cc-ci — Co-op Cloud recipe CI server

Comment !testme on a PR in an enrolled Co-op Cloud recipe repo and cc-ci deploys the recipe at that commit onto a real single-node Docker Swarm, runs install / upgrade / backup-restore tests (Python + Playwright) end-to-end, and reports a live, tail-able run with pass/fail back to the PR.

This repo declares the entire server as a NixOS flake and holds the test harness, the per-recipe test trees, and the docs to enroll a recipe or rebuild the box from scratch.

Status: under active autonomous construction. See STATUS.md for the live phase and plan.md-driven milestones in BACKLOG.md. Definition of Done is D1–D10 (see the build plan).

Layout

flake.nix              NixOS host(s) + devshell
hosts/cc-ci/           the cc-ci machine config
modules/               drone, comment-bridge, swarm, dashboard, secrets (Nix modules)
secrets/               sops-encrypted infra secrets
bridge/                !testme webhook listener source
runner/                run_recipe_ci.py + shared pytest harness
dashboard/             results overview generator
tests/<recipe>/        per-recipe install/upgrade/backup tests + playwright/
docs/                  install, enroll-recipe, secrets, architecture, runbook, baseline

Docs

• docs/install.md — rebuild the server from scratch (D8)
• docs/enroll-recipe.md — add a recipe under CI (D5)
• docs/secrets.md — secret model + rotation (D6)
• docs/architecture.md, docs/runbook.md — design + debugging failed runs
• docs/baseline.md — bootstrap snapshot / rollback reference

Loop state (autonomous build)

STATUS.md (phase/blockers), BACKLOG.md (work + adversary findings), REVIEW.md (independent verification), JOURNAL.md (build log), DECISIONS.md (architecture choices). See the build plan for the two-loop Builder/Adversary protocol.