feat(wfctl): interactive ci generate wizard + multisite real-world regen evidence (PR4/7)#802
Merged
Conversation
When --platform is absent and stdin is a TTY, runCIGenerate drives an interactive wizard that: selects platform (github_actions|gitlab_ci), runner label (ubuntu-latest|self-hosted|custom), toggles smoke/migrations/ plan-guard from Analyze-derived defaults, surfaces plan.Warnings, and confirms write before emitting files. Non-TTY + no --platform errors with "specify --platform for non-interactive generation". The override logic lives in the pure applyWizardOverrides(plan, wizardChoices) function so it is fully unit-testable without a TTY; 7 new unit tests cover all toggles. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…alysis Copies gocodealone-multisite deploy.yaml + deploy.prereq.yaml verbatim into cigen/testdata/multisite/ and commits the REAL outputs of: wfctl-pr4 ci plan -c ... --phase-config ... --out plan.json wfctl-pr4 ci generate -c ... --platform github_actions --write diff -u .../infra.yml generated-infra.yml The real diff is 386 lines (249 removed from 283-line hand-written file, 100 added to produce 134-line generated file). GAP.md documents matched derivations (two-phase plan/apply, plan-guard, secrets env block, migrations, smoke URL, plugin install) and not-derivable features (hash-suffixed DB secret, SPACES casing alias, image wait loop, GHCR_CREDENTIALS derivation, phase selector inputs, concurrency, continue-on-error) sourced from the real diff and real plan.json warnings[]. Two real bugs noted: paths: filter uses testdata paths instead of repo-root paths when not run from project root; migrations step uses wrong subcommand. Live infra.yml NOT modified (ADR 0004). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ultisite evidence
The generated migrations step emitted `wfctl ci run --config <cfg> --phase
migrate`, but `wfctl ci run` only accepts phases build|test|deploy and errors
on anything else ("unknown phase: migrate") — the step would fail at runtime
(looks-right-but-doesn't-run). Surfaced honestly in the multisite GAP.md.
Fix: render_gha.go + render_gitlab.go now emit `wfctl migrations up --config
'<cfg>'` via a shared migrationsUpCommand helper. The DB-url secret is already
wired into the apply job env: via the secrets union. A new MigrationsSpec.Env
field, when set, appends `--env <env>`; otherwise it is omitted. Adds two
render tests asserting the step contains `wfctl migrations up --config` and
does NOT contain `--phase migrate` (plus an --env variant).
Also adds `--config-path-alias` / `--phase-config-alias` flags to `ci plan`
and `ci generate` (wired to the existing cigen Options.ConfigPathAlias + new
PhaseConfigAlias) so generated CI shows clean repo-relative config paths.
Regenerated multisite evidence with the fixed binary + aliases:
- plan.json: clean deploy.yaml / deploy.prereq.yaml phase paths (warnings
unchanged: DB hash-suffix + 2x SPACES casing)
- generated-infra.yml: migrations step now `wfctl migrations up --config
'deploy.yaml'`; paths: filters now `deploy.yaml` / `deploy.prereq.yaml`
- diff vs live infra.yml: 384 lines (248 removed, 99 added)
- GAP.md: migrations + paths moved out of "got WRONG" (both FIXED); added
`--env prod --format json` as a not-derivable operational refinement;
genuinely-not-derivable items retained. Live infra.yml NOT modified (ADR 0004).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
⏱ Benchmark Results✅ No significant performance regressions detected. benchstat comparison (baseline → PR)
|
…vidence + test
Code-review follow-up for PR4.
1. IMPORTANT: render_gha.go emitted a step-level `env:` on the migrations
step re-declaring ${{ secrets.<DBEnv> }}, but deriveSecrets always adds the
migrations DBEnv to the global secrets union (analyze.go), so it is already
present in the apply job's job-level `env:` block. The step-level block was
redundant and would have broken a minimal no-secrets plan. Removed it; the
migration command still reads the DB secret via job-level env. (GitLab
renderer relies on project CI/CD variables and had no step-level env.)
2. Added TestApplyWizardOverrides_MigrationsTruePreservesMigrations (symmetric
to the existing Smoke-preserve test). Strengthened the GHA migrations test
to assert the DBEnv is in the job-level env AND the step carries no
step-level env block.
3. GAP.md: documented that the GLOBAL cross-phase secret union over-exposes
secrets — e.g. MULTISITE_DB_URL appears in apply-prereq's env even though
prereq runs no migrations. Honest known limitation; per-phase secret
scoping is future work, NOT this PR's scope.
Regenerated multisite evidence with the fixed binary (plan.json byte-identical;
generated-infra.yml drops the 2 step-level env lines). Fresh regen matches the
committed generated-infra.yml byte-for-byte. Live infra.yml NOT modified.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
PR4 of the wfctl secrets wizard + smart CI cascade. Adds the interactive
ci generatewizard overcigen, and the honest real-world validation artifact (generate against our owngocodealone-multisite).Task 17 — interactive ci wizard
wfctl ci generatewith no--platformon a TTY (or--interactive) walks an analyzedCIPlan: select platform, runner, toggle smoke/migrations/plan-guard, showsWarnings[], confirms before write (diff preview if target exists). Override logic is a pureapplyWizardOverrides(plan, choices)(unit-tested by injection); bubbletea is a thin front-end. Non-TTY + no--platformerrors clearly (no hang).Task 18 — multisite real-world regen evidence (demonstration-fidelity)
Ran the real built binary against the real
gocodealone-multisite/{deploy,deploy.prereq}.yamland committed the literal output undercigen/testdata/multisite/:plan.json(realCIPlanincl. 3 honestwarnings),generated-infra.yml(realci generateoutput),GAP.md(honest analysis sourced from the measured 384-line diff + warnings).env:block (1:1-named), plan-guard, healthz smoke, migrations step.MULTISITE_PG__URI_<hash>,SPACES_access_key→SPACES_ACCESS_KEYcase, GHCR image-wait,GHCR_CREDENTIALSderivation, GA4 apply step, multi-route smoke matrix, concurrency, SHA-pinned actions, dispatch inputs.infra.ymlis NOT modified (ADR 0004). The claim is exactly the measured diff + warnings — no faked equivalence.Runtime defect fixed (found via the honest gap analysis)
The generated migrations step emitted
wfctl ci run --phase migrate— butci runonly accepts build/test/deploy, so it would fail at runtime. Fixed in both GHA + GitLab renderers (sharedmigrationsUpCommand) to emitwfctl migrations up --config <cfg>(the real subcommand the live workflow uses). Added--config-path-alias/--phase-config-aliasso committed artifacts show cleandeploy.yamlpaths.Verification
GOWORK=off go test ./cigen/ ./cmd/wfctl/→ok;golangci-lint→0 issues.applyWizardOverridestoggles,TestRenderGitHubActions_MigrationsStep/_WithEnv,TestAnalyze_MultisiteGolden.Notes
🤖 Generated with Claude Code