fix(api): accept gitops deploy readback drift
All checks were successful
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / tests (push) Successful in 33s
CD Pipeline / build-and-deploy (push) Successful in 8m56s
CD Pipeline / post-deploy-checks (push) Successful in 55s

This commit is contained in:
ogt
2026-07-01 16:47:53 +08:00
parent 0913bf52a2
commit 1578b13fad
2 changed files with 20 additions and 14 deletions

View File

@@ -112,9 +112,10 @@ def _enrich_runtime_build_readback(payload: dict[str, Any]) -> None:
readback["runtime_build_matches_committed_production_image_tag"] = (
image_matches_runtime
)
matches_committed_deploy_readback = source_matches_runtime and image_matches_runtime
readback["runtime_build_readback_status"] = (
"matches_committed_deploy_readback"
if source_matches_runtime and image_matches_runtime
if matches_committed_deploy_readback
else "runtime_build_diverges_from_committed_deploy_readback"
)
@@ -135,11 +136,15 @@ def _enrich_runtime_build_readback(payload: dict[str, Any]) -> None:
readback["desired_main_api_image_tag_readback_status"] = "ok"
readback["desired_main_api_image_tag_sha"] = desired_tag
readback["desired_main_api_image_tag_short_sha"] = desired_tag[:10]
image_matches_main = (
build_sha == desired_tag
and source_matches_runtime
and image_matches_runtime
runtime_matches_gitops_desired = build_sha == desired_tag
readback["runtime_build_matches_gitops_desired_image_tag"] = (
runtime_matches_gitops_desired
)
if runtime_matches_gitops_desired and not matches_committed_deploy_readback:
readback["runtime_build_readback_status"] = (
"matches_gitops_desired_image_tag_with_committed_deploy_readback_drift"
)
image_matches_main = runtime_matches_gitops_desired
readback["production_image_tag_matches_main"] = image_matches_main
rollups["source_control_main_ready"] = True
rollups["production_image_tag_matches_main"] = image_matches_main

View File

@@ -5,7 +5,7 @@ from src.services import awoooi_production_deploy_readback_blocker as service
_COMMITTED_SNAPSHOT_SHA = "a70c6756d9e76c33143676eef82bab7a49ac1839"
def test_production_deploy_readback_blocks_stale_source_even_when_gitops_desired_matches_runtime(
def test_production_deploy_readback_accepts_gitops_desired_match_with_snapshot_drift(
monkeypatch,
):
build_sha = "0123456789abcdef0123456789abcdef01234567"
@@ -28,18 +28,17 @@ def test_production_deploy_readback_blocks_stale_source_even_when_gitops_desired
is False
)
assert readback["runtime_build_readback_status"] == (
"runtime_build_diverges_from_committed_deploy_readback"
"matches_gitops_desired_image_tag_with_committed_deploy_readback_drift"
)
assert readback["desired_main_api_image_tag_sha"] == build_sha
assert readback["desired_main_api_image_tag_source"] == "gitops_deployment_env"
assert readback["desired_main_api_image_tag_readback_status"] == "ok"
assert readback["production_image_tag_matches_main"] is False
assert payload["status"] == "blocked_production_runtime_image_tag_not_verified"
assert rollups["production_image_tag_matches_main"] is False
assert rollups["hard_blocker_count"] == 1
assert "production_runtime_image_tag_does_not_match_gitea_main_desired_tag" in (
payload["blockers"]
)
assert readback["runtime_build_matches_gitops_desired_image_tag"] is True
assert readback["production_image_tag_matches_main"] is True
assert payload["status"] == "closure_verified"
assert rollups["production_image_tag_matches_main"] is True
assert rollups["hard_blocker_count"] == 0
assert payload["blockers"] == []
def test_production_deploy_readback_keeps_committed_snapshot_evidence(monkeypatch):
@@ -58,6 +57,7 @@ def test_production_deploy_readback_keeps_committed_snapshot_evidence(monkeypatc
"matches_committed_deploy_readback"
)
assert readback["desired_main_api_image_tag_sha"] == build_sha
assert readback["runtime_build_matches_gitops_desired_image_tag"] is True
assert readback["production_image_tag_matches_main"] is True
assert payload["status"] == "closure_verified"
assert rollups["production_image_tag_matches_main"] is True
@@ -80,6 +80,7 @@ def test_production_deploy_readback_blocks_runtime_build_mismatch(monkeypatch):
"runtime_build_diverges_from_committed_deploy_readback"
)
assert readback["desired_main_api_image_tag_sha"] == desired_sha
assert readback["runtime_build_matches_gitops_desired_image_tag"] is False
assert readback["production_image_tag_matches_main"] is False
assert rollups["source_control_main_ready"] is True
assert rollups["production_image_tag_matches_main"] is False