fix: run update-kustomize-tag step even when test step fails #407

Merged

forgejo_admin merged 1 commit from 405-fix-kustomize-tag-on-test-failure into main

2026-04-08 22:29:34 +00:00

forgejo_admin commented

2026-04-08 22:25:13 +00:00

Owner

Summary

When the test step fails, Woodpecker skips update-kustomize-tag even though it only depends on build-and-push. This means merged code with a passing build never gets deployed to ArgoCD. Adding status: [success, failure] ensures the tag update runs regardless of test outcome.

Changes

.woodpecker.yaml — added status: [success, failure] to the update-kustomize-tag step's when clause

Test Plan

YAML validated with python3 -c "import yaml; yaml.safe_load(open('.woodpecker.yaml'))"
Verified diff is a single-line addition to the correct step (not build-and-push)
Pattern matches pal-e-platform PR #275

Review Checklist

YAML parse-validated per feedback_yaml_parse_validation
Only update-kustomize-tag step modified
Step still only runs on push to main
Step still depends on build-and-push

None — CI config change only.

Closes #405
pal-e-platform PR #275 (same fix for the reference template)
Blocked: #389 validation (image 16b96f5 never deployed)

## Summary When the test step fails, Woodpecker skips `update-kustomize-tag` even though it only depends on `build-and-push`. This means merged code with a passing build never gets deployed to ArgoCD. Adding `status: [success, failure]` ensures the tag update runs regardless of test outcome. ## Changes - `.woodpecker.yaml` — added `status: [success, failure]` to the `update-kustomize-tag` step's `when` clause ## Test Plan - YAML validated with `python3 -c "import yaml; yaml.safe_load(open('.woodpecker.yaml'))"` - Verified diff is a single-line addition to the correct step (not `build-and-push`) - Pattern matches pal-e-platform PR #275 ## Review Checklist - [x] YAML parse-validated per `feedback_yaml_parse_validation` - [x] Only `update-kustomize-tag` step modified - [x] Step still only runs on push to main - [x] Step still depends on `build-and-push` ## Related Notes None — CI config change only. ## Related - Closes #405 - pal-e-platform PR #275 (same fix for the reference template) - Blocked: #389 validation (image `16b96f5` never deployed)

forgejo_admin added 1 commit

2026-04-08 22:25:13 +00:00

fix: run update-kustomize-tag step even when test step fails

ci/woodpecker/pr/woodpecker Pipeline was successful

Details

03075be462

When the test step fails, Woodpecker skips all subsequent steps
including update-kustomize-tag, even though it only depends on
build-and-push. Adding status: [success, failure] ensures the
kustomize tag update runs whenever build-and-push completes,
regardless of test outcome. Matches pal-e-platform PR #275.

Closes #405

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

forgejo_admin commented

2026-04-08 22:27:07 +00:00

Author

Owner

QA Review -- PR #407

Scope: Single-line CI config change to .woodpecker.yaml. Adds status: [success, failure] to the update-kustomize-tag step's when clause.

Checks

Check	Result
Correct step modified (`update-kustomize-tag`, not `build-and-push`)	PASS
`depends_on: build-and-push` preserved	PASS
`event: push` + `branch: main` preserved	PASS
YAML parse-validated	PASS (per test plan)
Matches pal-e-platform PR #275 pattern	PASS
No unrelated changes	PASS (1 file, +1 line)

Nit

The reference template (pal-e-platform PR #275) added an explanatory comment above the when clause:

  # Run even when unrelated steps (e.g. test) fail — deploy depends only on
  # build-and-push, which is enforced by depends_on above.

Consider adding this comment for consistency with the canonical template. Non-blocking.

VERDICT: APPROVED

## QA Review -- PR #407 **Scope:** Single-line CI config change to `.woodpecker.yaml`. Adds `status: [success, failure]` to the `update-kustomize-tag` step's `when` clause. ### Checks | Check | Result | |-------|--------| | Correct step modified (`update-kustomize-tag`, not `build-and-push`) | PASS | | `depends_on: build-and-push` preserved | PASS | | `event: push` + `branch: main` preserved | PASS | | YAML parse-validated | PASS (per test plan) | | Matches pal-e-platform PR #275 pattern | PASS | | No unrelated changes | PASS (1 file, +1 line) | ### Nit The reference template (pal-e-platform PR #275) added an explanatory comment above the `when` clause: ```yaml # Run even when unrelated steps (e.g. test) fail — deploy depends only on # build-and-push, which is enforced by depends_on above. ``` Consider adding this comment for consistency with the canonical template. Non-blocking. **VERDICT: APPROVED**

forgejo_admin commented

2026-04-08 22:28:09 +00:00

Author

Owner

PR #407 Review

DOMAIN REVIEW

Stack: Woodpecker CI (YAML pipeline config)

The change adds status: [success, failure] to the update-kustomize-tag step's when clause. This is a well-understood Woodpecker CI pattern that allows a step to execute regardless of whether prior steps (specifically test) passed or failed.

Key observations:

The update-kustomize-tag step has depends_on: [build-and-push], NOT depends_on: [test]. This means the step only waits for the image build, which is correct -- you want to deploy the built image even if tests failed.
Without status: [success, failure], Woodpecker's default behavior skips all remaining steps once any step fails. The test step failing would prevent tag update even though the dependency chain (build-and-push) succeeded.
The YAML indentation is correct: status is at the same level as event and branch, making it a property of the same when condition.
This matches the canonical fix applied in pal-e-platform PR #275 to the woodpecker-update-tag-step.yaml template.

No issues found. The fix is minimal, correct, and well-scoped.

BLOCKERS

None.

NITS

The reference template at scripts/woodpecker-update-tag-step.yaml in pal-e-platform should also be updated with this status line (confirmed PR #275 handles this separately -- just noting the dependency for completeness).

SOP COMPLIANCE

Branch named after issue: 405-fix-kustomize-tag-on-test-failure
PR body follows template (Summary, Changes, Test Plan, Related)
Related references parent issue (Closes #405) and cross-repo precedent (pal-e-platform PR #275)
No secrets committed
YAML parse-validated per PR checklist
No scope creep -- single line addition to the correct step
Commit message is descriptive

PROCESS OBSERVATIONS

This fix directly unblocks deployment for merged code. Issue #389 validation was blocked because image 16b96f5 never deployed due to this exact problem. Fixing this improves deployment frequency (DORA DF) and reduces mean time to recovery (MTTR) by ensuring the CD pipeline is not gated on test results that are orthogonal to the build artifact.

VERDICT: APPROVED

## PR #407 Review ### DOMAIN REVIEW **Stack**: Woodpecker CI (YAML pipeline config) The change adds `status: [success, failure]` to the `update-kustomize-tag` step's `when` clause. This is a well-understood Woodpecker CI pattern that allows a step to execute regardless of whether prior steps (specifically `test`) passed or failed. Key observations: - The `update-kustomize-tag` step has `depends_on: [build-and-push]`, NOT `depends_on: [test]`. This means the step only waits for the image build, which is correct -- you want to deploy the built image even if tests failed. - Without `status: [success, failure]`, Woodpecker's default behavior skips all remaining steps once any step fails. The `test` step failing would prevent tag update even though the dependency chain (`build-and-push`) succeeded. - The YAML indentation is correct: `status` is at the same level as `event` and `branch`, making it a property of the same `when` condition. - This matches the canonical fix applied in pal-e-platform PR #275 to the `woodpecker-update-tag-step.yaml` template. No issues found. The fix is minimal, correct, and well-scoped. ### BLOCKERS None. ### NITS 1. The reference template at `scripts/woodpecker-update-tag-step.yaml` in pal-e-platform should also be updated with this `status` line (confirmed PR #275 handles this separately -- just noting the dependency for completeness). ### SOP COMPLIANCE - [x] Branch named after issue: `405-fix-kustomize-tag-on-test-failure` - [x] PR body follows template (Summary, Changes, Test Plan, Related) - [x] Related references parent issue (Closes #405) and cross-repo precedent (pal-e-platform PR #275) - [x] No secrets committed - [x] YAML parse-validated per PR checklist - [x] No scope creep -- single line addition to the correct step - [x] Commit message is descriptive ### PROCESS OBSERVATIONS This fix directly unblocks deployment for merged code. Issue #389 validation was blocked because image `16b96f5` never deployed due to this exact problem. Fixing this improves deployment frequency (DORA DF) and reduces mean time to recovery (MTTR) by ensuring the CD pipeline is not gated on test results that are orthogonal to the build artifact. ### VERDICT: APPROVED