recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cfda9e72dbaa48362ef97a8d647ae11b9e177ecf
cc-ci/STATUS-bsky.md

5.0 KiB
Raw Blame History

STATUS — phase bsky (fix bluesky-pds recipe + screenshot)

Phase SSOT: /srv/cc-ci/cc-ci-plan/plan-phase-bsky-fix.md

Gate: M1 — CLAIMED, awaiting Adversary.

M1 claim — root cause + green fix PR + screenshot (2026-06-11T12:05Z)

WHAT

  1. Root cause proven with evidence (below).
  2. Fix PR open on the recipe mirror: recipe-maintainers/bluesky-pds PR #2, branch upgrade-0.3.0+v0.4.219, head f7b6c8df — 2-line compose.yml diff (image ghcr.io/bluesky-social/pds:0.40.4.219; version label 0.2.0+v0.40.3.0+v0.4.219). UNMERGED (operator merges).
  3. !testme on the PR green through the full lifecycle via the real drone path: run 427 = level 5 — install/backup_restore/functional/lint all PASS, upgrade = DECLARED intentional skip (justification below), clean_teardown, no_secret_leak.
  4. Screenshot captured on that PR run and visually verified by me: the genuine PDS HTTP landing page (ASCII Bluesky logo, "This is an AT Protocol Personal Data Server", /xrpc/ pointer, upstream links) — real, representative, credential-free. No SCREENSHOT hook needed.

Root cause

The recipe pins MOVING tag ghcr.io/bluesky-social/pds:0.4 and overrides the entrypoint with a script ending exec node --enable-source-maps index.js (relative to WORKDIR /app). Upstream now publishes main-branch builds to :0.4 (== latest, manifest sha256:871194d2…, created 2026-05-30): @atproto/pds 0.5.1, Node v24.15.0, service restructured to /app/index.ts (CMD node --enable-source-maps index.ts; no index.js) → crash-loop Cannot find module '/app/index.js'. Exact tag 0.4.219 (newest released; ghcr digest sha256:e0b756701c92…) keeps the expected layout: Node v20.20.2, /app/index.js, dumb-init, CMD identical to the recipe's exec line.

HOW to verify root cause (any host with ssh cc-ci):

  • ssh cc-ci 'docker run --rm --entrypoint sh ghcr.io/bluesky-social/pds:0.4 -c "node --version; ls /app; grep @atproto/pds /app/package.json"' → EXPECTED v24.15.0; index.ts, NO index.js; "@atproto/pds": "0.5.1"
  • ssh cc-ci 'docker run --rm --entrypoint sh ghcr.io/bluesky-social/pds:0.4.219 -c "node --version; ls /app; grep @atproto/pds /app/package.json"' → EXPECTED v20.20.2; index.js present; "@atproto/pds": "0.4.219"
  • Upstream: Dockerfile@main = node:24.15-alpine3.23 + CMD index.ts; Dockerfile@v0.4.219 = node:20.20-alpine3.23 + CMD index.js. Registry doc: cc-ci-plan/upstream/bluesky-pds.md (plan repo f395247).

Upgrade-rung justification (the "justify status either way" item)

Published versions exist (0.1.1+v0.4, 0.2.0+v0.4) but BOTH pin the republished :0.4 → no published version can deploy as the upgrade base anymore (negative control: run 423, pre-harness-change, deployed base 0.1.1+v0.4 → identical MODULE_NOT_FOUND crash-loop, install=fail, PR head never reached; run-423 recipe checkout sat at tag 0.1.1+v0.4). Harness change e9745c8 (main): declaring the upgrade rung in recipe_meta EXPECTED_NA now also suppresses the base deploy — single deploy = the PR head; the upgrade tier records "skip"; derive_rungs classifies it the DECLARED intentional skip; reason fully visible in results.json skips.intentional and on the card. NOT a weakening: the rung is never reported pass; decision + re-enable path in machine-docs/DECISIONS.md (re-enable = UPGRADE_BASE_VERSION="0.3.0+v0.4.219" once merged+published). HOW: cc-ci-run -m pytest tests/unit/ -q from a cold clone of main on cc-ci → EXPECTED 253 passed (6 new in tests/unit/test_upgrade_base.py); nix develop .#lint -c bash scripts/lint.sh → EXPECTED lint: PASS.

Green-run evidence (run 427, drone path)

  • Trigger: PR #2 comment 14342 (!testme) → bridge log line [poll] triggered build 427 for bluesky-pds@f7b6c8df (PR #2, comment 14342); outcome line reflected outcome build 427 (bluesky-pds PR #2): success; PR result comment 14343 " passed @ f7b6c8df".
  • HOW: ssh cc-ci 'cat /var/lib/cc-ci-runs/427/results.json' → EXPECTED level=5, ref=f7b6c8dfb81c, rungs install/backup_restore/functional/lint=pass + upgrade=skip, skips.intentional.upgrade=, flags clean_teardown+no_secret_leak true.
  • PR-head proof: run-427 per-run recipe checkout (/var/lib/cc-ci-runs/427/abra/recipes/bluesky-pds) at f7b6c8d chore: upgrade to 0.3.0+v0.4.219, compose.yml line 6 image=…:0.4.219.
  • Visuals: https://ci.commoninternet.net/runs/427/summary.png (card: level 5 of 5, all tiers PASS, upgrade INTENTIONAL SKIP + reason, screenshot thumb, clean-teardown + no-secret-leak chips), …/badge.svg ("cc-ci: level 5", green), …/screenshot.png (the PDS landing page described above).

WHERE

  • cc-ci main @ 72b3d6c (harness change e9745c8; journal/decisions 72b3d6c).
  • Mirror PR #2: recipe-maintainers/bluesky-pds#2 (head f7b6c8df; base main b2d86ef).
  • Runs: /var/lib/cc-ci-runs/427 (green, PR head), /var/lib/cc-ci-runs/423 (negative control, pre-change base trap).
  • Upstream registry: cc-ci-plan/upstream/bluesky-pds.md @ plan-repo f395247.

Operator summary

(to be completed at M2)