ci: wire migration-dry-run into Makefile + Gitea Actions

Commit 827895d32 added the C-7 KF6 sed migration script v2
and 13 unit tests, but didn't wire the new make target or
Gitea Actions job. This commit adds both so the migration
smoke test runs on every PR.

Makefile:
  - New `make test-migration-dry-run` target. Runs
    `migrate-kf6-seds-to-patches.sh --dry-run --limit=1`.
    Discovers candidates, prints the per-recipe plan, exits 0
    on success. Does NOT do any fetches, cooks, or patch
    writes. <5s wall-clock. Added to `.PHONY:`.
  - Picked up automatically by the existing
    `make test-lint-scripts` discovery path (the new test
    file is in local/scripts/tests/, so it's already covered
    by the existing target — no change there).

Gitea Actions (`.gitea/workflows/build-system.yml`):
  - New job `migration-dry-run` (job 5 of 9, depends on
    `unit-tests`, runs on every PR + branch push + schedule).
    Triggers `make test-migration-dry-run` and treats
    exit 0 as success.
  - Renumbered subsequent stage headers to 1f (was 1e).
  - Updated unit-tests job description: '55 cases' -> '99
    cases' (reflects the new 13 migration tests).

Docs:
  - BUILD-SYSTEM-IMPROVEMENTS.md: added the new make
    target to the Make targets table.
  - BUILD-SYSTEM-V6-HARDENING-POSTMORTEM.md: Session 12
    entry covers the v2 migration script + 13 tests + CI
    integration. Updated test count (86 -> 99 Python),
    scope line (11-session -> 12-session), C-7 finding
    (now 'migration script v2 ... now runnable; per-recipe
    execution + recipe rewrite still manual'), and
    durability caveat (10 most recent commits now cover
    the migration work + this postmortem itself).
  - Added the test_migrate_kf6_seds.py row to the test
    coverage table.

Verified:
  - `make test-migration-dry-run` discovers 1 candidate
    and exits 0 in <1s.
  - `make test-lint-scripts` still passes 99/99 tests
    in <1s.
  - Gitea workflow YAML validates: 9 jobs total
    (was 8).
This commit is contained in:
kellito
2026-06-12 15:52:27 +03:00
parent 827895d32f
commit 9e5794ea7a
4 changed files with 59 additions and 22 deletions
+25 -5
View File
@@ -39,7 +39,7 @@ jobs:
# Stage 1a: unit tests
# ---------------------------------------------------------------------------
unit-tests:
name: Unit tests (55 cases, <1s)
name: Unit tests (99 cases, <1s)
runs-on: self-hosted
steps:
- name: Checkout
@@ -48,9 +48,7 @@ jobs:
fetch-depth: 10
- name: Run unit tests
run: python3 -m unittest discover -s local/scripts/tests -v
# ---------------------------------------------------------------------------
run: python3 -m unittest discover -s local/scripts/tests -v # ---------------------------------------------------------------------------
# Stage 1b: offline lint (every PR + branch push)
# ---------------------------------------------------------------------------
lint-offline:
@@ -122,7 +120,29 @@ jobs:
run: make lint-recipe
# ---------------------------------------------------------------------------
# Stage 1e: docs regression check
# Stage 1e: KF6 sed migration dry-run (smoke test)
# ---------------------------------------------------------------------------
migration-dry-run:
name: Migration dry-run (C-7 smoke test)
runs-on: self-hosted
needs: [unit-tests]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 10
- name: Run migration script --dry-run
# Smoke test: the C-7 KF6 sed migration script must
# discover at least one candidate recipe and emit the
# per-recipe plan. --limit=1 keeps the test under 5s.
# Does NOT do any real fetches, cooks, or patch writes.
# Catches: discovery regression, path/name argument
# mixup, permission issues.
run: make test-migration-dry-run
# ---------------------------------------------------------------------------
# Stage 1f: docs regression check
# ---------------------------------------------------------------------------
lint-docs:
name: Lint docs (no legacy build commands)
+10
View File
@@ -229,6 +229,7 @@ FORCE:
lint-recipe.strict lint-recipe.%.strict \
lint-build-system lint-build-system-full \
test-lint-scripts test-lint-scripts-quiet \
test-migration-dry-run \
repair.% clean-repair.%
# Wireshark
@@ -265,6 +266,15 @@ test-lint-scripts:
test-lint-scripts-quiet:
@python3 -m unittest discover -s local/scripts/tests
# Smoke test: run the KF6 sed migration script in --dry-run
# against the live recipe tree. Catches:
# - recipe discovery regression (script can't find kf6-*)
# - path-argument vs name-argument mixup
# - permission / executable issues
# Does NOT do any real fetches, cooks, or patch writes.
test-migration-dry-run:
@./local/scripts/migrate-kf6-seds-to-patches.sh --dry-run --limit=1
lint-cook-failure:
@python3 local/scripts/classify-cook-failure.py --last || \
(echo "No /tmp/redbear-cook.log or /tmp/build.log found. Run a cook first."; exit 0)
+1
View File
@@ -437,6 +437,7 @@ Eliminates the "delete and pray" pattern.
- `make lint-recipe.<pkg>` — one recipe by bare name
- `make lint-recipe.strict` — warnings as errors (CI mode)
- `make lint-recipe.<pkg>.strict` — single recipe, strict mode
- `make test-migration-dry-run` — `migrate-kf6-seds-to-patches.sh --dry-run --limit=1` (smoke test, <5s, no network)
- `make repair.<pkg>` — incremental cook (skips configure when fresh)
- `make clean-repair.<pkg>` — force full cook
- `make lint-build-system` — runs `lint-patches` + `lint-kf6-deps` + `lint-cook-recipe`
@@ -1,10 +1,10 @@
# Red Bear OS Build-System v6.0 Hardening — Post-Mortem
> **Scope.** This document is the durable record of the
> 11-session v6.0 build-system hardening work arc (2026-06-08 to
> 12-session v6.0 build-system hardening work arc (2026-06-08 to
> 2026-06-12). It captures the 10 build-system improvements
> (9 DONE, 1 OPEN), 32 findings addressed, the Gitea Actions CI
> pipeline, the 113-test suite covering all 17 classifier rules +
> pipeline, the 126-test suite covering all 17 classifier rules +
> their false-positive inverses plus the 6 new status and 7 new
> scheduler Rust unit tests, and the deferred follow-up work.
> The 7,000+ uncommitted file modifications in the user's working
@@ -12,19 +12,24 @@
>
> **Durability caveat (added 2026-06-12 after final review).**
> The deliverables in this arc are durable **on disk** in the
> working tree, and most are now durable in `git` history. The 8
> most recent commits on `0.2.3` (`fbc32a6d8`, `5325360b4`,
> `ae749ffb2`, `97fa3a17a`, `bd18eefc6`, `03c8a38a1`, `d6c784ed3`,
> `7ebffe9c2`) cover the parallel cook pool, status reporter,
> build-system hardening arc (5 of 10 improvements), the
> BUILD-SYSTEM-IMPROVEMENTS.md doc, `classify-cook-failure.py`,
> `audit-patch-idempotency.py`, and the auto-link Qt sysroot dirs
> working tree, and most are now durable in `git` history. The 10
> most recent commits on `0.2.3` (`827895d32`, `693e4d774`,
> `fbc32a6d8`, `5325360b4`, `ae749ffb2`, `97fa3a17a`, `bd18eefc6`,
> `03c8a38a1`, `d6c784ed3`, `7ebffe9c2`) cover the C-7 KF6 sed
> migration script v2 + 13 tests + Makefile + Gitea CI integration;
> the postmortem update to 12-session / 9-DONE / 99-test state;
> the parallel cook pool; the cook status reporter; the
> build-system hardening arc (5 of 10 improvements); the
> BUILD-SYSTEM-IMPROVEMENTS.md doc; `classify-cook-failure.py`;
> `audit-patch-idempotency.py`; and the auto-link Qt sysroot dirs
> patch in `src/cook/script.rs`. The remaining v6.0 deliverable
> still in `git status` is this BUILD-SYSTEM-V6-HARDENING-POSTMORTEM.md
> (updated to 11-session / 9-DONE / 27-Rust-test state). The C-1..C-6
> doc and code fixes, `boot-logs/README.md`, and
> `migrate-kf6-seds-to-patches.sh` were committed in `ae749ffb2`.
> Going forward, any new v6.0 work should be committed with
> (updated to 12-session / 9-DONE / 99-Python-test state). The
> C-1..C-6 doc and code fixes, `boot-logs/README.md`, and
> `migrate-kf6-seds-to-patches.sh` (v1) were committed in
> `ae749ffb2`; v2 rewrite of the script + 13 tests + Makefile +
> Gitea CI integration in `827895d32`. Going forward, any new v6.0
> work should be committed with
> `git add <specific-files>` to avoid sweeping the user's
> 7,000+ unrelated WIP modifications.
@@ -43,7 +48,7 @@
| 9 | 06-12 (cont.) | **Build-system improvement #5 shipped**: `local/scripts/lint-recipe.py` (380 lines, 7 rules) + 24 unit tests (`local/scripts/tests/test_lint_recipe.py`). Recipe-index precomputation drops `--all` runtime from 60s+ to 1.1s. `make lint-recipe`, `make lint-recipe.<pkg>`, `make lint-recipe.strict`, `make lint-recipe.<pkg>.strict` wired. New `lint-recipe` Gitea Actions job (job 4 of 8) added to `.gitea/workflows/build-system.yml`. First run on the live tree found: 1 broken-patch reference (`redbear-sessiond/P4-signal-implementations.patch`), 1 dangling `cookbook_apply_patches` call (`tc`), 19 sed -i calls in sddm (warning only — `cookbook_apply_patches` present), 4 sed -i calls in `qt6-wayland-smoke` (uncovers the kind of bug the libwayland fix was preventing). **Test count: 86/86 pass.** |
| 10 | 06-12 (cont.) | **Build-system hardening arc commit + improvement #4 shipped.** First durable commit: `ae749ffb2 build: ship build-system hardening arc (5 of 10 improvements)` — 22 build-system files, including the 5 prior arc deliverables (audit-kf6-deps.py + 13 tests, repair-cook.sh + 7 tests, migrate-kf6-seds-to-patches.sh, BUILD-SYSTEM-V6-HARDENING-POSTMORTEM.md, SCRIPT-BEHAVIOR-MATRIX.md, boot-logs/README.md, build-system.yml, Gitea RUNNER-SETUP.md, libdrm/02 sidecar, cache/README cleanup, Makefile lint/repair targets). Then `5325360b4 build: add cook status reporter (improvement #4)``src/cook/status.rs` (197 lines, 6 unit tests) + `src/bin/repo.rs` wiring. Auto-enables in `CI=1` mode when stderr is a TTY: one-line `[NN/MM] recipe: phase (Xs)` output for each cook. Verified end-to-end with 3-recipe and 5-recipe real cooks. **Test count: 86/86 Python + 20/20 Rust.** |
| 11 | 06-12 (cont.) | **Build-system improvement #1 shipped.** `src/cook/scheduler.rs` (145 lines, 7 unit tests) + `src/bin/repo.rs` `repo cook --jobs=N` flag. Dep-aware level partition via `dep_levels()` (each recipe's level = `1 + max(level of any direct dep in this vec)`, or 0 if no deps in the vec). For each level, runs all recipes in that level via `std::thread::scope` with up to `N` workers. Drain-after-spawn pattern keeps live-worker count <= jobs. Ratatui TUI path unchanged. 7 unit tests cover empty / single / linear / independent / diamond / dev_dependencies / unknown-dep. Verified end-to-end: 5-recipe batch (redbear-statusnotifierwatcher, redbear-traceroute, redbear-udisks + deps expat, dbus) cooks in level 0 (3 parallel) → level 1 (dbus) → level 2 (redbear-udisks). On clean 3-recipe rebuild: 48s serial vs 45s parallel. Speedup bounded by longest single build (17s) on this small batch — the 2-3x gain from the proposal is on 15-recipe KF6 batches with 5-10 min longest builds. Caveat: `build/qt-host-build` host toolchain not yet locked; v2 mitigation is `flock` in `src/cook/script.rs` (deferred, no current redbear-full test recipe triggers qt-host-build). **Test count: 86/86 Python + 27/27 Rust.** |
| 12 | 06-12 (cont.) | **C-7 KF6 sed migration script v2 + CI integration.** The v1 shipped in `ae749ffb2` was a stub with three structural bugs that made it unrunnable: called `repo cook <recipe_dir>` with a path (cookbook takes bare names); created an empty pristine_dir via mktemp -d but never populated it; Step 4 was `SKIP — manual rewrite pending` so the script wrote no patch even when the inline sed chains actually edited the source. Replaced with a working v2: bare-name cookbook CLI, real pristine-source snapshot (`cp -r source/ source-pristine/`) BEFORE the cook, real diff capture, real patch save to `local/patches/<name>/01-initial-migration.patch`. Added `--dry-run` for safe CI smoke testing, `--recipe=<name>` and `--limit=N` for targeted runs, `--help` for the script's contract. Test escape hatch via `REDBEAR_MIGRATE_RECIPES_DIR` / `REDBEAR_MIGRATE_PATCHES_DIR` env vars so the candidate discovery can be exercised on synthetic trees without touching the live project. 13 unit tests in `local/scripts/tests/test_migrate_kf6_seds.py` — 7 candidate-discovery tests (synthetic tree with `make_recipe()` helper, asserts stdout/stderr + exit code) + 6 script-structure tests (regression guards against the v1 bugs: "uses bare names not paths", "uses release/repo binary", "creates patches dir", "diff includes .git/target excludes", "unfetches after capture", "idempotent SKIP when patch exists"). Wired into `make test-migration-dry-run` and new Gitea Actions job `migration-dry-run` (job 5 of 9, every PR). **Test count: 99/99 Python + 27/27 Rust.** Verified `--dry-run --limit=5` correctly identifies `breeze`, `kde-cli-tools`, `kdecoration`, `kf6-attica`, `kf6-karchive` as the first 5 of 56 candidate recipes. The actual migration run still requires the full KF6 dep chain to be built (qtbase, qtdeclarative, kf6-extra-cmake-modules, plus per-recipe deps); the per-recipe verification + recipe-rewrite remains a manual step (the script's `Next steps:` output documents this). |
## Final state
### 10 build-system improvements — 9 DONE, 1 OPEN
@@ -82,10 +87,11 @@
| `test_classify_cook_failure.py` | 35 | 17 positive rule tests (1 per rule), 12 false-positive tests, 5 existing exit-code/JSON/explain-rule tests, 1 --no-fetch honesty test |
| `test_repair_cook.py` | 7 | synthetic recipe fixtures, fast/slow path logic, --clean-build, REPAIR_FORCE |
| `test_lint_recipe.py` | 24 | 7 rule coverage, 1 recipe-index cache, 1 clean-recipe regression test, 1 error recipe test |
| `test_migrate_kf6_seds.py` | 13 | 7 candidate-discovery tests (synthetic tree, exit-code + stdout/stderr assertions) + 6 script-structure tests (regression guards against v1 bugs) |
| `cook::status` (Rust) | 6 | format_elapsed boundaries, disabled no-op, phase tracking |
| `cook::scheduler::dep_levels` (Rust) | 7 | empty / single / linear / independent / diamond / dev_dependencies / unknown-dep |
**Total: 86/86 Python + 27/27 Rust pass in <1 second (Python) / ~3 seconds (Rust).**
**Total: 99/99 Python + 27/27 Rust pass in <1 second (Python) / ~3 seconds (Rust).**
**8 CRITICAL findings (all addressed):**
- C-1 libwayland `patches = [redox.patch]` line removed (was blocking the Wayland stack)
@@ -94,7 +100,7 @@
- C-4 kernel `.gitignore` fixed to recursive `/target`
- C-5 broken driver symlinks re-pointed at `local/recipes/drivers/...`
- C-6 sddm stub headers documented as known maintenance debt in `local/recipes/kde/sddm/stubs/README.md`
- C-7 56 KF6 recipes with `sed -i` chains → migration skeleton at `local/scripts/migrate-kf6-seds-to-patches.sh` (execution deferred)
- C-7 56 KF6 recipes with `sed -i` chains → migration script v2 at `local/scripts/migrate-kf6-seds-to-patches.sh` (now runnable; per-recipe execution + recipe rewrite still manual)
- C-8 2.8 GB of unzipped source cleanup → deferred until C-7 patches are durable
**7 HIGH findings (all addressed):**
@@ -164,6 +170,6 @@ shipment status.
| Path | What it is | Why uncommitted |
|------|-----------|-----------------|
| `local/docs/BUILD-SYSTEM-V6-HARDENING-POSTMORTEM.md` | This doc updated for 11-session / 9-DONE / 27-Rust-test state | Next user-chosen commit; touches paths the user may have other WIP for |
| `local/docs/BUILD-SYSTEM-V6-HARDENING-POSTMORTEM.md` | This doc updated for 12-session / 9-DONE / 99-Python-test state | Next user-chosen commit; touches paths the user may have other WIP for |
| `local/docs/BUILD-SYSTEM-FINGERPRINT-HARDENING-PLAN.md` | User WIP plan (Phase 6+, "pending Oracle fingerprint architecture review") | Draft, not for committing in this arc |
| User's `AGENTS.md`, `local/AGENTS.md`, `README.md`, `config/redbear-*.toml`, `local/sources/{base,bootloader,kernel}` | 7,000+ modifications | User WIP; not in this arc |