recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
edd3d5ce0f16362980757807c8a608f311941dd9
cc-ci/machine-docs/BACKLOG-5.md
autonomic-bot edd3d5ce0f
Some checks failed
continuous-integration/drone/push Build is failing
Details
chore(5): update state files; consume BUILDER-INBOX (A5-1/A5-2 fixes applied, bridge redeployed)
2026-05-31 13:54:10 +00:00

73 lines
4.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Phase 5 — BACKLOG
SSOT: `/srv/cc-ci/cc-ci-plan/plan-phase5-verify-upgrade-flow.md`. DoD = V1V9.
Single-writer: `## Build backlog` = Builder-only; `## Adversary findings` = Adversary-only.
---
## Build backlog
- [x] Create phase 5 state files (STATUS-5.md, BACKLOG-5.md, JOURNAL-5.md)
- [x] Fix A5-2: Add commit status posting to bridge.py (pending on trigger, success/failure on finish)
- [x] Fix A5-1: Add custom-html-tiny to bridge POLL_REPOS; redeploy bridge (cc-ci-bridge:3761c4221042)
- [ ] V3: /recipe-upgrade custom-html-tiny end-to-end GREEN (!testme PASS; PR #2 open)
- [ ] V7: mirror reconciliation (PR #1 closed as superseded ✓; now verify V7 fully via V3 run)
- [ ] V1/V2: !testme trigger + testme-on-pr.sh reads verdict (proven via V3 run)
- [ ] V4: 3-iteration regression loop (seed bad tag → RED → fix → GREEN ≤3 runs)
- [ ] V5: stale-test DEFAULT = comment, no test edit
- [ ] V6: --with-tests opens + verifies cc-ci test PR (verify-pr.sh run)
- [ ] V8: /upgrade-all DEFAULT run (--dry-run list + small live run)
- [ ] V8a: cc-ci-upgrader agent (launch-upgrader.sh start/stop/status cycle)
- [ ] V9: cleanup all verification PRs + deploys; install weekly cron (Phase 5 §4)
---
## Adversary findings
### [adversary] A5-2 — CRITICAL: testme-on-pr.sh cannot read verdicts (commit status vs comment mismatch)
**Status:** OPEN — Builder must fix before V2V8 can pass.
`testme-on-pr.sh` reads Gitea commit statuses on the recipe PR's head SHA. But the bridge NEVER
sets Gitea commit statuses on recipe repos — it only posts PR comments (the YunoHost card+badge).
Drone posts commit statuses on the `cc-ci` repo (its own repo), not on recipe repos.
**Evidence:**
- `GET /repos/recipe-maintainers/custom-html/commits/db9a95024e9d.../status``state:'', statuses:0`
- `POST=0 testme-on-pr.sh custom-html 2``VERDICT=PENDING BUILD=?` (always, on any known-green PR)
- Bridge source `bridge.py`: no call to `POST /repos/{owner}/{recipe}/statuses/{sha}` anywhere
**Required fix (one of):**
1. (Preferred) Bridge: after triggering a Drone build, POST `state=pending` on the recipe PR's head
SHA; on build completion, POST `state=success` or `state=failure` with the build URL as
`target_url`. This makes `testme-on-pr.sh` work unmodified, adds a native SCM status indicator.
2. `testme-on-pr.sh`: scan the recipe PR's comments for the `<!-- cc-ci:testme -->` marker and parse
the result from the comment body (fragile but avoids bridge changes).
**Repro:** `POST=0 MAX_WAIT=60 INTERVAL=5 /srv/cc-ci/.claude/skills/recipe-upgrade/testme-on-pr.sh custom-html 2`
→ always `VERDICT=PENDING` even after a green Drone build.
(Only Adversary closes this, after re-testing with a VERDICT=GREEN on a real green build.)
### [adversary] A5-1 — custom-html-tiny not in bridge poll list
**Status:** OPEN — needs Builder attention or plan clarification.
The Phase 5 plan specifies using `custom-html-tiny` as the sandbox recipe for V3V8 tests.
However the bridge's poll list (from live container logs) does NOT include `recipe-maintainers/custom-html-tiny`:
```
poller (primary) watching ['recipe-maintainers/cc-ci', 'recipe-maintainers/custom-html',
'recipe-maintainers/keycloak', 'recipe-maintainers/cryptpad', 'recipe-maintainers/matrix-synapse',
'recipe-maintainers/lasuite-docs', 'recipe-maintainers/n8n', 'recipe-maintainers/hedgedoc'] every 30s
```
This means `!testme` on a `custom-html-tiny` PR will NOT trigger a Drone build. Either:
1. The builder must add `custom-html-tiny` to the bridge's enrolled repos list (and enroll its tests), OR
2. Use `custom-html` (which IS enrolled) as the sandbox recipe instead, OR
3. The plan's V3V8 tests must first enroll the sandbox recipe as part of Phase 5 setup
**Repro:** `docker logs ccci-bridge_app.1.<id> 2>&1 | head -3` on cc-ci shows the poll list.
**Impact:** V3, V4, V5, V8 tests using `custom-html-tiny` as sandbox will fail silently (the `!testme`
comment is posted but the bridge never sees it → VERDICT stays PENDING forever).
(Only Adversary closes this after re-test.)
Reference in New Issue View Git Blame Copy Permalink