fix: treat argo branch head drift as warning

This commit is contained in:
Codex
2026-06-27 07:35:32 +00:00
parent db631c72ea
commit 38b280eab2
+15 -2
View File
@@ -253,6 +253,7 @@ function runSentinelControlPlane(state: SentinelCicdState, options: Extract<WebP
}
const observed = options.action === "status" ? collectSentinelObservedStatus(state, options.timeoutSeconds) : null;
const observedReady = options.action !== "status" || sentinelObservedReady(record(observed));
const observedWarnings = options.action === "status" ? sentinelObservedWarnings(record(observed)) : [];
const pipelineRun = sentinelPipelineRunName(state);
const result = {
ok: state.configReady && state.sourceHead.ok && observedReady,
@@ -294,6 +295,7 @@ function runSentinelControlPlane(state: SentinelCicdState, options: Extract<WebP
sha256: state.manifestSha256,
},
observed,
warnings: observedWarnings,
blocker: null,
next: controlPlaneNext(state, options.action),
valuesRedacted: true,
@@ -807,6 +809,7 @@ function runSentinelControlPlaneConfirmed(state: SentinelCicdState, options: Ext
...sentinelCicdElapsedWarnings(record(flush).result === undefined ? null : record(record(flush).result).durationMs, "sentinel git-mirror flush", cicdWaitWarningSeconds),
...asyncGitMirrorFlushWarnings(flush),
...sourceMirrorAlreadyReadyWarnings(state, sourceMirrorSync),
...sentinelObservedWarnings(observed),
...targetValidationDeferredWarnings(state, applyOnly, cicdWaitWarningSeconds),
...(Array.isArray(record(targetValidation).warnings) ? record(targetValidation).warnings.map(text) : []),
...(targetValidationBlocked ? ["targetValidation is blocked; top-level STATUS only covers sentinel control-plane rollout. HWLAB business recovery remains pending; rerun quick verify after internal DB switch completes, without public fallback or a second execution path."] : []),
@@ -911,6 +914,12 @@ function sentinelObservedReady(value: Record<string, unknown> | SentinelObserved
&& record(observed.runtime).ok === true;
}
function sentinelObservedWarnings(value: Record<string, unknown> | SentinelObservedStatus | null): string[] {
const observed = record(value);
const argo = record(observed.argo);
return mergeWarnings(argo.warning);
}
function probeSourceMirror(state: SentinelCicdState, timeoutSeconds: number): Record<string, unknown> {
const namespace = stringAt(state.cicd, "builder.namespace");
const repository = stringAt(state.cicd, "source.repository");
@@ -949,15 +958,19 @@ function probeArgoApplication(state: SentinelCicdState, timeoutSeconds: number,
const healthStatus = nonEmptyString(healthStatusRaw);
const revision = nonEmptyString(revisionRaw);
const revisionMatches = expectedRevision === null || revision === expectedRevision;
const ok = result.exitCode === 0 && syncStatus === "Synced" && healthStatus === "Healthy" && revisionMatches;
const healthy = result.exitCode === 0 && syncStatus === "Synced" && healthStatus === "Healthy";
return {
ok,
ok: healthy,
present: result.exitCode === 0,
syncStatus,
healthStatus,
revision,
expectedRevision,
revisionMatches,
revisionPolicy: "non-blocking-branch-head-drift",
warning: healthy && !revisionMatches
? "Argo app is Synced/Healthy but status.sync.revision differs from current GitOps branch HEAD; in multi-sentinel GitOps this can happen when another sentinel path advances the branch. Runtime image/manifest checks remain authoritative for rollout readiness."
: null,
result: compactCommand(result),
};
}