Skip to content

fix(versioning): make baseline capture atomic#41941

Merged
rusackas merged 1 commit into
apache:masterfrom
mikebridge:sc-112938-baseline-fail-open
Jul 10, 2026
Merged

fix(versioning): make baseline capture atomic#41941
rusackas merged 1 commit into
apache:masterfrom
mikebridge:sc-112938-baseline-fail-open

Conversation

@mikebridge

@mikebridge mikebridge commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

SUMMARY

Makes optional entity-version baseline capture genuinely fail-open and all-or-nothing.

A single SAVEPOINT now contains the synthetic baseline transaction row, parent shadow row, and every child shadow row. Child-handler failures propagate to that boundary so the complete optional baseline unit rolls back before the error is logged, while the outer user save remains committable.

This supersedes the parent-only approach in #41910, which was closed in favor of the broader parent/child atomicity work tracked by sc-112938.

Parent/child atomicity

The parent is the versioned entity baseline:

  • Dataset: tables_version
  • Dashboard: dashboards_version

Children are the related shadows required to reconstruct that entity:

  • Dataset columns and metrics: table_columns_version and sql_metrics_version
  • Dashboard/chart membership and required chart snapshots: dashboard_slices_version and slices_version

The atomic baseline unit is:

version_transaction
└── parent baseline shadow
    ├── child baseline shadow
    ├── child baseline shadow
    └── ...

If every optional write succeeds, the SAVEPOINT is released and the complete baseline remains. If any parent or child write fails, the SAVEPOINT removes the synthetic transaction, parent baseline, and every child baseline written so far. The actual user edit still commits with its normal canonical Continuum update history.

This prevents partial history such as a dataset baseline that exists without its column or metric baselines, which could make a later restore incomplete or incorrect.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

Not applicable; backend transaction-safety fix.

TESTING INSTRUCTIONS

Run the focused PostgreSQL failure cases:

docker compose -f docker-compose-light.yml --profile test run --rm pytest-runner pytest -q tests/integration_tests/versioning/versions_api_tests.py -k "parent_baseline_sql_failure or child_baseline_sql_failure"

Run the complete baseline/capture regression set:

docker compose -f docker-compose-light.yml --profile test run --rm pytest-runner pytest -q tests/integration_tests/versioning/capture_disabled_tests.py tests/integration_tests/versioning/snapshot_projection_tests.py tests/integration_tests/versioning/versions_api_tests.py

Observed locally: 2 fault-injection cases and 18 complete regression cases passed on PostgreSQL. The failure cases assert that canonical operation_type=1 history and the versions API result survive rollback of the optional baseline.

GitHub CI passes on PostgreSQL, MySQL, and SQLite, including pre-commit.

ADDITIONAL INFORMATION

  • Has associated issue: Shortcut sc-112938
  • Required feature flags: ENABLE_VERSIONING_CAPTURE
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@codecov

codecov Bot commented Jul 10, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.80%. Comparing base (5b8e94d) to head (69fbac8).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #41941      +/-   ##
==========================================
+ Coverage   64.79%   64.80%   +0.01%     
==========================================
  Files        2740     2740              
  Lines      153125   153122       -3     
  Branches    35124    35124              
==========================================
+ Hits        99219    99234      +15     
+ Misses      52009    51987      -22     
- Partials     1897     1901       +4     
Flag Coverage Δ
hive 39.08% <0.00%> (+<0.01%) ⬆️
mysql 58.04% <100.00%> (+0.03%) ⬆️
postgres 58.09% <100.00%> (+0.02%) ⬆️
presto 41.04% <50.00%> (+<0.01%) ⬆️
python 59.48% <100.00%> (+0.02%) ⬆️
sqlite 57.70% <100.00%> (+0.03%) ⬆️
unit 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mikebridge mikebridge force-pushed the sc-112938-baseline-fail-open branch from 5ab3c09 to 69fbac8 Compare July 10, 2026 20:05

@mikebridge mikebridge left a comment

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parallel local review synthesis

Review lenses: SQLAlchemy, Python, Superset committer, Tidy First, and Domain-Driven Design.

Update: all findings applied

  • HIGH — the connection-level SAVEPOINT inside before_flush needed proof that canonical Continuum history survives. Applied by asserting both parent and child failure paths still create exactly one canonical operation_type=1 shadow containing the committed value, linked to the legitimate version_transaction, and exposed through the versions API.
  • MEDIUM — atomic rollback checks omitted the synthetic transaction row. Applied by asserting exactly one transaction remains after failure: the canonical update transaction. No optional baseline transaction leaks.
  • MEDIUM — the unusual connection-level SAVEPOINT needed lifecycle rationale. Applied in the function documentation: Session.begin_nested() would recursively flush inside before_flush, while the connection-level boundary isolates only direct SQL; the canonical-history regressions protect its Continuum compatibility.
  • LOW — tests imported a private conftest cleanup helper. Applied by exposing and using the public clear_version_tables test utility.
  • LOW — the function docstring lacked a complete one-line summary. Applied with a concise first-line summary.
  • CI status. A fresh CI run was triggered by commit 69fbac8e47; required jobs are being monitored before the PR leaves draft.

The Domain-Driven Design review returned no findings and considers the synthetic transaction, parent shadow, and child shadows one appropriate consistency boundary.

Post-fix evidence:

  • 2 PostgreSQL fault-injection tests passed.
  • 18 complete baseline/capture regression tests passed on fresh PostgreSQL.
  • Focused mypy and Ruff checks passed.

Resolution: all actionable findings from this review round were applied; none remain open.

@mikebridge mikebridge marked this pull request as ready for review July 10, 2026 20:32
@dosubot dosubot Bot added the change:backend Requires changing the backend label Jul 10, 2026

@rusackas rusackas left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, @mikebridge, LGTM. The connection-level SAVEPOINT is the right way to keep this atomic without recursively flushing inside before_flush, and the fault-injection tests are solid. Approving!

@bito-code-review

bito-code-review Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Code Review Agent Run #5eb4ab

Actionable Suggestions - 0
Review Details
  • Files reviewed - 3 · Commit Range: 69fbac8..69fbac8
    • superset/versioning/baseline/insertion.py
    • tests/integration_tests/versioning/conftest.py
    • tests/integration_tests/versioning/versions_api_tests.py
  • Files skipped - 0
  • Tools
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

@rusackas rusackas merged commit 4dde4d2 into apache:master Jul 10, 2026
97 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

change:backend Requires changing the backend size/L

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants