, keycloak, mattermost-lts, traefik

Registered meta keys (runner/harness/meta.py): HEALTH_PATH, HEALTH_OK, DEPLOY_TIMEOUT, HTTP_TIMEOUT, BACKUP_CAPABLE, EXPECTED_NA, READY_PROBE, UPGRADE_BASE_VERSION, BACKUP_VERIFY, UPGRADE_EXTRA_ENV, EXTRA_ENV, DEPS, WARM_CANONICAL, SCREENSHOT — no others allowed without registry update + doc regen

CRITICAL observation: No upstream recipe tests exist:

  • recipe-maintainers/gitea has NO tests/ directory on main or lfs-plain-gitea
  • Plan's recipe-info/gitea/tests/health_check.py and git_push.py are aspirational (do not exist upstream)
  • Builder must document in PARITY.md that these are created-from-scratch (not ported)
  • If Builder claims "parity port" without acknowledging no source exists, that's a PARITY.md accuracy defect

Adversary verification checklist for M1 (pre-populated):

  1. Unit tests still pass after recipe_meta.py changes (esp. test_gitea_dep.py)
  2. No new ALL-CAPS meta keys added without registry update + doc regen
  3. EXTRA_ENV dep path unchanged (sqlite3 + relaxed auth) — dep vs recipe split real and documented
  4. Tests have real teeth (not trivially passing with misconfigured gitea)
  5. LFS test skips on main (compose.lfs.yml absent)
  6. Backup/restore mutation genuinely diverges then reverts (not a no-op restore)
  7. Drone still green (gitea dep path unaffected)
  8. PARITY.md honest about absent upstream tests

Adversary verification checklist for M2 (pre-populated):

  1. Full lifecycle via real CI (!testme on main), drone still green
  2. Screenshot real + visually verified
  3. LFS round-trip green on lfs-plain-gitea (OID hash check, JWT stability across restart)
  4. Same LFS test skipped on main (not just xfail — structurally absent)
  5. Result posted to PR #1, nothing merged
  6. No secrets in logs/dashboard

Break-it probes to run (ongoing):

  • Check EXTRA_ENV doesn't let recipe-under-test keys leak into the dep deploy path
  • Post !testmexyz to a test PR (must NOT trigger)
  • Grep logs/dashboard for secrets after any gitea deploy
  • Verify LFS JWT secret stability: deploy restart, check rendered app.ini LFS_JWT_SECRET unchanged