Guard build_agent.yaml updates on Agent branch existence#23987
Open
Kyle-Neale wants to merge 5 commits into
Open
Guard build_agent.yaml updates on Agent branch existence#23987Kyle-Neale wants to merge 5 commits into
Kyle-Neale wants to merge 5 commits into
Conversation
Extract YAML helpers into a shared build_agent.py module so the inline update in `ddev release branch create` and the recovery path through the workflow share parsing logic. Gate both writers on the matching DataDog/datadog-agent branch existing: - `ensure_build_agent_yaml_updated` skips the rewrite (with a warning) when the upstream branch is missing, leaving `main` in place for the tag-time recovery path to handle later. - The `update-build-agent-yaml.yml` workflow now hard-fails instead of warning when the upstream branch is missing, so a fire-and-forget dispatch from `ddev release branch tag` is visible in Actions. - `bump_milestone` defensively restores build_agent.yaml from origin/master after checking out the milestone-bump branch so the release-branch edit cannot leak into the bump commit (see PR #23977 commit f71a89c). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hardens the release-branch .gitlab/build_agent.yaml update flow so neither the ddev CLI nor the GitHub workflow can point release branches at a non-existent upstream DataDog/datadog-agent branch, while also preventing the YAML edit from leaking into milestone-bump commits.
Changes:
- Extracts build-agent YAML parsing/updating helpers into a new shared
build_agent.pymodule and updates imports accordingly. - Adds an upstream branch existence precondition to the
ddev-side writer (warn + no-op when missing) and restores the workflow-side writer to hard-fail when missing. - Adds a defensive
git checkout origin/master -- .gitlab/build_agent.yamlduring milestone bump branch creation to prevent leakage into the bump commit.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
ddev/src/ddev/cli/release/branch/build_agent.py |
New shared module for parsing/updating build-agent YAML and checking upstream agent branch existence. |
ddev/src/ddev/cli/release/branch/create.py |
Switches to shared helpers; adds defensive restore of build_agent.yaml during milestone bump. |
ddev/src/ddev/cli/release/branch/tag.py |
Stops importing build-agent YAML helpers from create.py; imports from build_agent.py instead. |
ddev/tests/cli/release/branch/test_create.py |
Extends tests to cover missing-upstream-branch behavior and the milestone-bump defensive restore. |
.github/workflows/update-build-agent-yaml.yml |
Restores upstream branch existence check as a hard failure (error + exit 1). |
ddev/changelog.d/23987.fixed |
Changelog entry documenting the fix. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
No external caller imports the two YAML-helper names from create.py; they live in build_agent.py and tag.py imports them from there directly. With those imports gone, __all__ has no purpose either. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
Validation ReportAll 21 validations passed. Show details
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
.gitlab/build_agent.yaml(ddev release branch createand theupdate-build-agent-yaml.ymlworkflow) on the matchingDataDog/datadog-agentbranch existing. The workflow now hard-fails; the CLI warns and leavesbranch: mainsoddev release branch tagcan recover later.ddev/src/ddev/cli/release/branch/build_agent.pyshared bycreate.pyandtag.py.bump_milestone(), force-restore.gitlab/build_agent.yamlfromorigin/masterafter checking out the bump branch, so a prior release-branch edit cannot leak into the milestone-bump commit.Motivation
When
7.81.xwas cut,.gitlab/build_agent.yamlended up pointing at aDataDog/datadog-agentbranch that did not yet exist, and the change leaked into the milestone-bump PR #23977 (later reverted). The existence check was missing from both writers and the working-tree state from the release-branch edit was reused for the bump commit.Review checklist (to be filled by reviewers)
qa/requiredif this PR needs QA validation, orqa/skip-qaif it does not. Exactly one of the two is required.backport/<branch-name>label to the PR and it will automatically open a backport PR once this one is merged