Files

autonomic-bot 51c3280163

continuous-integration/drone/push Build is failing

Details

feat(drone): enroll drone + gitea SCM dep (M1 implementation)

- tests/gitea/recipe_meta.py: gitea as install-time dep provider; sqlite3
  overlay EXTRA_ENV, health path /api/healthz, relaxed access for CI use
- tests/drone/recipe_meta.py: DEPS=["gitea"]; health /healthz; 600s timeout
- tests/drone/install_steps.sh: wires GITEA_CLIENT_ID + GITEA_DOMAIN +
  client_secret Docker secret + DRONE_USER_CREATE before single drone deploy
- tests/drone/functional/test_scm_configured.py: Playwright-free SCM test —
  follows /login redirect, asserts final URL is gitea dep's OAuth2 authorize
  endpoint with matching client_id (per Adversary pre-probe REVIEW-drone.md)
- tests/drone/PARITY.md: backup structural-skip justified (no backupbot labels)
- runner/harness/sso.py: setup_gitea_oauth() — creates gitea admin user via
  CLI + OAuth2 app via API, returns {admin_user, admin_password, client_id,
  client_secret} for install_steps.sh consumption
- runner/run_recipe_ci.py: _enrich_deps_with_sso now handles gitea dep (calls
  setup_gitea_oauth; keycloak path unchanged)
- tests/unit/test_gitea_dep.py: unit tests for gitea dep path — meta loading,
  SSO routing, SCM redirect assertion logic (parametrized)
- machine-docs: STATUS/JOURNAL/BACKLOG-drone.md phase state files initialized

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-11 21:31:43 +00:00

2.5 KiB

Raw Blame History

JOURNAL — phase drone (drone enrollment with gitea SCM dep)

Phase plan: /srv/cc-ci/cc-ci-plan/plan-phase-drone-enroll.md Builder: autonomic-bot / Claude

2026-06-11 — Phase start + design decisions

Context read

P0 confirmed: /etc/timezone exists (UTC) on cc-ci host — fix from commit 3bde76f is live
Adversary pre-probes read from REVIEW-drone.md:
- Confirms P0 satisfied
- Confirms drone 1.9.0+2.26.0 (latest), 1.8.0+2.25.0 (previous) — upgrade tier viable
- Confirms gitea 3.5.3+1.24.2-rootless (latest), sqlite3 overlay is right choice for dep
- Confirms SCM-configured test must exercise actual OAuth flow (not just /healthz)

Architecture decisions

Gitea as dep:

Use compose.sqlite3.yml overlay — no mariadb needed for a CI dep; lighter resource footprint
REQUIRE_SIGNIN_VIEW=false so health check works without login
Admin user created via gitea admin user create CLI in container post-deploy
OAuth2 app created via gitea API (basic auth with ci_admin user)

SCM-configured test:

Playwright test completes the full gitea→drone OAuth flow
Navigates to drone's /login → redirects to gitea OAuth authorize page
Fills ci_admin credentials → clicks authorize → lands on drone dashboard
Verifies drone GET /api/user returns 200 (session valid)
This proves the full OAuth circuit works (not just health)
Negative teeth: a drone without gitea wiring would not redirect to gitea

Drone EXTRA_ENV in install_steps.sh:

Sets COMPOSE_FILE=compose.yml:compose.gitea.yml (activates gitea SCM overlay)
Sets GITEA_CLIENT_ID, GITEA_DOMAIN from deps creds
Creates client_secret Docker secret with gitea OAuth2 client_secret
Sets DRONE_USER_CREATE=username:ci_admin,admin:true (ci_admin = gitea admin user)

Backup analysis:

Drone recipe compose.yml has data volume but NO backupbot labels
abra.sh only exports DRONE_ENV_VERSION=v2, no backup functions
Therefore: backup_capable=False, backup rung = structural skip (justified in PARITY.md)

Implementation sequence

Add setup_gitea_oauth() to runner/harness/sso.py
Update _enrich_deps_with_sso in runner/run_recipe_ci.py for gitea
Create tests/gitea/recipe_meta.py
Create tests/drone/recipe_meta.py
Create tests/drone/install_steps.sh
Create tests/drone/functional/test_scm_configured.py
Create tests/drone/PARITY.md
Add unit tests

2026-06-11 — Implementation

Evidence of each step logged below as work proceeds.

2.5 KiB Raw Blame History