cdk-pipelines-github icon indicating copy to clipboard operation
cdk-pipelines-github copied to clipboard

Published 20 hours ago verified publisher icon cdklabs

JsonPatch escape hatches are applied twice in CI

Open christophgysin opened this issue 1 year ago • 0 comments

YamlFile.writeFile() calls YamlFile.toYaml() which calls JsonPatch.apply(). There, patching is done with applyPatch() from fast-json-patch, which modifies the passed object.

In CI, we first call YamlFile.toYaml() in the diffProtection block, followed by YamlFile.writeFile().

This causes the patches to be applied twice. That works only if the patches are idempotent. If you define a patch that removes a list element:

pipeline.workflowFile.patch(JsonPatch.remove('/jobs/myJob/steps/0'))

The first element will be remove once locally, but twice in CI.

To fix this, we could:

  • change YamlFile.toYaml() to clone the object before passing it to JsonPatch.apply()
  • change JsonPatch.apply() to clone the document before applying patches
  • change GitHubWorkflow.doBuildPipeline() to skip calling YamlFile.writeFile() in CI

christophgysin avatar Oct 17 '22 14:10 christophgysin