Merge stable into develop#9395
Closed
infrahub-github-bot-app[bot] wants to merge 6 commits into
Closed
Conversation
The Related resources links used extensionless relative paths (../overview, ../create-and-load, ../extensions). Because the page is an index.mdx, Docusaurus resolves these URL-relative against the /schema/marketplace route and overshoots to the site root, producing broken links (/create-and-load, /extensions) that fail the docs build. Add the .mdx extension so the links resolve file-relative, matching the existing convention used elsewhere in the same file.
* test: add failing test for #9349 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: prevent git sync task workers from diverging (#9349) Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: bind infrahub_branch when pull creates a missing branch Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * refactor: share worktree resolution between pull and pull_to_commit Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: pin commit SHA when pulling a read-only git repository * fix: pin commit SHA when adding a git repository Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: narrow git error catch in fan-out pin resolution get_commit_value only raises ValueError (branch absent) or InvalidGitRepositoryError (clone missing/corrupt). Catching the GitError base class also swallowed GitCommandError, HookExecutionError, and other unexpected git failures, masking them behind a silent fall-back to pull(). Narrow both pin-resolution sites to the exceptions actually expected. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: pin commit SHA when merging a git repository branch After merging into the destination branch, resolve the resulting commit and broadcast it in RefreshGitFetch so fan-out workers check out the merge commit instead of pulling the destination branch to whatever upstream HEAD is at that moment, keeping the pool converged if upstream advances during fan-out. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: pin commit SHA when creating a git repository branch Resolve the new branch's commit and broadcast it in RefreshGitFetch so fan-out workers check out that exact SHA rather than pulling the branch to whatever upstream HEAD is at fetch time. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * docs: regenerate message-bus events for RefreshGitFetch commit field Add the generated row for the new commit field and tighten its description to a single line so the message-bus events reference matches generation. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: pin resolved commit when pulling a read-only repository by ref A ref-only pull (commit unset) resolved a concrete SHA during sync but broadcast the unset commit, leaving fan-out workers to re-resolve the ref independently and diverge. Resolve the ref once and use that SHA for both the sync and the broadcast. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix: pin resolved commit when adding a read-only repository Resolve the ref to a concrete SHA once and use it for both the initial sync and the RefreshGitFetch broadcast, so fan-out workers cloning the new read-only repository converge on that commit instead of re-resolving the ref. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: configure repo mocks for commit-pinned RefreshGitFetch The add and read-only-add flows now resolve a commit and broadcast it, so the mocked repos must return a SHA from get_commit_value (and expose ref for the read-only flow), and the read-only sync assertion expects the pinned commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * duplicated line * format * addressing feedbacks * get the lock upper in the chain to also encapsulate the pull * refactor(git): drop unused _update_commit_value_if_requested helper The helper was introduced but never wired into any call site — the three existing producers (create_locally, pull, reset_to_commit) already inline the `if update_commit_value:` conditional the helper was meant to encapsulate. Remove the dead code. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(git): broadcast READONLYREPOSITORY kind from read-only add flow add_git_repository_read_only operates on InfrahubReadOnlyRepository but was broadcasting repository_kind=InfrahubKind.REPOSITORY, so peer workers consuming the RefreshGitFetch notification re-instantiated the repo as InfrahubRepository and ran the read-write pull path. Send the matching READONLYREPOSITORY kind so consumers materialize the same type the producer just created. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * better error message when the reset --hard fails * testing that the repository generated is a read-only repository * testing the sad path of hard reset related to git fetch operations * docs(changelog): add fragment for read-only repository kind broadcast fix Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
github-actions
Bot
added
type/documentation
docs: fix broken relative links on schema marketplace page
…#9396) * new security settings that enable/disable the account creation fallback * plug the new security settings about account assignation fallback into authentication layer * chore: add changelog fragment for SSO account name fallback setting Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * test: clarify docstring for disabled-fallback both-names-taken case Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * chore: register sso_account_name_fallback env var in docker-compose Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> * refactor: use scalar account__id filter for single-id lookups in SSO signin The ExternalIdentity.account relationship is single-cardinality, so a single-value account__id filter expresses the intent more directly than passing a one-element list to account__ids. Functionally equivalent — both forms scope correctly. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: rewrite both-names-taken docstring as proper summary + description The previous form split a single sentence across the summary line with a stray period to satisfy D205, leaving the docstring unreadable. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: assert SSO transition fallback ignores unrelated identities Pre-existing identity on an unrelated account must not block adoption of a same-named, never-linked account. Exercises the scoping of the account filter on the existing-identity lookup; catches a misspelled relationship filter that would silently match every row. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
* test: add failing frontend test for #4872 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(frontend): hide internal groups from bulk add-to-groups toolbar Pass group_type__values=["default"] filter to BulkMutateGroups so the dropdown only surfaces user-assignable groups, mirroring the existing read-side filter on group_type=internal. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test: add failing test for manage-groups dropdown filter Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(frontend): hide internal groups from manage-groups dropdown Thread an optional filterQuery prop through DynamicRelationshipFieldProps, RelationshipManyField, and RelationshipManyInput so it reaches the existing filterQuery handling in RelationshipComboboxList. AddGroupForm now passes group_type__values=["default"] when configuring the member_of_groups picker, matching the read-side filter that already excludes internal groups from the profiles/groups card. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(changelog): add fragment for #4872 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * chore(changelog): clarify scope of internal-groups filter The filter excludes groups with group_type='internal', regardless of kind — the prior wording listed specific kinds and implied a kind-based blocklist. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * betterer --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Contributor
|
Will be at least partially replaced by #9402 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Merging stable into develop after merging pull request #9360.
Summary by cubic
Pins git sync fan-out to a specific commit so all workers converge on the same SHA even if upstream moves. Adds a hard-reset path, fixes read-only broadcasts and a pull-time crash, introduces a setting to control SSO display‑name account adoption, and hides internal groups from add‑to‑group selectors.
New Features
reset_to_commit(branch, commit)to hard-reset a branch worktree to a local SHA without contacting the remote.RefreshGitFetchnow carries an optionalcommit; workers fetch under a repo lock and reset to that SHA.INFRAHUB_SECURITY_SSO_ACCOUNT_NAME_FALLBACK(sso_account_name_fallback) to gate adopting a pre-existing, same-named account on first SSO login; enabled by default and documented.Bug Fixes
pull(create_if_missing=True)created a missing branch and needed to update its commit value.READONLYREPOSITORYkind from the read-only add flow..mdxextensions.group_type="internal"from the Manage Groups and bulk Add to groups selectors.Written for commit 04770a9. Summary will update on new commits.