admin/orchestrator
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

feat(deploy): dedicated "Confirm Deploy" status triggers prod deploy

Browse Source 
Split the overloaded `Approved` Plane status: it served BOTH as the human BRD
gate on `analysis` AND as the silent Phase B prod-deploy trigger on `deploy`
(ORCH-036), so a routine approve could launch a self-hosting prod restart.

ORCH-059 introduces a dedicated logical status `confirm_deploy` ("Confirm
Deploy") that triggers ONLY Phase B on `deploy`; `Approved` stays purely a
pipeline gate.

- plane_sync: map "Confirm Deploy" -> "confirm_deploy" in _PLANE_NAME_TO_KEY;
  intentionally absent from _DEFAULT_STATES => fail-closed (no UUID -> .get
  yields None, no KeyError, no blind deploy).
- webhooks/plane: handle_issue_updated routes "Confirm Deploy" (fail-closed
  .get) to new handle_confirm_deploy (guarded to stage=="deploy") ->
  _try_advance_stage(confirm_deploy=True).
- stage_engine: advance_stage gains keyword-only confirm_deploy=False; Phase B
  block returns early for deploy+finished_agent is None but only initiates the
  deploy when confirm_deploy=True; a plain Approved is a deterministic no-op
  (returns before check_deploy_status -> no false БАГ-8 rollback).
- Phase A CTA now asks the operator for "Confirm Deploy", not "Approved".

Contracts unchanged: STAGE_TRANSITIONS, QG_CHECKS, check_deploy_status, hook
exit codes, Phases A/C, merge-gate, DB schema. Conditional like ORCH-35/36
(self-hosting only). Docs updated (CLAUDE.md, architecture/README.md, CHANGELOG).

Refs: ORCH-059

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
claude-bot
2026-06-07 19:12:41 +00:00
committed by deployer
parent dd07b58165
commit 86fe8dd509
12 changed files with 813 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

171
tests/test_confirm_deploy_integration.py Normal file
View File

@@ -0,0 +1,171 @@
"""ORCH-059 TC-10/11/12: end-to-end routing from a Plane webhook payload through
handle_issue_updated into the stage engine, with the host deploy mocked.
Contract (AC-2, AC-3, AC-8):
* TC-10 — task on `deploy` + webhook "Confirm Deploy" -> initiate_deploy called,
`deploy-finalizer` enqueued, `initiated` marker written.
* TC-11 — task on `deploy` + webhook "Approved" -> NO prod deploy initiated, the
task stays on `deploy` (no rollback, no advance to done).
* TC-12 — non-self repo: verdict statuses on `deploy` do not change deploy
behaviour (self_deploy_applies == False; the confirm-deploy branch is inert).
"""
import os
import tempfile
import pytest
_test_db = os.path.join(tempfile.gettempdir(), "test_orch_confirm_e2e.db")
os.environ["ORCH_DB_PATH"] = _test_db
os.environ["ORCH_REPOS_DIR"] = tempfile.gettempdir()
os.environ.setdefault("ORCH_PLANE_API_TOKEN", "test-token")
os.environ.setdefault("ORCH_GITEA_TOKEN", "test-token")
from unittest.mock import MagicMock # noqa: E402
import src.db as _db # noqa: E402
from src.db import init_db, get_db # noqa: E402
from src import stage_engine # noqa: E402
from src import self_deploy # noqa: E402
import src.plane_sync as plane_sync # noqa: E402
import src.webhooks.plane as wh # noqa: E402
IN_PROGRESS = "11111111-1111-1111-1111-111111111111"
APPROVED = "22222222-2222-2222-2222-222222222222"
REJECTED = "33333333-3333-3333-3333-333333333333"
CONFIRM = "44444444-4444-4444-4444-444444444444"
# ORCH project: Confirm Deploy resolved. enduro-like project: NO confirm_deploy key.
_STATES_SELF = {
"in_progress": IN_PROGRESS,
"approved": APPROVED,
"rejected": REJECTED,
"confirm_deploy": CONFIRM,
}
_STATES_NONSELF = {
"in_progress": IN_PROGRESS,
"approved": APPROVED,
"rejected": REJECTED,
}
@pytest.fixture(autouse=True)
def fresh_db(monkeypatch, tmp_path):
monkeypatch.setattr(_db.settings, "db_path", _test_db)
if os.path.exists(_test_db):
os.unlink(_test_db)
init_db()
monkeypatch.setattr(self_deploy.settings, "repos_dir", str(tmp_path))
monkeypatch.setattr(self_deploy.settings, "host_repos_dir", str(tmp_path))
monkeypatch.setattr(stage_engine.settings, "deploy_require_manual_approve", True)
yield
@pytest.fixture(autouse=True)
def silence_engine(monkeypatch):
for name in (
"notify_stage_change", "notify_qg_failure", "send_telegram",
"plane_notify_stage", "plane_notify_qg", "plane_add_comment",
"set_issue_in_review", "set_issue_needs_input", "set_issue_in_progress",
"set_issue_blocked", "set_issue_done",
):
monkeypatch.setattr(stage_engine, name, MagicMock(), raising=False)
def _make_task(stage, repo, branch, wi, plane_id):
conn = get_db()
cur = conn.execute(
"INSERT INTO tasks (plane_id, work_item_id, repo, branch, stage) "
"VALUES (?, ?, ?, ?, ?)",
(plane_id, wi, repo, branch, stage),
)
task_id = cur.lastrowid
conn.commit()
conn.close()
return task_id
def _stage(task_id):
conn = get_db()
row = conn.execute("SELECT stage FROM tasks WHERE id=?", (task_id,)).fetchone()
conn.close()
return row[0]
def _jobs():
conn = get_db()
rows = conn.execute("SELECT agent FROM jobs ORDER BY id").fetchall()
conn.close()
return [r[0] for r in rows]
def _payload(state_uuid, plane_id):
return {"id": plane_id, "state": {"id": state_uuid}}
# ---------------------------------------------------------------------------
# TC-10: E2E Confirm Deploy -> prod deploy initiated
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_tc10_confirm_deploy_e2e_initiates(monkeypatch):
monkeypatch.setattr(plane_sync, "get_project_states", lambda pid: _STATES_SELF)
initiate = MagicMock(return_value=(True, "ok"))
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
task_id = _make_task("deploy", "orchestrator", "feature/ORCH-059-x",
"ORCH-059", "plane-ORCH-059")
await wh.handle_issue_updated(_payload(CONFIRM, "plane-ORCH-059"), "orch-proj")
initiate.assert_called_once()
assert "deploy-finalizer" in _jobs()
assert self_deploy.has_marker("orchestrator", "ORCH-059", self_deploy.INITIATED)
# Verdict comes later via the finalizer — still on `deploy`.
assert _stage(task_id) == "deploy"
# ---------------------------------------------------------------------------
# TC-11: E2E Approved -> no prod deploy, task stays on deploy
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_tc11_approved_e2e_noop(monkeypatch):
monkeypatch.setattr(plane_sync, "get_project_states", lambda pid: _STATES_SELF)
initiate = MagicMock(return_value=(True, "ok"))
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
task_id = _make_task("deploy", "orchestrator", "feature/ORCH-059-x",
"ORCH-059", "plane-ORCH-059")
await wh.handle_issue_updated(_payload(APPROVED, "plane-ORCH-059"), "orch-proj")
initiate.assert_not_called()
assert "deploy-finalizer" not in _jobs()
assert _stage(task_id) == "deploy" # no rollback, no advance to done
assert not self_deploy.has_marker("orchestrator", "ORCH-059", self_deploy.INITIATED)
# ---------------------------------------------------------------------------
# TC-12: non-self repo -> confirm-deploy branch inert (fail-closed, no key)
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_tc12_non_self_repo_unaffected(monkeypatch):
# Non-self project has no confirm_deploy key at all -> the branch never fires.
monkeypatch.setattr(plane_sync, "get_project_states", lambda pid: _STATES_NONSELF)
initiate = MagicMock(return_value=(True, "ok"))
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
# Stub the deploy gate so the legacy non-self path stays deterministic (no
# real git/network); its verdict is irrelevant to this test's assertions.
monkeypatch.setattr(
stage_engine, "QG_CHECKS",
{**stage_engine.QG_CHECKS, "check_deploy_status": lambda *a, **k: (True, "ok")},
)
task_id = _make_task("deploy", "enduro-trails", "feature/ET-009-x",
"ET-009", "plane-ET-009")
# An Approved on a non-self deploy task does not initiate self-deploy logic.
await wh.handle_issue_updated(_payload(APPROVED, "plane-ET-009"), "enduro-proj")
initiate.assert_not_called()
# The (absent) Confirm Deploy status simply maps to no pipeline action.
assert self_deploy.self_deploy_applies("enduro-trails") is False

12
tests/test_deploy_approve.py
View File

@@ -139,12 +139,14 @@ def test_tc06_approved_calls_prod_hook_exactly_once(monkeypatch):
ssh_run = MagicMock(return_value=MagicMock(returncode=0, stdout="", stderr=""))
monkeypatch.setattr(self_deploy.subprocess, "run", ssh_run)
task_id = _make_task("deploy") # already on deploy, awaiting Approved
task_id = _make_task("deploy") # already on deploy, awaiting Confirm Deploy
# 1st human Approved -> Phase B initiates the detached deploy.
# ORCH-059: Phase B is now triggered by the dedicated "Confirm Deploy" status
# (confirm_deploy=True), NOT by a plain Approved. 1st Confirm Deploy ->
# Phase B initiates the detached deploy.
res1 = advance_stage(
task_id, "deploy", "orchestrator", "ORCH-036",
"feature/ORCH-036-x", finished_agent=None,
"feature/ORCH-036-x", finished_agent=None, confirm_deploy=True,
)
assert res1.note == "self-deploy-initiated"
assert ssh_run.call_count == 1
@@ -152,10 +154,10 @@ def test_tc06_approved_calls_prod_hook_exactly_once(monkeypatch):
assert any(j["agent"] == "deploy-finalizer" for j in _jobs())
assert self_deploy.has_marker("orchestrator", "ORCH-036", self_deploy.INITIATED)
# 2nd (duplicate) Approved -> idempotent no-op, hook NOT called again.
# 2nd (duplicate) Confirm Deploy -> idempotent no-op, hook NOT called again.
res2 = advance_stage(
task_id, "deploy", "orchestrator", "ORCH-036",
"feature/ORCH-036-x", finished_agent=None,
"feature/ORCH-036-x", finished_agent=None, confirm_deploy=True,
)
assert res2.note == "self-deploy-already-initiated"
assert ssh_run.call_count == 1 # still exactly one prod deploy

152
tests/test_plane_confirm_deploy.py Normal file
View File

@@ -0,0 +1,152 @@
"""ORCH-059 TC-04/05/06: webhook routing for the dedicated "Confirm Deploy"
status vs. the overloaded "Approved".
Contract (AC-2, AC-3, AC-4):
* TC-04 — handle_issue_updated routes a "Confirm Deploy" status on a `deploy`
task to the Phase B path (handle_confirm_deploy -> advance_stage with
confirm_deploy=True), NOT the plain approve/advance path.
* TC-05 — an "Approved" status on a `deploy` task does NOT initiate the prod
deploy (self_deploy.initiate_deploy is never called).
* TC-06 — an "Approved" status on an `analysis` task still advances
analysis -> architecture (the approved-via-status human gate is intact).
"""
import os
import tempfile
import pytest
_test_db = os.path.join(tempfile.gettempdir(), "test_orch_confirm_routing.db")
os.environ["ORCH_DB_PATH"] = _test_db
os.environ["ORCH_REPOS_DIR"] = tempfile.gettempdir()
os.environ.setdefault("ORCH_PLANE_API_TOKEN", "test-token")
os.environ.setdefault("ORCH_GITEA_TOKEN", "test-token")
from unittest.mock import AsyncMock, MagicMock # noqa: E402
import src.db as _db # noqa: E402
from src.db import init_db, get_db # noqa: E402
from src import stage_engine # noqa: E402
from src import self_deploy # noqa: E402
import src.plane_sync as plane_sync # noqa: E402
import src.webhooks.plane as wh # noqa: E402
IN_PROGRESS = "11111111-1111-1111-1111-111111111111"
APPROVED = "22222222-2222-2222-2222-222222222222"
REJECTED = "33333333-3333-3333-3333-333333333333"
CONFIRM = "44444444-4444-4444-4444-444444444444"
_STATES = {
"in_progress": IN_PROGRESS,
"approved": APPROVED,
"rejected": REJECTED,
"confirm_deploy": CONFIRM,
}
@pytest.fixture(autouse=True)
def fresh_db(monkeypatch, tmp_path):
monkeypatch.setattr(_db.settings, "db_path", _test_db)
if os.path.exists(_test_db):
os.unlink(_test_db)
init_db()
# Deterministic per-project states (no network). handle_issue_updated imports
# get_project_states locally from ..plane_sync, so patch it at the source.
monkeypatch.setattr(plane_sync, "get_project_states", lambda pid: _STATES)
# Isolate sentinel dirs.
monkeypatch.setattr(self_deploy.settings, "repos_dir", str(tmp_path))
monkeypatch.setattr(self_deploy.settings, "host_repos_dir", str(tmp_path))
yield
@pytest.fixture(autouse=True)
def silence_engine(monkeypatch):
for name in (
"notify_stage_change", "notify_qg_failure", "send_telegram",
"plane_notify_stage", "plane_notify_qg", "plane_add_comment",
"set_issue_in_review", "set_issue_needs_input", "set_issue_in_progress",
"set_issue_blocked", "set_issue_done",
):
monkeypatch.setattr(stage_engine, name, MagicMock(), raising=False)
def _make_task(stage, repo="orchestrator", branch="feature/ORCH-059-x",
wi="ORCH-059", plane_id="plane-ORCH-059"):
conn = get_db()
cur = conn.execute(
"INSERT INTO tasks (plane_id, work_item_id, repo, branch, stage) "
"VALUES (?, ?, ?, ?, ?)",
(plane_id, wi, repo, branch, stage),
)
task_id = cur.lastrowid
conn.commit()
conn.close()
return task_id
def _payload(state_uuid, plane_id="plane-ORCH-059"):
return {"id": plane_id, "state": {"id": state_uuid}}
# ---------------------------------------------------------------------------
# TC-04: "Confirm Deploy" routes to the Phase B path with confirm_deploy=True
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_tc04_confirm_deploy_routes_phase_b(monkeypatch):
_make_task("deploy")
spy = AsyncMock()
monkeypatch.setattr(wh, "_try_advance_stage", spy)
# handle_verdict must NOT be taken for the confirm-deploy status.
verdict_spy = AsyncMock()
monkeypatch.setattr(wh, "handle_verdict", verdict_spy)
await wh.handle_issue_updated(_payload(CONFIRM), "proj")
spy.assert_awaited_once()
# confirm_deploy=True must be threaded through.
assert spy.await_args.kwargs.get("confirm_deploy") is True
verdict_spy.assert_not_awaited()
@pytest.mark.asyncio
async def test_tc04b_confirm_deploy_off_deploy_stage_is_noop(monkeypatch):
"""Guard: a stray "Confirm Deploy" on a non-deploy stage is a no-op (no advance)."""
_make_task("analysis")
spy = AsyncMock()
monkeypatch.setattr(wh, "_try_advance_stage", spy)
await wh.handle_confirm_deploy(_payload(CONFIRM), "proj")
spy.assert_not_awaited()
# ---------------------------------------------------------------------------
# TC-05: "Approved" on `deploy` does NOT initiate the prod deploy
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_tc05_approved_on_deploy_does_not_initiate(monkeypatch):
monkeypatch.setattr(stage_engine.settings, "deploy_require_manual_approve", True)
_make_task("deploy")
initiate = MagicMock()
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
# Real routing: Approved -> handle_verdict -> _try_advance_stage(confirm_deploy=False)
# -> advance_stage -> the deploy block no-ops (does not initiate).
await wh.handle_issue_updated(_payload(APPROVED), "proj")
initiate.assert_not_called()
# ---------------------------------------------------------------------------
# TC-06: "Approved" on `analysis` still advances analysis -> architecture
# ---------------------------------------------------------------------------
@pytest.mark.asyncio
async def test_tc06_approved_on_analysis_still_advances(monkeypatch):
task_id = _make_task("analysis")
await wh.handle_issue_updated(_payload(APPROVED), "proj")
conn = get_db()
stage = conn.execute("SELECT stage FROM tasks WHERE id=?", (task_id,)).fetchone()[0]
conn.close()
assert stage == "architecture"

120
tests/test_plane_states.py Normal file
View File

@@ -0,0 +1,120 @@
"""ORCH-059 TC-01/02/03: resolver registration of the dedicated "Confirm Deploy"
status and its fail-closed absence in fallback environments.
Contract (AC-1, AC-7):
* TC-01 — _PLANE_NAME_TO_KEY maps the board name "Confirm Deploy" to the logical
key "confirm_deploy".
* TC-02 — get_project_states for an ORCH-like project (Plane API mocked to
include a "Confirm Deploy" state) returns a NON-empty uuid under
"confirm_deploy", distinct from "approved".
* TC-03 — fail-closed: when the status is absent (API fallback to
_DEFAULT_STATES / unreachable Plane), the key is simply missing and a .get
access yields None WITHOUT raising — the confirm-deploy branch never activates.
"""
import os
import tempfile
import pytest
os.environ.setdefault("ORCH_PLANE_API_TOKEN", "test-token")
os.environ.setdefault("ORCH_GITEA_TOKEN", "test-token")
os.environ["ORCH_DB_PATH"] = os.path.join(tempfile.gettempdir(), "test_orch_plane_states.db")
import src.plane_sync as plane_sync # noqa: E402
from src.plane_sync import ( # noqa: E402
_PLANE_NAME_TO_KEY,
_DEFAULT_STATES,
get_project_states,
reload_project_states,
)
@pytest.fixture(autouse=True)
def fresh_cache():
reload_project_states()
yield
reload_project_states()
# ---------------------------------------------------------------------------
# TC-01: name -> key mapping is registered
# ---------------------------------------------------------------------------
def test_tc01_confirm_deploy_name_to_key_mapping():
assert _PLANE_NAME_TO_KEY.get("Confirm Deploy") == "confirm_deploy"
def test_tc01_confirm_deploy_not_in_default_states():
"""Fail-closed by construction: NO fallback UUID exists for confirm_deploy, so
enduro / API-fallback environments never resolve a (wrong) deploy trigger."""
assert "confirm_deploy" not in _DEFAULT_STATES
# ---------------------------------------------------------------------------
# TC-02: live API resolves a real, distinct uuid for an ORCH-like project
# ---------------------------------------------------------------------------
def test_tc02_get_project_states_resolves_confirm_deploy(monkeypatch):
confirm_uuid = "cfd00000-0000-0000-0000-000000000059"
approved_uuid = "a519a341-dada-4a91-8910-7604f82b79c5"
class _Resp:
def raise_for_status(self):
pass
def json(self):
return {
"results": [
{"name": "In Progress", "id": "b873d9eb-993c-48cd-97ac-99a9b1623967"},
{"name": "Approved", "id": approved_uuid},
{"name": "Confirm Deploy", "id": confirm_uuid},
]
}
monkeypatch.setattr(plane_sync.httpx, "get", lambda *a, **k: _Resp())
states = get_project_states("orch-project-uuid")
assert states.get("confirm_deploy") == confirm_uuid
# Distinct gestures: confirm-deploy must NOT alias the human "Approved" gate.
assert states["confirm_deploy"] != states["approved"]
# ---------------------------------------------------------------------------
# TC-03: fail-closed when the status is absent (API fallback / unreachable)
# ---------------------------------------------------------------------------
def test_tc03_fail_closed_when_api_unreachable(monkeypatch):
"""A Plane outage -> get_project_states falls back to _DEFAULT_STATES, which
has no confirm_deploy key. .get must yield None, never raise."""
def _boom(*a, **k):
raise RuntimeError("plane down")
monkeypatch.setattr(plane_sync.httpx, "get", _boom)
states = get_project_states("any-project-uuid")
# No KeyError, branch never activates.
assert states.get("confirm_deploy") is None
# The human gate "Approved" still resolves (fallback is intact).
assert states.get("approved") == _DEFAULT_STATES["approved"]
def test_tc03_fail_closed_when_status_not_on_board(monkeypatch):
"""Project whose board lacks "Confirm Deploy": the key is filled by NEITHER the
API loop NOR the _DEFAULT_STATES backfill -> absent -> fail-closed."""
class _Resp:
def raise_for_status(self):
pass
def json(self):
return {
"results": [
{"name": "In Progress", "id": "b873d9eb-993c-48cd-97ac-99a9b1623967"},
{"name": "Approved", "id": "a519a341-dada-4a91-8910-7604f82b79c5"},
]
}
monkeypatch.setattr(plane_sync.httpx, "get", lambda *a, **k: _Resp())
states = get_project_states("board-without-confirm")
assert states.get("confirm_deploy") is None
assert states.get("approved") == "a519a341-dada-4a91-8910-7604f82b79c5"

101
tests/test_stage_engine_phase_a_cta.py Normal file
View File

@@ -0,0 +1,101 @@
"""ORCH-059 TC-09: the Phase A CTA asks the operator for "Confirm Deploy".
Contract (AC-6): when Phase A advances `deploy-staging` -> `deploy` and requests
manual approval, both the Plane comment and the Telegram notification must
instruct the operator to flip the status to "Confirm Deploy" (the dedicated
prod-deploy trigger) — and must NOT present "Approved" as the deploy trigger.
"""
import os
import tempfile
import pytest
_test_db = os.path.join(tempfile.gettempdir(), "test_orch_phase_a_cta.db")
os.environ["ORCH_DB_PATH"] = _test_db
os.environ["ORCH_REPOS_DIR"] = tempfile.gettempdir()
os.environ.setdefault("ORCH_GITEA_TOKEN", "test-token")
os.environ.setdefault("ORCH_PLANE_API_TOKEN", "test-token")
from unittest.mock import MagicMock # noqa: E402
import src.db as _db # noqa: E402
from src.db import init_db, get_db # noqa: E402
from src import stage_engine # noqa: E402
from src import self_deploy # noqa: E402
from src.stage_engine import advance_stage # noqa: E402
def _pass(*a, **k):
return (True, "ok")
@pytest.fixture(autouse=True)
def fresh_db(monkeypatch, tmp_path):
monkeypatch.setattr(_db.settings, "db_path", _test_db)
if os.path.exists(_test_db):
os.unlink(_test_db)
init_db()
monkeypatch.setattr(self_deploy.settings, "repos_dir", str(tmp_path))
monkeypatch.setattr(self_deploy.settings, "host_repos_dir", str(tmp_path))
monkeypatch.setattr(stage_engine.settings, "deploy_require_manual_approve", True)
# Pass the staging / merge / freshness sub-gates so the edge reaches Phase A.
monkeypatch.setattr(
stage_engine, "QG_CHECKS",
{**stage_engine.QG_CHECKS,
"check_staging_status": _pass,
"check_branch_mergeable": _pass,
"check_staging_image_fresh": _pass},
)
yield
def _make_task(stage="deploy-staging", repo="orchestrator",
branch="feature/ORCH-059-x", wi="ORCH-059"):
conn = get_db()
cur = conn.execute(
"INSERT INTO tasks (plane_id, work_item_id, repo, branch, stage) "
"VALUES (?, ?, ?, ?, ?)",
(f"plane-{wi}", wi, repo, branch, stage),
)
task_id = cur.lastrowid
conn.commit()
conn.close()
return task_id
def test_tc09_phase_a_cta_requests_confirm_deploy(monkeypatch):
# Silence everything EXCEPT the two CTA channels we want to inspect.
for name in (
"notify_stage_change", "notify_qg_failure", "plane_notify_stage",
"plane_notify_qg", "set_issue_in_review", "set_issue_needs_input",
"set_issue_in_progress", "set_issue_blocked", "set_issue_done",
):
monkeypatch.setattr(stage_engine, name, MagicMock(), raising=False)
plane_comment = MagicMock()
telegram = MagicMock()
monkeypatch.setattr(stage_engine, "plane_add_comment", plane_comment)
monkeypatch.setattr(stage_engine, "send_telegram", telegram)
task_id = _make_task()
res = advance_stage(
task_id, "deploy-staging", "orchestrator", "ORCH-059",
"feature/ORCH-059-x", finished_agent="deployer",
)
assert res.note == "self-deploy-approval-pending"
# The Plane comment CTA mentions "Confirm Deploy" as the trigger.
plane_comment.assert_called_once()
comment_text = plane_comment.call_args.args[1]
assert "Confirm Deploy" in comment_text
# The Telegram CTA mentions "Confirm Deploy" too.
telegram.assert_called_once()
tg_text = telegram.call_args.args[0]
assert "Confirm Deploy" in tg_text
# Neither CTA presents bare "Approved" as the deploy trigger. (The comment may
# mention Approved only to clarify it does NOT trigger; assert no instruction
# to "set status to Approved".)
assert "статус задачи на «Approved»" not in comment_text
assert "на Approved" not in tg_text

141
tests/test_stage_engine_phase_b.py Normal file
View File

@@ -0,0 +1,141 @@
"""ORCH-059 TC-07/08: the Phase B block in stage_engine.advance_stage initiates
the prod deploy ONLY on the confirm-deploy signal.
Contract (AC-2, AC-3, AC-5):
* TC-07 — on (current_stage=="deploy", finished_agent is None) for the
self-hosting repo: confirm_deploy=True -> Phase B initiates; confirm_deploy
omitted/False (a plain Approved) -> a no-op that neither initiates the deploy
nor runs check_deploy_status (no false БАГ-8 rollback).
* TC-08 — idempotency: with the `initiated` marker already present, a repeated
confirm-deploy does NOT initiate again.
"""
import os
import tempfile
import pytest
_test_db = os.path.join(tempfile.gettempdir(), "test_orch_phase_b.db")
os.environ["ORCH_DB_PATH"] = _test_db
os.environ["ORCH_REPOS_DIR"] = tempfile.gettempdir()
os.environ.setdefault("ORCH_GITEA_TOKEN", "test-token")
os.environ.setdefault("ORCH_PLANE_API_TOKEN", "test-token")
from unittest.mock import MagicMock # noqa: E402
import src.db as _db # noqa: E402
from src.db import init_db, get_db # noqa: E402
from src import stage_engine # noqa: E402
from src import self_deploy # noqa: E402
from src.stage_engine import advance_stage # noqa: E402
@pytest.fixture(autouse=True)
def fresh_db(monkeypatch, tmp_path):
monkeypatch.setattr(_db.settings, "db_path", _test_db)
if os.path.exists(_test_db):
os.unlink(_test_db)
init_db()
monkeypatch.setattr(self_deploy.settings, "repos_dir", str(tmp_path))
monkeypatch.setattr(self_deploy.settings, "host_repos_dir", str(tmp_path))
monkeypatch.setattr(stage_engine.settings, "deploy_require_manual_approve", True)
yield
@pytest.fixture(autouse=True)
def silence_side_effects(monkeypatch):
for name in (
"notify_stage_change", "notify_qg_failure", "send_telegram",
"plane_notify_stage", "plane_notify_qg", "plane_add_comment",
"set_issue_in_review", "set_issue_needs_input", "set_issue_in_progress",
"set_issue_blocked", "set_issue_done",
):
monkeypatch.setattr(stage_engine, name, MagicMock(), raising=False)
def _make_task(stage, repo="orchestrator", branch="feature/ORCH-059-x", wi="ORCH-059"):
conn = get_db()
cur = conn.execute(
"INSERT INTO tasks (plane_id, work_item_id, repo, branch, stage) "
"VALUES (?, ?, ?, ?, ?)",
(f"plane-{wi}", wi, repo, branch, stage),
)
task_id = cur.lastrowid
conn.commit()
conn.close()
return task_id
def _stage(task_id):
conn = get_db()
row = conn.execute("SELECT stage FROM tasks WHERE id=?", (task_id,)).fetchone()
conn.close()
return row[0]
# ---------------------------------------------------------------------------
# TC-07: confirm-deploy initiates; plain Approved is a no-op
# ---------------------------------------------------------------------------
def test_tc07_confirm_deploy_initiates(monkeypatch):
initiate = MagicMock(return_value=(True, "ok"))
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
task_id = _make_task("deploy")
res = advance_stage(
task_id, "deploy", "orchestrator", "ORCH-059",
"feature/ORCH-059-x", finished_agent=None, confirm_deploy=True,
)
assert res.note == "self-deploy-initiated"
initiate.assert_called_once()
assert self_deploy.has_marker("orchestrator", "ORCH-059", self_deploy.INITIATED)
# Did NOT advance off deploy — the finalizer records the verdict later.
assert _stage(task_id) == "deploy"
def test_tc07_approved_without_confirm_is_noop(monkeypatch):
"""A plain Approved on `deploy` (confirm_deploy defaults to False): no
initiate_deploy, no rollback, no advance — a deterministic no-op (AC-3)."""
initiate = MagicMock(return_value=(True, "ok"))
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
# If check_deploy_status were (wrongly) run, it would intervene; spy to prove
# it is never invoked on this no-op path.
gate = MagicMock(return_value=(False, "FAILED"))
monkeypatch.setattr(
stage_engine, "QG_CHECKS",
{**stage_engine.QG_CHECKS, "check_deploy_status": gate},
)
task_id = _make_task("deploy")
res = advance_stage(
task_id, "deploy", "orchestrator", "ORCH-059",
"feature/ORCH-059-x", finished_agent=None, # confirm_deploy omitted -> False
)
assert res.note == "approved-on-deploy-noop"
initiate.assert_not_called()
gate.assert_not_called() # check_deploy_status NOT run -> no false БАГ-8
assert res.advanced is False
assert res.rolled_back_to is None
assert _stage(task_id) == "deploy" # stays put, no rollback to development
assert not self_deploy.has_marker("orchestrator", "ORCH-059", self_deploy.INITIATED)
# ---------------------------------------------------------------------------
# TC-08: idempotency — existing `initiated` marker -> repeat is a no-op
# ---------------------------------------------------------------------------
def test_tc08_idempotent_repeat_confirm_deploy(monkeypatch):
initiate = MagicMock(return_value=(True, "ok"))
monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", initiate)
task_id = _make_task("deploy")
# Pre-seed the initiated marker (a deploy already in flight).
self_deploy.write_marker("orchestrator", "ORCH-059", self_deploy.INITIATED, content="1")
res = advance_stage(
task_id, "deploy", "orchestrator", "ORCH-059",
"feature/ORCH-059-x", finished_agent=None, confirm_deploy=True,
)
assert res.note == "self-deploy-already-initiated"
initiate.assert_not_called()