cdk-pipelines-github
cdk-pipelines-github copied to clipboard
JsonPatch escape hatches are applied twice in CI
YamlFile.writeFile() calls YamlFile.toYaml() which calls JsonPatch.apply(). There, patching is done with applyPatch() from fast-json-patch, which modifies the passed object.
In CI, we first call YamlFile.toYaml() in the diffProtection block, followed by YamlFile.writeFile().
This causes the patches to be applied twice. That works only if the patches are idempotent. If you define a patch that removes a list element:
pipeline.workflowFile.patch(JsonPatch.remove('/jobs/myJob/steps/0'))
The first element will be remove once locally, but twice in CI.
To fix this, we could:
- change YamlFile.toYaml() to clone the object before passing it to JsonPatch.apply()
- change JsonPatch.apply() to clone the document before applying patches
- change GitHubWorkflow.doBuildPipeline() to skip calling YamlFile.writeFile() in CI