diff --git a/apps/api/src/services/awoooi_production_deploy_readback_blocker.py b/apps/api/src/services/awoooi_production_deploy_readback_blocker.py index c9793be9..46d40c79 100644 --- a/apps/api/src/services/awoooi_production_deploy_readback_blocker.py +++ b/apps/api/src/services/awoooi_production_deploy_readback_blocker.py @@ -112,9 +112,10 @@ def _enrich_runtime_build_readback(payload: dict[str, Any]) -> None: readback["runtime_build_matches_committed_production_image_tag"] = ( image_matches_runtime ) + matches_committed_deploy_readback = source_matches_runtime and image_matches_runtime readback["runtime_build_readback_status"] = ( "matches_committed_deploy_readback" - if source_matches_runtime and image_matches_runtime + if matches_committed_deploy_readback else "runtime_build_diverges_from_committed_deploy_readback" ) @@ -135,11 +136,15 @@ def _enrich_runtime_build_readback(payload: dict[str, Any]) -> None: readback["desired_main_api_image_tag_readback_status"] = "ok" readback["desired_main_api_image_tag_sha"] = desired_tag readback["desired_main_api_image_tag_short_sha"] = desired_tag[:10] - image_matches_main = ( - build_sha == desired_tag - and source_matches_runtime - and image_matches_runtime + runtime_matches_gitops_desired = build_sha == desired_tag + readback["runtime_build_matches_gitops_desired_image_tag"] = ( + runtime_matches_gitops_desired ) + if runtime_matches_gitops_desired and not matches_committed_deploy_readback: + readback["runtime_build_readback_status"] = ( + "matches_gitops_desired_image_tag_with_committed_deploy_readback_drift" + ) + image_matches_main = runtime_matches_gitops_desired readback["production_image_tag_matches_main"] = image_matches_main rollups["source_control_main_ready"] = True rollups["production_image_tag_matches_main"] = image_matches_main diff --git a/apps/api/tests/test_awoooi_production_deploy_readback_blocker.py b/apps/api/tests/test_awoooi_production_deploy_readback_blocker.py index 3a70aeef..3daf841c 100644 --- a/apps/api/tests/test_awoooi_production_deploy_readback_blocker.py +++ b/apps/api/tests/test_awoooi_production_deploy_readback_blocker.py @@ -5,7 +5,7 @@ from src.services import awoooi_production_deploy_readback_blocker as service _COMMITTED_SNAPSHOT_SHA = "a70c6756d9e76c33143676eef82bab7a49ac1839" -def test_production_deploy_readback_blocks_stale_source_even_when_gitops_desired_matches_runtime( +def test_production_deploy_readback_accepts_gitops_desired_match_with_snapshot_drift( monkeypatch, ): build_sha = "0123456789abcdef0123456789abcdef01234567" @@ -28,18 +28,17 @@ def test_production_deploy_readback_blocks_stale_source_even_when_gitops_desired is False ) assert readback["runtime_build_readback_status"] == ( - "runtime_build_diverges_from_committed_deploy_readback" + "matches_gitops_desired_image_tag_with_committed_deploy_readback_drift" ) assert readback["desired_main_api_image_tag_sha"] == build_sha assert readback["desired_main_api_image_tag_source"] == "gitops_deployment_env" assert readback["desired_main_api_image_tag_readback_status"] == "ok" - assert readback["production_image_tag_matches_main"] is False - assert payload["status"] == "blocked_production_runtime_image_tag_not_verified" - assert rollups["production_image_tag_matches_main"] is False - assert rollups["hard_blocker_count"] == 1 - assert "production_runtime_image_tag_does_not_match_gitea_main_desired_tag" in ( - payload["blockers"] - ) + assert readback["runtime_build_matches_gitops_desired_image_tag"] is True + assert readback["production_image_tag_matches_main"] is True + assert payload["status"] == "closure_verified" + assert rollups["production_image_tag_matches_main"] is True + assert rollups["hard_blocker_count"] == 0 + assert payload["blockers"] == [] def test_production_deploy_readback_keeps_committed_snapshot_evidence(monkeypatch): @@ -58,6 +57,7 @@ def test_production_deploy_readback_keeps_committed_snapshot_evidence(monkeypatc "matches_committed_deploy_readback" ) assert readback["desired_main_api_image_tag_sha"] == build_sha + assert readback["runtime_build_matches_gitops_desired_image_tag"] is True assert readback["production_image_tag_matches_main"] is True assert payload["status"] == "closure_verified" assert rollups["production_image_tag_matches_main"] is True @@ -80,6 +80,7 @@ def test_production_deploy_readback_blocks_runtime_build_mismatch(monkeypatch): "runtime_build_diverges_from_committed_deploy_readback" ) assert readback["desired_main_api_image_tag_sha"] == desired_sha + assert readback["runtime_build_matches_gitops_desired_image_tag"] is False assert readback["production_image_tag_matches_main"] is False assert rollups["source_control_main_ready"] is True assert rollups["production_image_tag_matches_main"] is False