orchestrator/tests/test_deploy_rollback.py

"""ORCH-036 TC-10: a FAILED prod deploy rolls back deploy -> development (AC-4).

The finalizer (Phase C) reads the hook ``result`` sentinel, maps a non-zero exit
to ``deploy_status: FAILED`` and then drives the EXISTING deploy contract via
``advance_stage(finished_agent="deployer")``. With a FAILED verdict the БАГ-8
rollback fires: deploy -> development, ``set_issue_blocked`` + Telegram alert, and
(for the self-hosting repo) the merge-lease is released so the branch is not
wedged. The hook exit-code -> verdict mapping is unit-tested in
``test_deploy_hook_mapping.py``; here we assert the engine REACTION.
"""

import os
import tempfile

import pytest

_test_db = os.path.join(tempfile.gettempdir(), "test_orch_deploy_rollback.db")
os.environ["ORCH_DB_PATH"] = _test_db
os.environ["ORCH_REPOS_DIR"] = tempfile.gettempdir()
os.environ.setdefault("ORCH_GITEA_TOKEN", "test-token")
os.environ.setdefault("ORCH_PLANE_API_TOKEN", "test-token")

from unittest.mock import MagicMock  # noqa: E402

import src.db as _db  # noqa: E402
from src.db import init_db, get_db  # noqa: E402
from src import stage_engine  # noqa: E402
from src import self_deploy  # noqa: E402


@pytest.fixture(autouse=True)
def fresh_db(monkeypatch, tmp_path):
    monkeypatch.setattr(_db.settings, "db_path", _test_db)
    if os.path.exists(_test_db):
        os.unlink(_test_db)
    init_db()
    monkeypatch.setattr(self_deploy.settings, "repos_dir", str(tmp_path))
    monkeypatch.setattr(self_deploy.settings, "host_repos_dir", str(tmp_path))
    # The finalizer's deploy-log write touches a git worktree we don't have here;
    # the verdict it drives comes from check_deploy_status (monkeypatched below).
    monkeypatch.setattr(stage_engine.self_deploy, "write_deploy_log", MagicMock(return_value=True))
    yield


@pytest.fixture(autouse=True)
def silence_side_effects(monkeypatch):
    for name in (
        "notify_stage_change", "notify_qg_failure", "notify_approve_requested",
        "send_telegram", "plane_notify_stage", "plane_notify_qg", "plane_add_comment",
        "set_issue_in_review", "set_issue_needs_input", "set_issue_in_progress",
        "set_issue_blocked", "set_issue_done",
    ):
        monkeypatch.setattr(stage_engine, name, MagicMock())


def _make_task(stage, repo="orchestrator", branch="feature/ORCH-036-x", wi="ORCH-036"):
    conn = get_db()
    cur = conn.execute(
        "INSERT INTO tasks (plane_id, work_item_id, repo, branch, stage) "
        "VALUES (?, ?, ?, ?, ?)",
        (f"plane-{wi}", wi, repo, branch, stage),
    )
    task_id = cur.lastrowid
    conn.commit()
    conn.close()
    return task_id


def _stage(task_id):
    conn = get_db()
    row = conn.execute("SELECT stage FROM tasks WHERE id=?", (task_id,)).fetchone()
    conn.close()
    return row[0]


def _fail(reason):
    def _f(*a, **k):
        return (False, reason)
    return _f


def test_tc10_failed_deploy_rolls_back_to_development(monkeypatch):
    # Hook reported exit 1 (rolled back) -> the host wrapper wrote result=1.
    self_deploy.write_marker("orchestrator", "ORCH-036", self_deploy.RESULT, "1")
    # The deploy-log verdict the gate reads is FAILED.
    monkeypatch.setattr(
        stage_engine, "QG_CHECKS",
        {**stage_engine.QG_CHECKS, "check_deploy_status": _fail("Deploy status: FAILED")},
    )
    task_id = _make_task("deploy")

    stage_engine.run_deploy_finalizer(
        {"task_id": task_id, "repo": "orchestrator", "id": 1, "agent": "deploy-finalizer"}
    )

    # БАГ-8 rollback fired: NOT done, back on development, blocked + alerted.
    assert _stage(task_id) == "development"
    assert stage_engine.set_issue_blocked.called
    assert stage_engine.send_telegram.called
    assert stage_engine.set_issue_done.called is False


def test_tc11_re_deploy_after_rollback_not_wedged(monkeypatch):
    """FAILED deploy -> rollback wipes stale markers so a later Phase B re-initiates.

    Regression for the re-deploy-after-rollback contract (AC-4/AC-10): markers are
    keyed by the (stable) work_item_id, so without cleanup the STALE `initiated` from
    the first failed attempt would make Phase B's idempotency-guard a no-op on the
    retry and wedge the task on `deploy` forever.
    """
    repo, wi, branch = "orchestrator", "ORCH-036", "feature/ORCH-036-x"
    # First (failed) pass left BOTH the idempotency-guard and the verdict behind.
    self_deploy.write_marker(repo, wi, self_deploy.INITIATED, "123")
    self_deploy.write_marker(repo, wi, self_deploy.RESULT, "1")
    monkeypatch.setattr(
        stage_engine, "QG_CHECKS",
        {**stage_engine.QG_CHECKS, "check_deploy_status": _fail("Deploy status: FAILED")},
    )
    task_id = _make_task("deploy")

    stage_engine.run_deploy_finalizer(
        {"task_id": task_id, "repo": repo, "id": 1, "agent": "deploy-finalizer"}
    )

    # Rollback fired AND the stale deploy-state sentinels were wiped.
    assert _stage(task_id) == "development"
    assert self_deploy.has_marker(repo, wi, self_deploy.INITIATED) is False
    assert self_deploy.has_marker(repo, wi, self_deploy.RESULT) is False
    assert self_deploy.read_result(repo, wi) == (False, None)

    # Second pass: the task reaches `deploy` again and the human re-approves. Phase B
    # must ACTUALLY initiate (no stale `initiated` -> not a no-op), proving the retry
    # is no longer wedged.
    init = MagicMock(return_value=(True, "ok"))
    monkeypatch.setattr(stage_engine.self_deploy, "initiate_deploy", init)
    result = stage_engine.AdvanceResult(from_stage="deploy")
    stage_engine._handle_self_deploy_phase_b(task_id, repo, wi, branch, result)

    assert init.called
    assert result.note == "self-deploy-initiated"
    assert self_deploy.has_marker(repo, wi, self_deploy.INITIATED) is True