delivery-kid: snapshot draft diagnostics to wiki sub-page#87
Merged
jMyles merged 1 commit intoMay 30, 2026
Merged
Conversation
…tics Mirrors the upload_log / finalize_log / preview_log persisted in draft.json to a wiki sub-page at every terminal-state transition, so the diagnostics history survives a delivery-kid storage rebuild. Reuses the Magent@magent BotPassword already provisioned for blue-railroad-import (via the same PICKIPEDIA_BOT_USER / PICKIPEDIA_BOT_PASSWORD env vars). Hook points (each fires asyncio.create_task to avoid blocking the route): - routes/content.py fail() — upload_failed - routes/content.py _submit_preview_transcode exception path — preview_status: failed before Coconut even ran - routes/content.py finalize_sse_generator finally — finalized + finalize_failed - routes/coconut.py _update_draft_preview — preview_status: ready + failed (after webhook) The new pickipedia_client no-ops cleanly when PICKIPEDIA_BOT_PASSWORD is unset, so dev environments without bot creds run fine; the cached mwclient.Site is guarded by a lock for concurrent webhook callers. Wiki-side rendering is in cryptograss/pickipedia#81 — its initDiagnostics falls back to fetching ReleaseDraft:{id}/diagnostics whenever the live /draft-content fetch returns 404.
4 tasks
This was referenced May 31, 2026
jMyles
added a commit
that referenced
this pull request
Jun 1, 2026
…lt keys The pickipedia_client snapshot path in delivery-kid (added in #87) has been silently no-op'ing since deploy: PICKIPEDIA_BOT_PASSWORD in the container is empty, _get_site() returns None without logging, and snapshot_diagnostics returns False without logging. No bot writes ever attempted, no log trail to find the gap. Root cause: the playbook references vault keys named `pickipedia_bot_user` and `pickipedia_bot_password` — which were never added to the vault. The defaults of '' kicked in and the env vars landed empty in the container. The vault DOES have the Magent@magent BotPassword — it's stored as `BLUERAILROAD_BOT_USERNAME` / `BLUERAILROAD_BOT_PASSWORD` and used by maybelle's post-audit-to-wiki.py (which writes the Cryptograss:Delivery-kid-audits/{blockheight} pages successfully). Same bot account, just under a different name in the vault. Point delivery-kid at those keys instead. No vault edit needed; this is purely a rename on the consumer side. ## Follow-up worth doing soon The pickipedia_client should log a single line at module/init time if PICKIPEDIA_BOT_PASSWORD is empty, so the silent-no-op pattern doesn't recur the next time we wire a new env var. Tracking separately rather than bundling here.
This was referenced Jun 1, 2026
jMyles
added a commit
that referenced
this pull request
Jun 1, 2026
The pickipedia_client snapshot path silently no-op'd from #87 deploy until today — _get_site() returned None when PICKIPEDIA_BOT_PASSWORD was empty, with no log line to surface the gap. We only found it by deductive reasoning ("the page doesn't exist, the hook should have fired, where would the snapshot have logged about that") rather than by reading a single explicit log entry. Add a logger.warning the first time we hit that branch, gated on a module-level _warned_missing_creds flag so we warn once per process rather than on every snapshot attempt. Future deployments where someone forgets to wire the env var (or the vault key gets renamed, as in #91) will surface in `docker logs pinning-service` immediately. No behavior change for the cred-present path — exactly the same fast-return when _site is cached.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Supersedes #86 — rebased onto current
production(91f0f7a) and re-targeted frommagent-cryptograss/maybelle-configper the standing fork policy.What's here
Sky's single commit. Mirrors
upload_log/finalize_log/preview_logfromdraft.jsonto a wiki sub-page atReleaseDraft:{id}/diagnosticson every terminal-state transition, so diagnostics survive a delivery-kid storage rebuild. Reuses the existingMagent@magentBotPassword from blue-railroad-import (no new credential, no vault dance).Hook points (each fires
asyncio.create_taskto avoid blocking the route):routes/content.pyfail()→upload_failedroutes/content.py_submit_preview_transcodeexception path → preview-side failures before Coconut runsroutes/content.pyfinalize_sse_generatorfinally →finalized+finalize_failedroutes/coconut.py_update_draft_preview→preview_status: ready+failed(after webhook)The new
pickipedia_clientno-ops cleanly whenPICKIPEDIA_BOT_PASSWORDis unset, so dev environments without bot creds run fine. The cachedmwclient.Siteis guarded by a lock for concurrent webhook callers.Wiki-side rendering is in cryptograss/pickipedia#82 (the rebased version of #81) — its
initDiagnosticsfalls back to fetchingReleaseDraft:{id}/diagnosticswhenever the live/draft-contentfetch returns 404.Rebase notes
Conflict in
routes/content.pywas an additive collision — production grew alog_pre_handler_failure()helper (accf8cd: capture pre-handler upload failures in upload_log) at the same location where Sky added_fire_diagnostics_snapshot(). They're unrelated, so resolved by keeping both, sequenced in the order added.Test plan
cd delivery-kid/pinning-service && pytest(34 expected — 20 existing + 14 new intest_pickipedia_client.py)PICKIPEDIA_BOT_PASSWORDset; verifyReleaseDraft:{uuid}/diagnosticspage is created with finalize_log + preview_log JSONPICKIPEDIA_BOT_PASSWORD; verify routes still succeed (snapshot is a no-op, no errors logged)Deploy
Needs
--rebuildso the newmwclientdep inrequirements.txtgets baked into the image.