Skip to content

fix(infra): --refresh-outputs reconciles stale routed secrets instead of skipping them#646

Merged
intel352 merged 3 commits into
mainfrom
copilot/update-routed-secrets-refresh-option
May 13, 2026
Merged

fix(infra): --refresh-outputs reconciles stale routed secrets instead of skipping them#646
intel352 merged 3 commits into
mainfrom
copilot/update-routed-secrets-refresh-option

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 13, 2026
edited
Loading

When wfctl infra apply --refresh-outputs ran after a provider was recreated, routed secrets (e.g. COMPUTE_GITHUB_RUNNER_PROVIDER_URL) that already existed in the secrets provider were logged as "already exists — skipped" and left with their stale values, causing downstream failures.

Changes

  • syncInfraOutputSecrets — adds refreshOutputs bool parameter that switches from skip-if-exists to reconcile semantics:

    • Readable providers: reads current value, skips Set only when value is identical ("unchanged"), otherwise updates ("updated from infra output")
    • Write-only providers (GitHub Actions): always calls Set since comparison is impossible ("updated from infra output")
    • Secret absent in both modes: creates as before ("created from infra output")
    • Normal apply (refreshOutputs=false): unchanged — skips existing secrets ("already exists — skipped")

  • runInfraApply — passes refreshOutputsFlag through to syncInfraOutputSecrets so the post-apply secret sync honours the operator's explicit intent.

Log output (refresh mode)

  secret "COMPUTE_GITHUB_RUNNER_PROVIDER_URL": updated from infra output
  secret "UNCHANGED_SECRET": unchanged
  secret "NEW_SECRET": created from infra output

Invariants preserved

  • Normal apply never overwrites user-managed secrets.
  • --refresh-outputs always reconciles managed output routes, even when the secret already exists.

Copilot AI requested review from Copilot and removed request for Copilot May 13, 2026 05:53
Copilot AI linked an issue May 13, 2026 that may be closed by this pull request
wfctl refresh-outputs should update existing routed secrets when explicitly requested #641
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 13, 2026
edited
Loading

⏱ Benchmark Results

No significant performance regressions detected.

benchstat comparison (baseline → PR) 
## benchstat: baseline → PR
baseline-bench.txt:264: parsing iteration count: invalid syntax
baseline-bench.txt:291409: parsing iteration count: invalid syntax
baseline-bench.txt:558851: parsing iteration count: invalid syntax
baseline-bench.txt:1096044: parsing iteration count: invalid syntax
baseline-bench.txt:1386271: parsing iteration count: invalid syntax
baseline-bench.txt:1660442: parsing iteration count: invalid syntax
benchmark-results.txt:264: parsing iteration count: invalid syntax
benchmark-results.txt:354658: parsing iteration count: invalid syntax
benchmark-results.txt:646019: parsing iteration count: invalid syntax
benchmark-results.txt:1230600: parsing iteration count: invalid syntax
benchmark-results.txt:1563736: parsing iteration count: invalid syntax
benchmark-results.txt:1881374: parsing iteration count: invalid syntax
goos: linux
goarch: amd64
pkg: github.com/GoCodeAlone/workflow/dynamic
cpu: AMD EPYC 7763 64-Core Processor                
                            │ baseline-bench.txt │
                            │       sec/op       │
InterpreterCreation-4               7.657m ± 59%
ComponentLoad-4                     3.575m ±  0%
ComponentExecute-4                  1.924µ ±  1%
PoolContention/workers-1-4          1.089µ ±  1%
PoolContention/workers-2-4          1.074µ ±  4%
PoolContention/workers-4-4          1.081µ ±  1%
PoolContention/workers-8-4          1.083µ ±  2%
PoolContention/workers-16-4         1.092µ ±  1%
ComponentLifecycle-4                3.644m ±  1%
SourceValidation-4                  2.317µ ±  2%
RegistryConcurrent-4                807.9n ±  3%
LoaderLoadFromString-4              3.659m ±  1%
geomean                             18.81µ

                            │ baseline-bench.txt │
                            │        B/op        │
InterpreterCreation-4               2.027Mi ± 0%
ComponentLoad-4                     2.180Mi ± 0%
ComponentExecute-4                  1.203Ki ± 0%
PoolContention/workers-1-4          1.203Ki ± 0%
PoolContention/workers-2-4          1.203Ki ± 0%
PoolContention/workers-4-4          1.203Ki ± 0%
PoolContention/workers-8-4          1.203Ki ± 0%
PoolContention/workers-16-4         1.203Ki ± 0%
ComponentLifecycle-4                2.183Mi ± 0%
SourceValidation-4                  1.984Ki ± 0%
RegistryConcurrent-4                1.133Ki ± 0%
LoaderLoadFromString-4              2.182Mi ± 0%
geomean                             15.25Ki

                            │ baseline-bench.txt │
                            │     allocs/op      │
InterpreterCreation-4                15.68k ± 0%
ComponentLoad-4                      18.02k ± 0%
ComponentExecute-4                    25.00 ± 0%
PoolContention/workers-1-4            25.00 ± 0%
PoolContention/workers-2-4            25.00 ± 0%
PoolContention/workers-4-4            25.00 ± 0%
PoolContention/workers-8-4            25.00 ± 0%
PoolContention/workers-16-4           25.00 ± 0%
ComponentLifecycle-4                 18.07k ± 0%
SourceValidation-4                    32.00 ± 0%
RegistryConcurrent-4                  2.000 ± 0%
LoaderLoadFromString-4               18.06k ± 0%
geomean                               183.3

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                            │ benchmark-results.txt │
                            │        sec/op         │
InterpreterCreation-4                  8.926m ± 63%
ComponentLoad-4                        3.550m ±  2%
ComponentExecute-4                     1.878µ ±  1%
PoolContention/workers-1-4             1.214µ ±  1%
PoolContention/workers-2-4             1.225µ ±  1%
PoolContention/workers-4-4             1.231µ ±  1%
PoolContention/workers-8-4             1.208µ ±  2%
PoolContention/workers-16-4            1.207µ ±  3%
ComponentLifecycle-4                   3.611m ±  3%
SourceValidation-4                     2.253µ ±  1%
RegistryConcurrent-4                   910.1n ±  5%
LoaderLoadFromString-4                 3.576m ±  3%
geomean                                20.04µ

                            │ benchmark-results.txt │
                            │         B/op          │
InterpreterCreation-4                  2.027Mi ± 0%
ComponentLoad-4                        2.180Mi ± 0%
ComponentExecute-4                     1.203Ki ± 0%
PoolContention/workers-1-4             1.203Ki ± 0%
PoolContention/workers-2-4             1.203Ki ± 0%
PoolContention/workers-4-4             1.203Ki ± 0%
PoolContention/workers-8-4             1.203Ki ± 0%
PoolContention/workers-16-4            1.203Ki ± 0%
ComponentLifecycle-4                   2.183Mi ± 0%
SourceValidation-4                     1.984Ki ± 0%
RegistryConcurrent-4                   1.133Ki ± 0%
LoaderLoadFromString-4                 2.182Mi ± 0%
geomean                                15.25Ki

                            │ benchmark-results.txt │
                            │       allocs/op       │
InterpreterCreation-4                   15.68k ± 0%
ComponentLoad-4                         18.02k ± 0%
ComponentExecute-4                       25.00 ± 0%
PoolContention/workers-1-4               25.00 ± 0%
PoolContention/workers-2-4               25.00 ± 0%
PoolContention/workers-4-4               25.00 ± 0%
PoolContention/workers-8-4               25.00 ± 0%
PoolContention/workers-16-4              25.00 ± 0%
ComponentLifecycle-4                    18.07k ± 0%
SourceValidation-4                       32.00 ± 0%
RegistryConcurrent-4                     2.000 ± 0%
LoaderLoadFromString-4                  18.06k ± 0%
geomean                                  183.3

pkg: github.com/GoCodeAlone/workflow/middleware
cpu: AMD EPYC 7763 64-Core Processor                
                                  │ baseline-bench.txt │
                                  │       sec/op       │
CircuitBreakerDetection-4                  286.7n ± 5%
CircuitBreakerExecution_Success-4          21.38n ± 1%
CircuitBreakerExecution_Failure-4          66.81n ± 0%
geomean                                    74.26n

                                  │ baseline-bench.txt │
                                  │        B/op        │
CircuitBreakerDetection-4                 144.0 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

                                  │ baseline-bench.txt │
                                  │     allocs/op      │
CircuitBreakerDetection-4                 1.000 ± 0%
CircuitBreakerExecution_Success-4         0.000 ± 0%
CircuitBreakerExecution_Failure-4         0.000 ± 0%
geomean                                              ¹
¹ summaries must be >0 to compute geomean

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                  │ benchmark-results.txt │
                                  │        sec/op         │
CircuitBreakerDetection-4                     454.6n ± 0%
CircuitBreakerExecution_Success-4             59.73n ± 0%
CircuitBreakerExecution_Failure-4             64.80n ± 1%
geomean                                       120.7n

                                  │ benchmark-results.txt │
                                  │         B/op          │
CircuitBreakerDetection-4                    144.0 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

                                  │ benchmark-results.txt │
                                  │       allocs/op       │
CircuitBreakerDetection-4                    1.000 ± 0%
CircuitBreakerExecution_Success-4            0.000 ± 0%
CircuitBreakerExecution_Failure-4            0.000 ± 0%
geomean                                                 ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/module
cpu: AMD EPYC 7763 64-Core Processor                
                                 │ baseline-bench.txt │
                                 │       sec/op       │
JQTransform_Simple-4                     869.8n ± 27%
JQTransform_ObjectConstruction-4         1.434µ ±  2%
JQTransform_ArraySelect-4                3.325µ ±  2%
JQTransform_Complex-4                    38.52µ ±  1%
JQTransform_Throughput-4                 1.760µ ±  1%
SSEPublishDelivery-4                     62.74n ±  1%
geomean                                  1.613µ

                                 │ baseline-bench.txt │
                                 │        B/op        │
JQTransform_Simple-4                   1.273Ki ± 0%
JQTransform_ObjectConstruction-4       1.773Ki ± 0%
JQTransform_ArraySelect-4              2.625Ki ± 0%
JQTransform_Complex-4                  16.22Ki ± 0%
JQTransform_Throughput-4               1.984Ki ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

                                 │ baseline-bench.txt │
                                 │     allocs/op      │
JQTransform_Simple-4                     10.00 ± 0%
JQTransform_ObjectConstruction-4         15.00 ± 0%
JQTransform_ArraySelect-4                30.00 ± 0%
JQTransform_Complex-4                    324.0 ± 0%
JQTransform_Throughput-4                 17.00 ± 0%
SSEPublishDelivery-4                     0.000 ± 0%
geomean                                             ¹
¹ summaries must be >0 to compute geomean

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                 │ benchmark-results.txt │
                                 │        sec/op         │
JQTransform_Simple-4                        980.8n ± 24%
JQTransform_ObjectConstruction-4            1.505µ ±  1%
JQTransform_ArraySelect-4                   3.189µ ±  2%
JQTransform_Complex-4                       35.38µ ±  1%
JQTransform_Throughput-4                    1.837µ ±  2%
SSEPublishDelivery-4                        77.03n ±  1%
geomean                                     1.693µ

                                 │ benchmark-results.txt │
                                 │         B/op          │
JQTransform_Simple-4                      1.273Ki ± 0%
JQTransform_ObjectConstruction-4          1.773Ki ± 0%
JQTransform_ArraySelect-4                 2.625Ki ± 0%
JQTransform_Complex-4                     16.22Ki ± 0%
JQTransform_Throughput-4                  1.984Ki ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                 │ benchmark-results.txt │
                                 │       allocs/op       │
JQTransform_Simple-4                        10.00 ± 0%
JQTransform_ObjectConstruction-4            15.00 ± 0%
JQTransform_ArraySelect-4                   30.00 ± 0%
JQTransform_Complex-4                       324.0 ± 0%
JQTransform_Throughput-4                    17.00 ± 0%
SSEPublishDelivery-4                        0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/schema
cpu: AMD EPYC 7763 64-Core Processor                
                                    │ baseline-bench.txt │
                                    │       sec/op       │
SchemaValidation_Simple-4                   1.105µ ±  2%
SchemaValidation_AllFields-4                1.666µ ± 25%
SchemaValidation_FormatValidation-4         1.587µ ±  1%
SchemaValidation_ManySchemas-4              1.836µ ±  1%
geomean                                     1.521µ

                                    │ baseline-bench.txt │
                                    │        B/op        │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

                                    │ baseline-bench.txt │
                                    │     allocs/op      │
SchemaValidation_Simple-4                   0.000 ± 0%
SchemaValidation_AllFields-4                0.000 ± 0%
SchemaValidation_FormatValidation-4         0.000 ± 0%
SchemaValidation_ManySchemas-4              0.000 ± 0%
geomean                                                ¹
¹ summaries must be >0 to compute geomean

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                    │ benchmark-results.txt │
                                    │        sec/op         │
SchemaValidation_Simple-4                      1.022µ ±  3%
SchemaValidation_AllFields-4                   1.545µ ± 31%
SchemaValidation_FormatValidation-4            1.508µ ±  1%
SchemaValidation_ManySchemas-4                 1.474µ ±  1%
geomean                                        1.369µ

                                    │ benchmark-results.txt │
                                    │         B/op          │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

                                    │ benchmark-results.txt │
                                    │       allocs/op       │
SchemaValidation_Simple-4                      0.000 ± 0%
SchemaValidation_AllFields-4                   0.000 ± 0%
SchemaValidation_FormatValidation-4            0.000 ± 0%
SchemaValidation_ManySchemas-4                 0.000 ± 0%
geomean                                                   ¹
¹ summaries must be >0 to compute geomean

pkg: github.com/GoCodeAlone/workflow/store
cpu: AMD EPYC 7763 64-Core Processor                
                                   │ baseline-bench.txt │
                                   │       sec/op       │
EventStoreAppend_InMemory-4                1.218µ ± 14%
EventStoreAppend_SQLite-4                  1.259m ±  5%
GetTimeline_InMemory/events-10-4           13.48µ ±  3%
GetTimeline_InMemory/events-50-4           76.33µ ±  1%
GetTimeline_InMemory/events-100-4          121.9µ ± 27%
GetTimeline_InMemory/events-500-4          624.7µ ±  0%
GetTimeline_InMemory/events-1000-4         1.271m ±  1%
GetTimeline_SQLite/events-10-4             106.9µ ±  1%
GetTimeline_SQLite/events-50-4             247.6µ ±  1%
GetTimeline_SQLite/events-100-4            416.4µ ±  1%
GetTimeline_SQLite/events-500-4            1.769m ±  1%
GetTimeline_SQLite/events-1000-4           3.460m ±  1%
geomean                                    216.0µ

                                   │ baseline-bench.txt │
                                   │        B/op        │
EventStoreAppend_InMemory-4                  812.0 ± 5%
EventStoreAppend_SQLite-4                  1.985Ki ± 2%
GetTimeline_InMemory/events-10-4           7.953Ki ± 0%
GetTimeline_InMemory/events-50-4           46.62Ki ± 0%
GetTimeline_InMemory/events-100-4          94.48Ki ± 0%
GetTimeline_InMemory/events-500-4          472.8Ki ± 0%
GetTimeline_InMemory/events-1000-4         944.3Ki ± 0%
GetTimeline_SQLite/events-10-4             16.74Ki ± 0%
GetTimeline_SQLite/events-50-4             87.14Ki ± 0%
GetTimeline_SQLite/events-100-4            175.4Ki ± 0%
GetTimeline_SQLite/events-500-4            846.1Ki ± 0%
GetTimeline_SQLite/events-1000-4           1.639Mi ± 0%
geomean                                    67.50Ki

                                   │ baseline-bench.txt │
                                   │     allocs/op      │
EventStoreAppend_InMemory-4                  7.000 ± 0%
EventStoreAppend_SQLite-4                    53.00 ± 0%
GetTimeline_InMemory/events-10-4             125.0 ± 0%
GetTimeline_InMemory/events-50-4             653.0 ± 0%
GetTimeline_InMemory/events-100-4           1.306k ± 0%
GetTimeline_InMemory/events-500-4           6.514k ± 0%
GetTimeline_InMemory/events-1000-4          13.02k ± 0%
GetTimeline_SQLite/events-10-4               382.0 ± 0%
GetTimeline_SQLite/events-50-4              1.852k ± 0%
GetTimeline_SQLite/events-100-4             3.681k ± 0%
GetTimeline_SQLite/events-500-4             18.54k ± 0%
GetTimeline_SQLite/events-1000-4            37.29k ± 0%
geomean                                     1.162k

cpu: Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
                                   │ benchmark-results.txt │
                                   │        sec/op         │
EventStoreAppend_InMemory-4                    1.138µ ± 5%
EventStoreAppend_SQLite-4                      1.011m ± 4%
GetTimeline_InMemory/events-10-4               13.95µ ± 3%
GetTimeline_InMemory/events-50-4               77.03µ ± 4%
GetTimeline_InMemory/events-100-4              156.6µ ± 5%
GetTimeline_InMemory/events-500-4              610.7µ ± 1%
GetTimeline_InMemory/events-1000-4             1.250m ± 1%
GetTimeline_SQLite/events-10-4                 83.40µ ± 1%
GetTimeline_SQLite/events-50-4                 244.1µ ± 2%
GetTimeline_SQLite/events-100-4                441.4µ ± 1%
GetTimeline_SQLite/events-500-4                1.971m ± 2%
GetTimeline_SQLite/events-1000-4               3.941m ± 3%
geomean                                        216.0µ

                                   │ benchmark-results.txt │
                                   │         B/op          │
EventStoreAppend_InMemory-4                     805.0 ± 7%
EventStoreAppend_SQLite-4                     1.985Ki ± 2%
GetTimeline_InMemory/events-10-4              7.953Ki ± 0%
GetTimeline_InMemory/events-50-4              46.62Ki ± 0%
GetTimeline_InMemory/events-100-4             94.48Ki ± 0%
GetTimeline_InMemory/events-500-4             472.8Ki ± 0%
GetTimeline_InMemory/events-1000-4            944.3Ki ± 0%
GetTimeline_SQLite/events-10-4                16.74Ki ± 0%
GetTimeline_SQLite/events-50-4                87.14Ki ± 0%
GetTimeline_SQLite/events-100-4               175.4Ki ± 0%
GetTimeline_SQLite/events-500-4               846.1Ki ± 0%
GetTimeline_SQLite/events-1000-4              1.639Mi ± 0%
geomean                                       67.45Ki

                                   │ benchmark-results.txt │
                                   │       allocs/op       │
EventStoreAppend_InMemory-4                     7.000 ± 0%
EventStoreAppend_SQLite-4                       53.00 ± 0%
GetTimeline_InMemory/events-10-4                125.0 ± 0%
GetTimeline_InMemory/events-50-4                653.0 ± 0%
GetTimeline_InMemory/events-100-4              1.306k ± 0%
GetTimeline_InMemory/events-500-4              6.514k ± 0%
GetTimeline_InMemory/events-1000-4             13.02k ± 0%
GetTimeline_SQLite/events-10-4                  382.0 ± 0%
GetTimeline_SQLite/events-50-4                 1.852k ± 0%
GetTimeline_SQLite/events-100-4                3.681k ± 0%
GetTimeline_SQLite/events-500-4                18.54k ± 0%
GetTimeline_SQLite/events-1000-4               37.29k ± 0%
geomean                                        1.162k

Benchmarks run with go test -bench=. -benchmem -count=6.
Regressions ≥ 20% are flagged. Results compared via benchstat.

Copilot AI requested review from Copilot and removed request for Copilot May 13, 2026 06:07
Copilot AI changed the title [WIP] Update wfctl refresh-outputs to reconcile existing routed secrets fix(infra): --refresh-outputs reconciles stale routed secrets instead of skipping them May 13, 2026
Copilot AI requested a review from intel352 May 13, 2026 06:10
@codecov
Copy link
Copy Markdown

codecov Bot commented May 13, 2026

Codecov Report

❌ Patch coverage is 75.75758% with 8 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
cmd/wfctl/infra_output_secrets.go 75.00% 5 Missing and 3 partials ⚠️

📢 Thoughts on this report? Let us know!

@intel352 intel352 marked this pull request as ready for review May 13, 2026 22:14
Copilot AI review requested due to automatic review settings May 13, 2026 22:14
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the infra apply post-processing path so --refresh-outputs reconciles configured infra_output secrets instead of skipping existing values, helping keep routed output secrets aligned after provider/resource recreation.

Changes:

  • Threads refreshOutputsFlag from runInfraApply into syncInfraOutputSecrets.
  • Adds refresh-mode reconciliation behavior for readable and write-only secret providers.
  • Adds unit coverage for refresh-mode update/create/unchanged/write-only cases.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
cmd/wfctl/infra.go Passes the CLI --refresh-outputs flag into infra output secret synchronization.
cmd/wfctl/infra_output_secrets.go Implements refresh-mode secret reconciliation and logging semantics.
cmd/wfctl/infra_output_secrets_test.go Updates existing call sites and adds refresh-mode unit tests.

Comment thread cmd/wfctl/infra.go
}
}
return syncInfraOutputSecrets(ctx, secretsCfg, secretsProvider, states, wfCfg, envName, runHydrated)
return syncInfraOutputSecrets(ctx, secretsCfg, secretsProvider, states, wfCfg, envName, runHydrated, refreshOutputsFlag)
Comment thread cmd/wfctl/infra_output_secrets_test.go Outdated
Comment on lines +290 to +295
err := syncInfraOutputSecrets(context.Background(), cfg, p, sampleStates(), nil, "", nil, true)
if err != nil {
t.Fatalf("syncInfraOutputSecrets: %v", err)
}
if p.data["DATABASE_URL"] != current {
t.Errorf("unchanged secret should not be modified: got %q", p.data["DATABASE_URL"])
@intel352
Copy link
Copy Markdown
Contributor

intel352 commented May 13, 2026

@copilot apply changes based on the comments in this thread

Test coverage is also lax: #646 (comment)

@intel352
test: fix UnchangedSkipsSet to count Set calls; add CLI-level refresh…
ee2f50b 
…-outputs integration tests

Agent-Logs-Url: https://github.com/GoCodeAlone/workflow/sessions/185a3026-2d6d-4ef1-a04c-82efba142cb5

Co-authored-by: intel352 <77607+intel352@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 13, 2026

@copilot apply changes based on the comments in this thread

Test coverage is also lax: https://git...

Addressed both review items in ee2f50b:

  1. UnchangedSkipsSet test — replaced simpleProvider with a new setCountProvider wrapper that records every Set call. The test now asserts setCalls == 0, so it fails if Set is incorrectly called when values are equal.

  2. CLI-level integration test — added TestApply_RefreshOutputsFlag_UpdatesExistingInfraOutputSecret which calls runInfraApply --refresh-outputs end-to-end with a stale pre-existing env secret and verifies it gets updated. This test would fail if refreshOutputsFlag were not threaded through at infra.go:1514. Also added the complementary negative test TestApply_NoRefreshOutputsFlag_DoesNotOverwriteExistingSecret.

Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 13, 2026

@copilot apply changes based on the comments in this thread

Test coverage is also lax: https://git...

Both issues are addressed in commit ee2f50bf:

  1. UnchangedSkipsSet test now truly pins the optimization: Added setCountProvider that counts Set calls. The test asserts p.setCalls == 0 — the previous version only checked the stored value, which would pass even if Set was called with the same value.

  2. CLI-level regression test added: TestApply_RefreshOutputsFlag_UpdatesExistingInfraOutputSecret exercises the full runInfraApply → syncInfraOutputSecrets path using the real env provider with a stale pre-seeded value. It would fail if refreshOutputsFlag were accidentally passed as false (the secret would stay "stale" instead of being updated). A companion TestApply_NoRefreshOutputsFlag_DoesNotOverwriteExistingSecret guards the normal-apply invariant.

@intel352 intel352 merged commit 18f4e89 into main May 13, 2026
23 checks passed
@intel352 intel352 deleted the copilot/update-routed-secrets-refresh-option branch May 13, 2026 23:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@intel352 intel352 Awaiting requested review from intel352

Assignees

@intel352 intel352

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

wfctl refresh-outputs should update existing routed secrets when explicitly requested

3 participants

@intel352