Skip to content

fix(scope): regenerate only the in-scope deployment's manifests, not all#136

Merged
uittenbroekrobbert merged 1 commit into
mainfrom
fix/scope-deployment-processing
Jun 12, 2026
Merged

fix(scope): regenerate only the in-scope deployment's manifests, not all#136
uittenbroekrobbert merged 1 commit into
mainfrom
fix/scope-deployment-processing

Conversation

@uittenbroekrobbert

Copy link
Copy Markdown
Contributor

The bug (root cause of the pr-32 resurrection)

process_project scoped its namespace, resource, and clone steps to the resolved targets, but called:

await self._process_application_manifests(deployment_name)         # singular -> None on plural-scoped path
await self._argo_manager.create_argocd_resources(deployment_name)  # same

On the plural-scoped path (deployment_names=['production'], deployment_name=None) both received None and regenerated every deployment's manifest + ArgoCD folders. So a scoped upsert of production rewrote pr-32's folders, which — racing a concurrent delete of pr-32 — produced the delete/modify git conflict and resurrected pr-32 (lost update).

Fix

  • _process_application_manifests and create_argocd_resources (+ its create_repository_secrets / create_app_projects / create_applications) now take deployment_names and filter via get_deployments. Both process_project call sites pass targets.
  • handle_add_component now scopes its reprocess to the affected deployment(s) (it had the list but dropped it) — sibling handle_add_component_to_deployment already did this.
  • AST regression guard that both calls receive deployment_names (fails on the pre-fix code).

Effect

  • Correctness: a single-deployment op no longer touches other deployments' folders → no cross-deployment collision, no delete-resurrection.
  • Perf/churn: regenerates 1 deployment's manifests + SOPS secrets instead of all N.

Audited clean / out of scope

976 relevant tests pass; ruff + pyright clean.

process_project scoped its namespace/resource/clone steps to `targets`, but
called _process_application_manifests(deployment_name) and
create_argocd_resources(deployment_name) with the *singular* arg -- which is None
on the plural-scoped path -- so a scoped op (e.g. an upsert of one deployment)
regenerated EVERY deployment's manifest + ArgoCD folders. That rewrote unrelated
deployments and, racing a concurrent delete, resurrected the deleted deployment
(pr-32) and produced delete/modify git conflicts.

- _process_application_manifests + create_argocd_resources (and its
  create_repository_secrets / create_app_projects / create_applications) now
  accept deployment_names and filter via get_deployments; both call sites in
  process_project pass `targets`.
- handle_add_component scopes its reprocess to the affected deployment(s).
- AST regression guard that both calls receive deployment_names.

Also a perf win: a single-deployment op regenerates one deployment's manifests +
SOPS secrets instead of all N. The git add -A whole-tree commit (the amplifier
that turns any residual drift into a lost-update) is left for a separate,
defense-in-depth change.
@uittenbroekrobbert uittenbroekrobbert merged commit 403eaae into main Jun 12, 2026
19 of 20 checks passed
@uittenbroekrobbert uittenbroekrobbert deleted the fix/scope-deployment-processing branch June 12, 2026 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant