Skip to content

ci: add wrapper output-forwarding gate (prevent v0.3.x-class regressions)#45

Open
dmchaledev wants to merge 1 commit into
mainfrom
claude/blissful-pascal-j3xdgg
Open

ci: add wrapper output-forwarding gate (prevent v0.3.x-class regressions)#45
dmchaledev wants to merge 1 commit into
mainfrom
claude/blissful-pascal-j3xdgg

Conversation

@dmchaledev

@dmchaledev dmchaledev commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Problem

The existing wrapper-forwarding CI job enforces that every wrapper module (sat-*, asm-*) exposes the same variable surface as its core module. There was no equivalent check for outputs.

The v0.3.x regression — post_patch_ssm_document_name, redis_endpoint, and redis_mode silently missing from all HA wrapper outputs.tf files — slipped through CI exactly because of this gap. Operators hit a terraform output redis_endpoint error at runtime, not at PR merge time.

Change

Add one new step — "Diff wrapper outputs against their core modules" — to the existing wrapper-forwarding job in .github/workflows/ci.yml.

The logic mirrors the variable-diff step directly above it:

for wrapper in "${!wrappers[@]}"; do
  core="${wrappers[$wrapper]}"
  core_outputs=$(grep -h '^output ' "modules/${core}/outputs.tf" | awk '{print $2}' | tr -d '"' | sort)
  wrapper_outputs=$(grep -h '^output ' "modules/${wrapper}/outputs.tf" | awk '{print $2}' | tr -d '"' | sort)
  missing=$(comm -23 <(echo "$core_outputs") <(echo "$wrapper_outputs") || true)
  ...
done

All 12 wrapper/core pairs are covered. If the core module adds a new output and any wrapper's outputs.tf doesn't re-export it, CI fails with a named list of missing outputs.

Why this is the right level

  • No new job, no new dependencies — pure shell in an existing job, adds ~5s to wall-clock.
  • Complementary to issue Add terraform test coverage for all 12 product wrapper modules #42 (which proposes terraform test for wrappers). That's the right long-term fix; this gate catches the specific class of omission immediately and cheaply.
  • All 12 pairs currently pass — the change is additive with no false positives on main.

Test plan

  • wrapper-forwarding job passes on this branch (all 12 wrappers already re-export full output surface after the v0.3.x fix)
  • Manually verify: temporarily remove one output block from a wrapper outputs.tf and confirm the step errors with the missing output name listed
  • terraform validate and tflint unaffected (only ci.yml changed)

Generated by Claude Code

@claude
ci: add wrapper output-forwarding gate to prevent v0.3.x-class regres…
ac305e0 
…sions

The existing wrapper-forwarding job checked that wrappers expose every
variable from their core module, but had no equivalent check for outputs.
The v0.3.x regression (post_patch_ssm_document_name, redis_endpoint,
redis_mode silently missing from HA wrappers) slipped through exactly
because of this gap.

Add a "Diff wrapper outputs against their core modules" step in the same
job. It mirrors the variable-diff logic: for each of the 12 wrapper/core
pairs, compare output names with comm -23 and fail if the wrapper is
missing any output the core declares. No new dependencies — pure shell.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01JiqETiysB7AxP9ypY1LetL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dmchaledev @claude