fix(api): fail closed on stale production runtime deploy readback
Some checks failed
CD Pipeline / workflow-shape (push) Successful in 0s
CD Pipeline / cancel-stale-cd (push) Has been skipped
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
CD Pipeline / tests (push) Has been cancelled

This commit is contained in:
Your Name
2026-06-30 18:55:15 +08:00
parent 12c1811e50
commit 76fee33e1b
5 changed files with 112 additions and 10 deletions

View File

@@ -5,7 +5,7 @@ from src.services import awoooi_production_deploy_readback_blocker as service
_COMMITTED_SNAPSHOT_SHA = "a70c6756d9e76c33143676eef82bab7a49ac1839"
def test_production_deploy_readback_verifies_runtime_build_against_gitops_desired(
def test_production_deploy_readback_blocks_stale_source_even_when_gitops_desired_matches_runtime(
monkeypatch,
):
build_sha = "0123456789abcdef0123456789abcdef01234567"
@@ -33,10 +33,13 @@ def test_production_deploy_readback_verifies_runtime_build_against_gitops_desire
assert readback["desired_main_api_image_tag_sha"] == build_sha
assert readback["desired_main_api_image_tag_source"] == "gitops_deployment_env"
assert readback["desired_main_api_image_tag_readback_status"] == "ok"
assert readback["production_image_tag_matches_main"] is True
assert payload["status"] == "closure_verified"
assert rollups["production_image_tag_matches_main"] is True
assert rollups["hard_blocker_count"] == 0
assert readback["production_image_tag_matches_main"] is False
assert payload["status"] == "blocked_production_runtime_image_tag_not_verified"
assert rollups["production_image_tag_matches_main"] is False
assert rollups["hard_blocker_count"] == 1
assert "production_runtime_image_tag_does_not_match_gitea_main_desired_tag" in (
payload["blockers"]
)
def test_production_deploy_readback_keeps_committed_snapshot_evidence(monkeypatch):