Use ref.Name consistently in FirewallDriver.Update error formatting

[Copilot]

FirewallDriver.Update called validateFirewallTargets(spec.Name, req) while every other error in the same method used ref.Name. If ref.Name and spec.Name diverge (or spec.Name is empty), the no-targets error references the wrong firewall.

Changes

• internal/drivers/firewall.go — Pass ref.Name to validateFirewallTargets instead of spec.Name, making error formatting consistent across the entire Update method.

• internal/drivers/firewall_test.go — Add TestFirewallDriver_Update_NoTargets_RefNameInError: regression test with ref.Name = "ref-name" and spec.Name = "spec-name" asserting the error string contains ref.Name, not spec.Name.

// Before
validateFirewallTargets(spec.Name, req)

// After
validateFirewallTargets(ref.Name, req)

[Copilot]

Pull request overview

This PR fixes inconsistent error formatting in FirewallDriver.Update by ensuring the “no targets” validation error references the resource’s authoritative identifier (ref.Name) instead of spec.Name. This prevents confusing errors when ref.Name and spec.Name diverge (or when spec.Name is empty) and aligns the validation error with the rest of Update’s error messages.

Changes:

• Pass ref.Name (not spec.Name) into validateFirewallTargets within FirewallDriver.Update.
• Add a regression test asserting the no-targets error uses ref.Name when ref.Name and spec.Name differ.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
internal/drivers/firewall.go	Make Update’s no-targets validation error use ref.Name for consistent, correct error identity.
internal/drivers/firewall_test.go	Add regression coverage for divergent ref.Name vs spec.Name ensuring the error string uses ref.Name.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[intel352]

@copilot failing https://github.com/GoCodeAlone/workflow-plugin-digitalocean/actions/runs/25364660655/job/74374514742?pr=64

[Copilot]

@copilot failing https://github.com/GoCodeAlone/workflow-plugin-digitalocean/actions/runs/25364660655/job/74374514742?pr=64

Investigated the failure — it's in the codemod-report job at the "Comment summary on PR" step, which gets a 403 Resource not accessible by integration when posting a comment via the GitHub API.

Root cause: the workflow's GITHUB_TOKEN has issues: write but not pull-requests: write, so it can't comment on PRs. The actual iac-codemod refactor-apply (dry-run) step succeeded with 0 errors.

This is a pre-existing CI workflow permissions issue, not related to the code changes in this PR.

[intel352]

@copilot failing https://github.com/GoCodeAlone/workflow-plugin-digitalocean/actions/runs/25364660655/job/74374514742?pr=64

Investigated the failure — it's in the codemod-report job at the "Comment summary on PR" step, which gets a 403 Resource not accessible by integration when posting a comment via the GitHub API.

Root cause: the workflow's GITHUB_TOKEN has issues: write but not pull-requests: write, so it can't comment on PRs. The actual iac-codemod refactor-apply (dry-run) step succeeded with 0 errors.

This is a pre-existing CI workflow permissions issue, not related to the code changes in this PR.

@copilot Switch to this token, I believe it has the access you'll need: RELEASES_TOKEN

[Copilot]

@copilot failing https://github.com/GoCodeAlone/workflow-plugin-digitalocean/actions/runs/25364660655/job/74374514742?pr=64

Investigated the failure — it's in the `codem...

Done in 88a6b34 — added github-token: ${{ secrets.RELEASES_TOKEN }} to the github-script step in .github/workflows/codemod-report.yml so the PR comment is posted with that token instead of the default GITHUB_TOKEN.

[intel352]

iac-codemod refactor-apply report

Mode: dry-run
Sites: 1
Errors: 0

Skipped (// wfctl:skip-iac-codemod)

• internal/provider.go:238 DOProvider.Apply skipped

Full report (90-day retention) attached as workflow artifact.