Skip to content

Verify strategy plugin mounts after deploy#161

Merged
Pigbibi merged 1 commit into
mainfrom
codex/verify-plugin-mount-deploy-20260617
Jun 16, 2026
Merged

Verify strategy plugin mounts after deploy#161
Pigbibi merged 1 commit into
mainfrom
codex/verify-plugin-mount-deploy-20260617

Conversation

@Pigbibi

@Pigbibi Pigbibi commented Jun 16, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • add a Cloud Run post-sync verifier for strategy plugin mounts
  • fail deploys when plugin mount JSON is empty, stale, mismatched, or points at unreadable GCS signals
  • wire the verifier into the deploy workflow after env sync

Validation

  • python3 -m py_compile scripts/verify_cloud_run_strategy_plugin_mounts.py
  • python3 -m ruff check scripts/verify_cloud_run_strategy_plugin_mounts.py
  • live Cloud Run/GCS mount verification for LongBridge paper, HK, and SG services

@Pigbibi Pigbibi merged commit 43d7316 into main Jun 16, 2026
1 check passed
@Pigbibi Pigbibi deleted the codex/verify-plugin-mount-deploy-20260617 branch June 16, 2026 20:28
chatgpt-codex-connector[bot]
chatgpt-codex-connector Bot reviewed Jun 16, 2026
View reviewed changes

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6deabb799a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/verify_cloud_run_strategy_plugin_mounts.py
Comment on lines +170 to +174
if expected_schema and str(signal.get("schema_version") or "").strip() != expected_schema:
raise ValueError(
f"{service}:{env_name} expected schema {expected_schema}, "
f"got {signal.get('schema_version')!r} at {signal_path}"
)

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 16, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Reject stale plugin signals before passing verification

When a mounted signal_path still contains valid JSON with the expected schema but an old as_of/generation timestamp, this verifier accepts it because the only content check after reading GCS is the optional schema_version comparison. That lets the new post-sync step report success while Cloud Run is left consuming a stale strategy-plugin signal, which is one of the failure modes this verifier is meant to catch.

Useful? React with 👍 / 👎.

Comment thread .github/workflows/sync-cloud-run-env.yml
Comment on lines +955 to +956
env:
STRATEGY_PLUGIN_MOUNT_ENV_NAMES: LONGBRIDGE_STRATEGY_PLUGIN_MOUNTS_JSON

@chatgpt-codex-connector chatgpt-codex-connector Bot Jun 16, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Pass allowed signal prefixes into the workflow

When an environment needs strategy-plugin signals from a bucket other than the hard-coded gs://qsl-runtime-logs-shared/ default, this workflow has no way to provide STRATEGY_PLUGIN_ALLOWED_SIGNAL_PREFIXES to the verifier even though the script reads it. GitHub configuration variables are not automatically exported into the runner environment, so a valid Cloud Run update can be applied and then fail verification solely because the override was never wired here.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Pigbibi