viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ci: diff changed stacks against CI_PREV_COMMIT_SHA, not HEAD~1
All checks were successful
ci/woodpecker/push/default Pipeline was successful
Details
ci/woodpecker/push/build-cli Pipeline was successful
Details

Browse source 
HEAD~1 on a merge commit is the feature-branch parent, so the
changed-stack detection diffed the WRONG side and silently skipped the
stacks the push actually changed — pipeline 128 'succeeded' without
applying the new ci-pipeline-health stack. Use the push's true
before-state (CI_PREV_COMMIT_SHA) when it resolves, HEAD~1 as fallback
(first build / shallow edge cases). Also touches the ci-pipeline-health
stack so THIS push applies it.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-06-12 20:50:43 +00:00
parent fb8b6aa2f3
commit 30ff8f2db3
2 changed files with 19 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.woodpecker/default.yml
View file

@ -135,6 +135,20 @@ steps:
git fetch --deepen=1 origin master 2>/dev/null || true
fi
# Diff base: prefer the push's true before-state (CI_PREV_COMMIT_SHA).
# HEAD~1 is WRONG for merge commits — it is the first parent (the
# feature-branch side), so the diff shows the OTHER lineage's files
# and silently skips the stacks this push actually changed
# (bit ci-pipeline-health on 2026-06-12, pipeline 128).
DIFF_BASE="HEAD~1"
if [ -n "${CI_PREV_COMMIT_SHA:-}" ] && [ "$CI_PREV_COMMIT_SHA" != "$CI_COMMIT_SHA" ]; then
git cat-file -e "$CI_PREV_COMMIT_SHA^{commit}" 2>/dev/null || git fetch --depth=50 origin master 2>/dev/null || true
if git cat-file -e "$CI_PREV_COMMIT_SHA^{commit}" 2>/dev/null; then
DIFF_BASE="$CI_PREV_COMMIT_SHA"
fi
fi
echo "Diff base: $DIFF_BASE"
# If still no parent, apply all platform stacks as a safe fallback
if ! git rev-parse HEAD~1 >/dev/null 2>&1; then
echo "Cannot determine changed files — applying ALL platform stacks"
@ -142,14 +156,14 @@ steps:
> .app_apply
else
# Check if global files changed (triggers full platform apply)
GLOBAL_CHANGED=$(git diff --name-only HEAD~1 HEAD | grep -E '^(modules/|config\.tfvars|terragrunt\.hcl)' || true)
GLOBAL_CHANGED=$(git diff --name-only "$DIFF_BASE" HEAD | grep -E '^(modules/|config\.tfvars|terragrunt\.hcl)' || true)
if [ -n "$GLOBAL_CHANGED" ]; then
echo "Global files changed — applying ALL platform stacks"
echo "$PLATFORM_STACKS" | tr ' ' '\n' > .platform_apply
else
# Detect platform stacks that changed
git diff --name-only HEAD~1 HEAD | grep '^stacks/' | cut -d/ -f2 | sort -u > .all_changed
git diff --name-only "$DIFF_BASE" HEAD | grep '^stacks/' | cut -d/ -f2 | sort -u > .all_changed
> .platform_apply
while read -r stack; do
if echo "$PLATFORM_STACKS" | grep -qw "$stack"; then
@ -160,7 +174,7 @@ steps:
# Detect app stacks that changed
> .app_apply
git diff --name-only HEAD~1 HEAD | grep '^stacks/' | cut -d/ -f2 | sort -u | while read -r stack; do
git diff --name-only "$DIFF_BASE" HEAD | grep '^stacks/' | cut -d/ -f2 | sort -u | while read -r stack; do
if echo "$PLATFORM_STACKS" | grep -qw "$stack"; then
continue # Skip platform stacks
fi

2
stacks/ci-pipeline-health/main.tf
View file

@ -9,6 +9,8 @@
#
# Runs IN-CLUSTER (not a claude.ai cloud routine) because Vault and the
# Woodpecker token are LAN-only cloud agents can't reach them.
#
# First apply rode the DIFF_BASE fix (pipeline-128 merge-commit detection bug).
variable "schedule" {
type = string