test: extend deploy json drift contract to decision center
This commit is contained in:
@@ -36,14 +36,14 @@ Phase one extends the desired-state model in this order:
|
||||
4. Add deployment-time metadata that must be common across CI, dev CD and prod CD: deploy env prefix, health deploy-metadata requirement, required runtime secret key names, rollback policy, service port, health path, and resource profile identifiers. The planned first keys are `runtime.containerPort`, `runtime.healthPath`, `runtime.memory.request`, `runtime.memory.limit`, `health.deployMetadataRequired` and `runtime.requiredSecretKeys`. Secret values, credentials, volumes and host paths do not move into `deploy.json`.
|
||||
5. Teach CI producer dry-run, deploy plan and artifact-registry dry-run to render from `deploy.json` first and compare mirrored `CI.json`/`config.json`/manifest values as derived copies. A mismatch is drift, not an alternate source of truth.
|
||||
|
||||
Phase two starts with the low-risk `dev/mdtodo` artifact consumer. Its `deploy.json` entry now owns the source-build artifact repository/tag policy, D601 k3s consumer target, stable image, manifest reference, service port, health path and memory request/limit. `deploy plan --env dev --service mdtodo` and `deploy apply --env dev --service mdtodo --dry-run` must read those fields from `deploy.json`; the k8s manifest and artifact-registry executor constants are derived mirrors checked by a structured `deploy-json-drift` preflight.
|
||||
Phase two starts with low-risk D601 k3s user-service artifact consumers: `dev/mdtodo` and `dev/decision-center`. Their `deploy.json` entries now own the source-build artifact repository/tag policy, D601 k3s consumer target, stable image, manifest reference, service port, health path, memory request/limit and health deploy-metadata requirement. `deploy plan --env dev --service <mdtodo|decision-center>` and dry-run artifact consumer plans must read those fields from `deploy.json`; the k8s manifest and artifact-registry executor constants are derived mirrors checked by a structured `deploy-json-drift` preflight.
|
||||
|
||||
Fields that stay outside `deploy.json` during phase one:
|
||||
|
||||
- `CI.json`: producer pipeline name, source root, Dockerfile path and success summary shape. Once artifact identity is in `deploy.json`, `CI.json.artifacts[].image.repository` becomes a compatibility mirror checked for drift.
|
||||
- `config.json`: provider id, proxy route policy, Compose file/service/container names for services not yet migrated, development SSH/worktree details, and secret source locations. For `dev/mdtodo`, port/health target values in dry-run are deploy-owned and config is no longer an alternate source.
|
||||
- Compose and Kubernetes manifests: volumes, PVCs, security context and rollout strategy remain concrete manifests. For `dev/mdtodo`, container port and memory request/limit are deploy-owned values and manifest copies are drift-checked mirrors until a renderer owns the file.
|
||||
- Artifact-registry executor code: low-level pull/import/retag/recreate commands, registry probes and platform-specific verification scripts. For `dev/mdtodo`, executor dry-run consumes the deploy-owned artifact/consumer/runtime contract; any hardcoded mismatch returns `deploy-json-drift`.
|
||||
- `config.json`: provider id, proxy route policy, Compose file/service/container names for services not yet migrated, development SSH/worktree details, and secret source locations. For `dev/mdtodo` and `dev/decision-center`, port/health target values in dry-run are deploy-owned and config is no longer an alternate source.
|
||||
- Compose and Kubernetes manifests: volumes, PVCs, security context and rollout strategy remain concrete manifests. For `dev/mdtodo` and `dev/decision-center`, container port, memory request/limit and deploy metadata env presence are deploy-owned values and manifest copies are drift-checked mirrors until a renderer owns the file.
|
||||
- Artifact-registry executor code: low-level pull/import/retag/recreate commands, registry probes and platform-specific verification scripts. For `dev/mdtodo` and `dev/decision-center`, executor dry-run consumes the deploy-owned artifact/consumer/runtime contract; any hardcoded mismatch returns `deploy-json-drift`.
|
||||
|
||||
The drift contract is:
|
||||
|
||||
@@ -55,7 +55,7 @@ The drift contract is:
|
||||
|
||||
Lightweight evidence for this contract is `bun scripts/issue-60-cicd-drift-contract-test.ts`. The test parses local JSON/docs only; it does not publish images, deploy services, restart containers, run Playwright or run full e2e.
|
||||
|
||||
Focused second-stage evidence is `bun scripts/issue-60-deploy-json-executor-preflight-contract-test.ts`. It runs only dry-run/contract paths, verifies the `dev/mdtodo` executor reads image, target, port and memory from `deploy.json`, and simulates drift to assert field-level expected/actual error output.
|
||||
Focused second-stage evidence is `bun scripts/issue-60-deploy-json-executor-preflight-contract-test.ts`. It runs only dry-run/contract paths, verifies the `dev/mdtodo` and `dev/decision-center` executors read image, target, port, memory and deploy metadata requirements from `deploy.json`, and simulates drift to assert field-level expected/actual error output.
|
||||
|
||||
## Artifact Catalog
|
||||
|
||||
|
||||
Reference in New Issue
Block a user