[bug]: local runtime bootstrap can fail when required infra templates are missing after consumer upgrade

[sbonoc]

Affected scope

Generated consumer initialization

What happened?

A generated-consumer repository upgraded to v1.0.0 can hit a local deploy failure because required infra bootstrap templates are missing in the consumer workspace, while bootstrap still proceeds and creates empty target files.

Observed behavior in one upgraded consumer:

• Missing template paths at bootstrap time:
  • scripts/templates/infra/bootstrap/infra/local/helm/core/cert-manager.values.yaml
  • scripts/templates/infra/bootstrap/infra/gitops/platform/base/extensions/kustomization.yaml
• Bootstrap logs FATAL for missing templates but continues, then creates an empty target file:
  • infra/local/helm/core/cert-manager.values.yaml (0 bytes)
• Local deploy then fails when installing cert-manager:
  • startup API check fails (cert-manager CRDs are not yet installed)
  • Helm install times out on blueprint-cert-manager-startupapicheck.

Reproduction

# In a generated-consumer repo upgraded from blueprint
export KEYCLOAK_ADMIN_USERNAME="admin"
export KEYCLOAK_ADMIN_PASSWORD="<redacted>"
export BUYER_WEB_TEST_USERNAME="<redacted>"
export BUYER_WEB_TEST_PASSWORD="<redacted>"

make infra-provision-deploy-local-marketplace

Failure tail:

Error: failed post-install: resource Job/cert-manager/blueprint-cert-manager-startupapicheck not ready. status: InProgress, message: Job in progress
context deadline exceeded

Startup API check logs:

... "the cert-manager CRDs are not yet installed on the Kubernetes API server" ...
... "Timed out" ... err="context deadline exceeded"

Expected behavior

• Required bootstrap templates should always be present in upgraded generated-consumer repos.
• Bootstrap should fail hard (non-zero) when a required template is missing instead of continuing with empty/invalid generated files.
• Local infra-provision-deploy-local-marketplace should install cert-manager successfully with CRDs available.

Additional diagnostic signal

The upgrade plan artifact in the affected consumer had no entries for these template paths:

• scripts/templates/infra/bootstrap/infra/local/helm/core/cert-manager.values.yaml
• scripts/templates/infra/bootstrap/infra/gitops/platform/base/extensions/kustomization.yaml

That suggests upgrade planning/apply may be omitting these required template assets.

Suggested implementation details

1. Ensure these template files are included in generated-consumer upgrade scope and apply plan.
2. In bootstrap template resolution helpers, guarantee missing-template conditions fail the parent script (no continuation with empty content).
3. Add regression coverage:
   • Upgrade test asserting required infra bootstrap templates are present post-upgrade.
   • Bootstrap test that intentionally missing template causes hard failure.
   • Local smoke test validating cert-manager installCRDs path succeeds.
4. Consider defensive checks before Helm cert-manager install:
   • Fail early if values file is empty/malformed.

[sbonoc]

Resolved via merged PR #42.

Fix summary:

• Hardened bootstrap template resolution so missing template artifacts now fail fast instead of continuing and creating empty files.
• Added repair logic for existing zero-byte template-backed targets during bootstrap.
• Updated upgrade planning to merge target + source blueprint contract scopes, so lagging generated-consumer contracts still include newly introduced template assets.
• Added regression coverage for both failure modes and updated test-pyramid classification.

Merged PR: #42