Commit Graph

11 Commits

Author SHA1 Message Date
6be53af5f3 ci: smoke-compose + smoke-reload jobs — T2 four-service boot + caddy reload-during-call (deploy-B §9)
smoke-compose (gated on image-build):
* Rebuilds rutster-edge/engine/brain:smoke from warm GHA cache.
* Runs deploy/smoke/compose_smoke.sh — `docker compose up -d --wait`,
  asserts all four services State=running, curls /healthz + /readyz
  through Caddy TLS (internal CA). Lighter than the all-in-one smoke
  (which already proved the WS path) — its job is the orchestrator
  shape + the network_mode: "service:engine" brain->engine tap posture.

smoke-reload (gated on smoke):
* Reuses rutster-allinone:smoke + the allinone_smoke.py WS helpers.
* Runs deploy/smoke/reload_during_call.py — holds a live WS streaming
  frames at 20ms while a concurrent `caddy reload` fires mid-call;
  asserts zero frames dropped + WS survives across the reload.
  Regresses the stream_close_delay 24h mitigation against caddy #6420/
  #7222 (TLS brief §5 risk 1; spec §9 reload-during-call smoke).

Both jobs run on ubuntu-latest — separate runners for clearer failure
attribution + parallelism (the smoke gate is the failing CI signal,
not a single serial run).

Signed-off-by: Aaron D. Lee <himself@adlee.work>
2026-07-06 15:36:53 -04:00
142933c067 ci: smoke job — all-in-one TLS sim call through real edge->FOB WS path (deploy-B §9)
Adds the smoke job to .github/workflows/ci.yml, gated on image-build.
Runs deploy/smoke/allinone_smoke.py against the freshly-built
rutster-allinone:smoke image:

* Boots the all-in-one container with RUTSTER_LOCAL_CERTS=true (Caddy
  internal CA, no ACME in CI per spec §9).
* Extracts Caddy's internal-CA root cert from /data/caddy/pki/
  authorities/local/root.crt via docker cp.
* Opens wss:// WS to /twilio/media-stream using the extracted root
  (Python stdlib ssl + socket — no pip install required, CI runner-
  image ships Python 3 + ssl).
* Sends Twilio's connected+start handshake frames (the same JSON
  sequence crates/rutster-trunk/tests/ws_ping.rs uses).
* Streams 200 PCM-zeroed frames at 20ms cadence as Twilio Media events.
* Asserts the engine replies with at least one text frame — proving
  the real edge->FOB WS path works end-to-end through TLS.

The compose smoke + reload-during-call smoke (Task 9) gate on this job.

Signed-off-by: Aaron D. Lee <himself@adlee.work>
2026-07-06 15:34:33 -04:00
219df74466 ci: image-build job — builds the four first-party Docker images (deploy-B §6.1)
Extends .github/workflows/ci.yml with an image-build job, gated on the
existing fmt/clippy/test/deny/sim-bench matrix
(needs: [fmt, clippy, test, deny, sim-bench]). Builds all four images via
docker buildx against deploy/Dockerfile's named --targets, with type=gha
caching scoped per image so warm caches take image-build from ~6min to
~90s.

Tags the freshly-built :ci-<sha> images as :smoke too, for the
downstream smoke job to consume. Runs `caddy validate` inside the
freshly-built rutster-edge as a cheap Caddyfile-syntax regression.

No changes to the existing fmt/clippy/test/deny/sim-bench/twilio-live
jobs — those stay the cargo-side source of truth.

Signed-off-by: Aaron D. Lee <himself@adlee.work>
2026-07-06 15:32:24 -04:00
838ecdf5e6 deploy slice C+D+E (binary features): rustls Phase 1 + /metrics + ValkeyEventSink (#25)
Co-authored-by: Aaron D. Lee <himself@adlee.work>
Co-committed-by: Aaron D. Lee <himself@adlee.work>
2026-07-06 14:58:43 +00:00
ee3938864b slice-4½: rutster-sim seed + CI-regressed thresholds (S1-S8) (#18)
Some checks failed
CI / fmt (push) Has been cancelled
CI / clippy (push) Has been cancelled
CI / test (1.85) (push) Has been cancelled
CI / test (stable) (push) Has been cancelled
CI / deny (push) Has been cancelled
CI / sim-bench (stable) (push) Has been cancelled
CI / twilio-live (manual only) (push) Has been cancelled
Co-authored-by: Aaron D. Lee <himself@adlee.work>
Co-committed-by: Aaron D. Lee <himself@adlee.work>
2026-07-05 16:21:07 +00:00
77175aaba1 ci(trunk): twilio-live manual-trigger job + seam-gate verification + doc-link fixes (slice-5 T10)
The routine CI gate stays feature-default-off: MockCallControlClient is the
per-PR test surface. A new twilio-live job runs ONLY on manual
workflow_dispatch (maintainer triggers pre-release) -- it exercises clippy
--features=twilio-live + the live TwilioCallControlClient tests against real
Twilio credentials (TWILIO_* secrets). Never runs per-PR.

Seam gate verified UNCHANGED: loop_driver.rs (744bf314...) + rtc_session.rs
(f47d63b9...) blob hashes match the slice-4 Task 10 pins exactly -- the trunk
leg's tick lives entirely in rutster-trunk/src/loop_driver.rs (a separate file
in a separate crate), so the media-crate seam files stay byte-identical.

cargo deny: reqwest (rustls-tls) + base64 + async-trait introduce ZERO new
duplicate dep versions (verified via `cargo tree -d` with vs without
--features=twilio-live: identical duplicate sets -- the existing skip list in
deny.toml remains sufficient). Local cargo-deny 0.18.3 cannot parse the
`-or-later` SPDX form + CVSS 4.0 advisory entries (pre-existing limitation
documented in deny.toml; CI's cargo-deny-action@v2 bundles 0.19.x which handles
both) -- CI is the authoritative deny gate.

Two rustdoc intra-doc-link warnings in my code fixed (mock.rs private-item
link -> plain inline code; lib.rs redundant explicit link target simplified).
Two pre-existing rustdoc warnings remain in rutster-tap/protocol.rs +
rutster/tap_engine.rs (out of scope -- pre-existing from slices 2-3, not
introduced by slice-5).

T10 of slice-5. This is the final task on the dev-b chain (T2 + T6 + T9 + T10
all landed).

Signed-off-by: Aaron D. Lee <himself@adlee.work>
2026-07-05 16:02:19 +00:00
bdadfd9057 slice-5: scalability seams — addressing, admission, drain, events (review B1/M1-M7) (#14)
All checks were successful
CI / fmt (push) Successful in 1m36s
CI / clippy (push) Successful in 2m21s
CI / test (1.85) (push) Successful in 5m3s
CI / test (stable) (push) Successful in 4m23s
CI / deny (push) Successful in 1m35s
Co-authored-by: Aaron D. Lee <himself@adlee.work>
Co-committed-by: Aaron D. Lee <himself@adlee.work>
2026-07-05 04:35:38 +00:00
d696536bdd slice-4 (finisher): secondary-path e2e + CI seam gate (Tasks 9.2 + 10) (#13)
All checks were successful
CI / fmt (push) Successful in 1m23s
CI / clippy (push) Successful in 2m25s
CI / test (1.85) (push) Successful in 5m45s
CI / test (stable) (push) Successful in 6m30s
CI / deny (push) Successful in 2m7s
Co-authored-by: Aaron D. Lee <himself@adlee.work>
Co-committed-by: Aaron D. Lee <himself@adlee.work>
2026-07-04 17:52:26 +00:00
opencode controller
2f3f92ec6b ci: bump cargo-deny-action v1 -> v2 (CVSS 4.0 advisory-db parse fix)
Some checks failed
CI / test (1.85) (pull_request) Failing after 13m59s
CI / clippy (pull_request) Failing after 14m8s
CI / fmt (pull_request) Failing after 14m14s
CI / test (stable) (pull_request) Successful in 2m48s
CI / deny (pull_request) Failing after 1m55s
CI / fmt (push) Successful in 1m3s
CI / test (1.85) (push) Successful in 2m35s
CI / test (stable) (push) Successful in 2m50s
CI / deny (push) Failing after 1m17s
CI / clippy (push) Failing after 14m28s
2026-07-01 01:05:51 -04:00
opencode controller
c86bb19c0e ci: drop sudo for libopus install (act job containers run as root)
Some checks failed
CI / fmt (pull_request) Successful in 1m10s
CI / clippy (pull_request) Successful in 6m41s
CI / test (1.85) (pull_request) Successful in 8m54s
CI / test (stable) (pull_request) Successful in 9m44s
CI / deny (pull_request) Failing after 11m23s
2026-07-01 00:22:31 -04:00
adlee-was-taken
f92e6f467b ci: cargo-deny + GitHub Actions workflow (spec §6.1, §6.2)
deny.toml allows the permissive Rust-ecosystem licenses + our own
GPL-3.0-or-later; bans duplicate versions of tokio/serde/bytes/tracing
to catch dep-tree divergence early; restricts sources to crates.io. CI
runs fmt --check, clippy -D warnings, test --all (matrix: stable +
MSRV 1.85), and cargo deny check on push + PR to main. The CI job
installs libopus-dev — the opus crate's FFI dependency (PORT_PLAN §7
'Core (FFI)' disposition).
2026-06-28 12:59:29 -04:00