Add commit info to partition exports table

[arthurpassos]

Changelog category (leave one):

• Improvement

Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):

Add Iceberg metadata file paths and data file paths to the system.replicated_partition_exports to improve observability and debugging

Documentation entry for user-facing changes

...

CI/CD Options

Exclude tests:

• Fast test
• Integration Tests
• Stateless tests
• Stateful tests
• Performance tests
• All with ASAN
• All with TSAN
• All with MSAN
• All with UBSAN
• All with Coverage
• All with Aarch64
• All Regression
• Disable CI Cache

Regression jobs to run:

• Fast suites (mostly <1h)
• Aggregate Functions (2h)
• Alter (1.5h)
• Benchmark (30m)
• ClickHouse Keeper (1h)
• Iceberg (2h)
• LDAP (1h)
• Parquet (1.5h)
• RBAC (1.5h)
• SSL Server (1h)
• S3 (2h)
• S3 Export (2h)
• Swarms (30m)
• Tiered Storage (2h)

[arthurpassos]

@codex review

[github-actions]

Workflow [PR], commit [15a0608]

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0a9022d641

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Return commit info for already-committed recovery path

When isExportPartitionTransactionAlreadyCommitted is true here, the function returns an empty ExportPartitionCommitInfo, which makes ExportPartitionUtils::commit skip writing <export-entry>/commit_info and only flip status to COMPLETED. In the common recovery scenario (snapshot committed previously, then retried before ZooKeeper was updated), this leaves committed_* fields permanently empty and contradicts the new observability behavior/documentation that expects a visible marker for already-committed retries.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Fix sentinel expectation in post-publish failpoint test

This assertion is inconsistent with the implementation under iceberg_writes_post_publish_throw: that failpoint is ONCE, and the published catch path now returns real file paths (storage_metadata_name, manifest list, manifest file), so committed_metadata_file should be a metadata path, not the "previous run" sentinel. As written, the test will fail despite correct behavior and can block CI.

Useful? React with 👍 / 👎.

[arthurpassos]

@codex review

[chatgpt-codex-connector]

Codex Review: Didn't find any major issues. Already looking forward to the next diff.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[ianton-ru]

AI audit note: This review comment was generated by AI (gpt-5.3-codex).

Audit update for PR #1832 (Add commit info to partition exports table):

Confirmed defects

Medium: commit_info serialization failure can block COMPLETED transition

Impact: A successful destination commit (Iceberg snapshot or object-storage marker) can remain stuck in PENDING (or require later recovery) if commit-info JSON generation throws before ZooKeeper /status is flipped to COMPLETED.

Anchor: src/Storages/MergeTree/ExportPartitionUtils.cpp / ExportPartitionUtils::commit and ExportReplicatedMergeTreePartitionCommitInfoEntry::toJsonString

Trigger: Any exception thrown by ExportReplicatedMergeTreePartitionCommitInfoEntry::toJsonString (it explicitly enables std::ios::failbit exceptions) while destination_commit_info is non-empty.

Why defect: The new observability side-effect (JSON stringify) is now on the critical path of the state transition; a stringify exception aborts the function before the status update, changing behavior from “commit then mark completed” to “commit then throw”.

Fix direction (short): Make commit_info persistence best-effort: wrap toJsonString + tryMulti in try/catch and always fall back to status-only trySet on any exception.

Regression test direction (short): Add a failpoint (or targeted fault injection) that throws during commit_info serialization and assert the task still reaches COMPLETED.

Evidence

Serialization enables stream exceptions:

std::string toJsonString() const
{
    Poco::JSON::Object json;
    json.set("iceberg_metadata_file", iceberg_metadata_file);
    // ...
    std::ostringstream oss;
    oss.exceptions(std::ios::failbit);
    Poco::JSON::Stringifier::stringify(json, oss);
    return oss.str();
}

toJsonString is called before the status flip in the new “atomic commit_info + COMPLETED” multi-op; an exception here prevents reaching the fallback status-only set:

if (!destination_commit_info.empty())
{
    ExportReplicatedMergeTreePartitionCommitInfoEntry commit_info_entry { /* ... */ };
    const std::string commit_info_path = fs::path(entry_path) / "commit_info";

    Coordination::Requests ops;
    ops.emplace_back(zkutil::makeCreateRequest(commit_info_path, commit_info_entry.toJsonString(), zkutil::CreateMode::Persistent));
    ops.emplace_back(zkutil::makeSetRequest(status_path, completed_name, -1));
    // ...
    if (rc == Coordination::Error::ZOK)
    {
        LOG_INFO(log, "ExportPartition: Marked export as completed and persisted commit_info");
        return;
    }
    // fall through to status-only set on ZNODEEXISTS / other errors
}

Coverage summary

Item	Detail
Scope reviewed	ZK state machine around export task completion (processed/*, status, new commit_info), commit idempotency behavior for Iceberg and plain object storage, in-memory mirror → system.replicated_partition_exports, and integration tests added/updated in the patch.
Categories failed	Exception-safety / partial-update (new JSON serialization on completion critical path).
Categories passed	State-transition consistency (status + commit_info via tryMulti with status-only fallback), idempotency signaling (Iceberg “already committed” sentinel; object-storage marker path surfaced even if pre-existing), concurrency/interleaving (peer-written commit_info handled via ZNODEEXISTS → status-only set), best-effort ZK mirroring semantics (poll-time refresh; no extra ZK reads on system-table query).
Assumptions/limits	Audit is based on the PR’s public patch (.patch) and static reasoning (no local build/test execution).

[ianton-ru]

Description for destination_file_paths column is missing.

[ianton-ru]

AI thinks that exception in the block below can breaks commit transaction.

[arthurpassos]

I don't think that is totally true. here's what can happen:

once we commit to iceberg, we need to mark it as completed in zookeeper. If the code that creates the commit info throws, we don't mark it as completed in zookeeper and it remains in pending state. In the next scheduler tick, we'll try to commit it again, and we'll notice it has already been committed. In that case, we just mark it as completed. It won't remain in pending forever as far as I can tell