IFC-1361: Merge core read only repositories on branch merge

[solababs]

Fixes #5978

This PR adds functionality for merging modified read only repositories from other branches into main branch. Existing implementation takes care of merging modified core repositories.

Summary by CodeRabbit

• New Features

  • Added support for merging read-only repositories during branch merge operations.
  • Enhanced repository merge workflow to handle different repository types with appropriate processing logic.

• Improvements

  • Improved merge operation logging for better visibility into repository merge activities.
  • Made branch configuration more flexible for repository merge workflows.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The changes implement handling for read-only repository merging during branch operations. The code extends the merge workflow to distinguish between CoreRepository and CoreReadOnlyRepository types through a new repository_kind field. New asynchronous methods are added to query and process each repository type separately, enqueuing GitRepositoryMerge workflows with the appropriate kind identifier. The merge task handler is updated to route read-only repositories through a dedicated merge path that compares and propagates source repository references to the destination. The GitRepositoryMerge model is modified to include the repository_kind field and make the default_branch field optional.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'IFC-1361: Merge core read only repositories on branch merge' clearly summarizes the main change: adding functionality to merge read-only repositories during branch merges.
Linked Issues check	✅ Passed	The PR implementation addresses issue #5978 by adding merge functionality for CoreReadOnlyRepository alongside CoreRepository, enabling read-only repository refs to update on main branch.
Out of Scope Changes check	✅ Passed	All changes are within scope: merge logic for read-only repositories [#5978], model updates to support repository_kind, task handling for both repository types, and test updates.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sb-20251021-update-read-only-repo-ifc-1361

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 575bf26 and fe40c4e.

📒 Files selected for processing (4)

• backend/infrahub/core/merge.py (3 hunks)
• backend/infrahub/git/models.py (1 hunks)
• backend/infrahub/git/tasks.py (3 hunks)
• backend/tests/unit/git/test_git_rpc.py (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (3)

• backend/infrahub/git/tasks.py
• backend/tests/unit/git/test_git_rpc.py
• backend/infrahub/git/models.py

🧰 Additional context used

🧬 Code graph analysis (1)

backend/infrahub/core/merge.py (3)

backend/infrahub/core/manager.py (4)

• NodeManager (78-1411)
• query (81-98)
• query (102-119)
• query (122-216)

backend/infrahub/git/models.py (1)

• GitRepositoryMerge (86-96)

backend/infrahub/services/adapters/workflow/local.py (1)

• submit_workflow (33-41)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: E2E-testing-version-upgrade / From 1.3.0
• GitHub Check: backend-benchmark
• GitHub Check: backend-tests-integration
• GitHub Check: E2E-testing-playwright
• GitHub Check: json-schema
• GitHub Check: validate-generated-documentation
• GitHub Check: documentation
• GitHub Check: backend-docker-integration
• GitHub Check: backend-tests-functional
• GitHub Check: backend-tests-unit
• GitHub Check: Cloudflare Pages

🔇 Additional comments (1)

backend/infrahub/core/merge.py (1)

5-16: Imports and GitRepositoryMerge wiring look consistent

The added imports for InfrahubKind and CoreReadOnlyRepository, plus the use of GitRepositoryMerge with a repository_kind discriminator, are consistent with the GitRepositoryMerge model and provide a clear way for the workflow to distinguish between core and read‑only repositories. No issues here.

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

backend/infrahub/git/tasks.py (1)

479-479: Consider a more explicit condition for read-only repository detection.

The condition elif not model.default_branch: implicitly distinguishes read-only repositories. This could be clearer by checking the repository kind directly or adding a comment explaining the logic.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a30f870 and 8d6bc0e.

📒 Files selected for processing (5)

• backend/infrahub/core/merge.py (2 hunks)
• backend/infrahub/git/models.py (1 hunks)
• backend/infrahub/git/tasks.py (3 hunks)
• backend/tests/unit/core/diff/test_coordinator_lock.py (2 hunks)
• changelog/5978.added.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{md,mdx}

📄 CodeRabbit inference engine (CLAUDE.md)

Lint Markdown/MDX files with markdownlint using .markdownlint.yaml

Files:

• changelog/5978.added.md

backend/**/*

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Run backend tests with pytest or via invoke tasks

Files:

• backend/infrahub/git/models.py
• backend/infrahub/git/tasks.py
• backend/tests/unit/core/diff/test_coordinator_lock.py
• backend/infrahub/core/merge.py

**/*.py

📄 CodeRabbit inference engine (.github/instructions/python-docstring.instructions.md)

**/*.py: Use triple double quotes (""") for all Python docstrings
Write docstrings in Google-style format
Include a brief one-line description at the top of each docstring
Add a detailed description section when additional context is needed
Document function/method parameters under an Args/Parameters section without typing information
Include a Returns section describing the return value
Include a Raises section listing possible exceptions
Provide an Examples section demonstrating usage when helpful

Use ruff and mypy to validate and lint Python files

**/*.py: Use type hints for all Python function parameters and return values
Prefer asynchronous code in Python when feasible
Define asynchronous Python functions with async def
Use await for asynchronous calls in Python
Use Pydantic models instead of standard dataclasses
Use ruff and mypy for linting and type checking

**/*.py: Use type hints for all Python function parameters and return values
Use async/await whenever possible in Python code
Define asynchronous functions with async def
Await asynchronous calls with await
Use Pydantic models instead of standard dataclasses for data modeling
Use triple quotes (""") for all Python docstrings
Write docstrings in Google-style format
Include docstring sections when applicable: one-line summary, optional details, Args (without types), Returns, Raises, Examples
Validate and lint Python with ruff and mypy

Files:

• backend/infrahub/git/models.py
• backend/infrahub/git/tasks.py
• backend/tests/unit/core/diff/test_coordinator_lock.py
• backend/infrahub/core/merge.py

backend/tests/**/*

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Place backend tests in backend/tests/

Files:

• backend/tests/unit/core/diff/test_coordinator_lock.py

🧬 Code graph analysis (4)

backend/infrahub/git/models.py (1)

backend/infrahub/git/base.py (1)

• default_branch (175-176)

backend/infrahub/git/tasks.py (1)

backend/infrahub/message_bus/types.py (1)

• kind (72-75)

backend/tests/unit/core/diff/test_coordinator_lock.py (3)

backend/infrahub/core/schema/__init__.py (1)

• SchemaRoot (47-99)

backend/infrahub/core/schema/manager.py (1)

• register_schema (202-209)

backend/infrahub/core/branch/models.py (1)

• update_schema_hash (125-133)

backend/infrahub/core/merge.py (4)

backend/infrahub/core/protocols.py (2)

• CoreReadOnlyRepository (495-497)
• CoreRepository (500-502)

backend/infrahub/core/manager.py (4)

• NodeManager (135-1363)
• query (138-155)
• query (159-176)
• query (179-273)

backend/infrahub/git/models.py (1)

• GitRepositoryMerge (86-95)

backend/infrahub/services/adapters/workflow/local.py (1)

• submit_workflow (33-41)

🪛 LanguageTool

changelog/5978.added.md

[grammar] ~1-~1: Use a hyphen to join words.
Context: Merge core read only repositories on branch merge

(QB_NEW_EN_HYPHEN)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (10)

• GitHub Check: E2E-testing-version-upgrade / From 1.3.0
• GitHub Check: E2E-testing-invoke-demo-start
• GitHub Check: backend-benchmark
• GitHub Check: E2E-testing-playwright
• GitHub Check: backend-docker-integration
• GitHub Check: validate-generated-documentation
• GitHub Check: backend-tests-functional
• GitHub Check: documentation
• GitHub Check: backend-tests-integration
• GitHub Check: backend-tests-unit

🔇 Additional comments (9)

backend/infrahub/git/tasks.py (2)

455-455: LGTM - Logger initialization.

Adding logger initialization improves observability for the merge workflow.

---

465-477: LGTM - Enhanced logging for STAGING merge path.

The added logging statements provide clear visibility into the merge workflow progress.

backend/tests/unit/core/diff/test_coordinator_lock.py (2)

19-19: LGTM - Import for read-only repository schema.

The import is correctly added to support registering read-only repository schemas in tests.

---

58-65: LGTM - Test setup extended for read-only repositories.

The test fixture now registers both regular and read-only repository schemas, mirroring the production behavior introduced in this PR. The duplication is intentional to create two separate schema registrations.

backend/infrahub/core/merge.py (3)

9-9: LGTM - Import updated for read-only repositories.

The import correctly includes CoreReadOnlyRepository to support the new merge workflow.

---

226-227: LGTM - Repository merge logic separated.

The refactoring separates read-only and regular repository merges, improving code clarity and maintainability.

---

249-273: LGTM - Regular repository merge logic preserved.

The existing merge logic for regular repositories is correctly preserved with appropriate status checks and conditional merge criteria.

backend/infrahub/git/models.py (2)

91-91: Optional internal_status is properly handled—no changes needed.

All code paths correctly handle None values:

• Equality comparisons (if model.internal_status == RepositoryInternalStatus.ACTIVE.value) safely return False when None, preventing unwanted execution paths
• InfrahubRepository.new() uses a default value ("active") for the field, preventing runtime errors
• No attribute access or method calls are performed on internal_status without prior validation

---

95-95: No issues found - code safely handles optional default_branch field.

The field default_branch_name: str | None in InfrahubRepositoryBase (backend/infrahub/git/base.py:143) is properly handled through a property at line 175-176 that returns self.default_branch_name or registry.default_branch. Even when model.default_branch is None and passed to InfrahubRepository.init() as default_branch_name, accessing repo.default_branch safely returns a fallback value, ensuring all code paths receive a valid string.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use hyphenation for compound adjective.

The phrase "read only" should be hyphenated as "read-only" when used as a compound adjective.

Apply this diff:

-Merge core read only repositories on branch merge
+Merge core read-only repositories on branch merge

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	Merge core read only repositories on branch merge
	Merge core read-only repositories on branch merge

🧰 Tools

🪛 LanguageTool

[grammar] ~1-~1: Use a hyphen to join words.
Context: Merge core read only repositories on branch merge

(QB_NEW_EN_HYPHEN)

🤖 Prompt for AI Agents

In changelog/5978.added.md around lines 1 to 1 the phrase "read only" is used as
a compound adjective; update it to "read-only" so the line reads "Merge core
read-only repositories on branch merge".

[codspeed-hq]

CodSpeed Performance Report

Merging #7459 will not alter performance

_{Comparing sb-20251021-update-read-only-repo-ifc-1361 (fe40c4e) with release-1.6 (f340ef7)}

Summary

✅ 10 untouched

[ogenstad]

I wonder if an issue with this is that the repositories are branch agnostic nodes but for the read-only repositories the commit is a branch aware attribute. So perhaps the issue here is actually that we don't merge such an attribute. Can can talk about this in the backend meeting tomorrow.

[ogenstad]

The read-only repository would also have an internal_status attribute so I don't think we need to make this optional. We can just include the information we got in the query when creating the GitRepositoryMerge model.

[ogenstad]

Instead of using InfrahubKind.GENERICREPOSITORY, I'd suggest that we add a string "repository_type" to GitRepositoryMerge and log the correct type.

[ogenstad]

Instead of checking if a default_branch has been set I'd suggest we check against the "repository_type" I mentioned above both for read only repository here and for the other kind just above.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

backend/infrahub/git/models.py (1)

86-96: Keep internal_status required on GitRepositoryMerge and populate it for read‑only merges

The domain model treats internal_status as always present for repositories (including read‑only ones), while only default_branch is naturally optional. Making internal_status optional here mainly compensates for not passing it from some call sites (e.g., merge_core_read_only_repositories), and forces downstream workflow logic to handle a None that should not really occur.

To keep the contract tighter and consistent with GitRepositoryAddReadOnly and RepositoryBranchInfo, consider:

• Keeping default_branch optional (as now), but reverting internal_status to required:

  internal_status: str = Field(..., description="Administrative status of the repository")

• Updating the read‑only merge path to pass it through (see comment in merge_core_read_only_repositories), e.g. internal_status=repo.internal_status.value.

This preserves flexibility around default_branch while avoiding a nullable internal_status that does not reflect the underlying data model.

🧹 Nitpick comments (1)

backend/infrahub/core/merge.py (1)

225-247: Read‑only repo merge behavior: confirm eligibility rules and propagate internal_status

The split into merge_core_read_only_repositories() and merge_core_repositories() is a good separation of concerns and keeps the main merge_repositories() logic readable.

For the read‑only path specifically:

1. No status/sync gating vs. core repos

   • Core repos are gated by internal_status and sync_with_git:
     • INACTIVE repos are skipped.
     • Merges only occur when self.source_branch.sync_with_git or internal_status == STAGING.
   • Read‑only repos are merged unconditionally as long as they exist in both branches.

   If the intent is that read‑only repos should always have their branch‑scoped ref/commit aligned on merge (regardless of internal_status), this difference is fine but a brief comment would help future maintainers understand why they diverge.

   If instead they are meant to obey the same lifecycle semantics as core repos, consider reusing the same gating checks here.

2. Pass internal_status into GitRepositoryMerge

   Assuming CoreReadOnlyRepository exposes an internal_status similar to CoreRepository, you can enrich the workflow input and avoid the need for an optional internal_status on GitRepositoryMerge by including it here:

   model = GitRepositoryMerge(
       repository_id=repo.id,
       repository_name=repo.name.value,
       internal_status=repo.internal_status.value,
       source_branch=self.source_branch.name,
       destination_branch=self.destination_branch.name,
       destination_branch_id=str(self.destination_branch.get_uuid()),
   )

   That keeps the merge workflow’s contract consistent across core and read‑only repositories and may allow tightening GitRepositoryMerge.internal_status back to a required field.

3. Make the “main” query branch explicit (optional)

   For readability and to avoid relying on NodeManager’s implicit default branch, you could mirror the branch usage from the rest of BranchMerger:

   repos_in_main_list = await NodeManager.query(
       schema=CoreReadOnlyRepository,
       db=self.db,
       branch=self.destination_branch,
   )

   This makes it clear that “main” here is exactly the destination_branch used for the graph merge.

None of these points are blockers, but clarifying the intended eligibility rules and passing internal_status would tighten the API and reduce surprises for consumers of the merge workflow.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b5bdb7a and 232503e.

📒 Files selected for processing (3)

• backend/infrahub/core/merge.py (2 hunks)
• backend/infrahub/git/models.py (1 hunks)
• backend/infrahub/git/tasks.py (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/infrahub/git/tasks.py

🧰 Additional context used

🧬 Code graph analysis (1)

backend/infrahub/core/merge.py (4)

backend/infrahub/core/manager.py (4)

• NodeManager (78-1411)
• query (81-98)
• query (102-119)
• query (122-216)

backend/infrahub/git/models.py (1)

• GitRepositoryMerge (86-95)

backend/infrahub/core/node/standard.py (1)

• get_uuid (65-69)

backend/infrahub/services/adapters/workflow/local.py (1)

• submit_workflow (33-41)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: validate-generated-documentation
• GitHub Check: documentation
• GitHub Check: backend-tests-integration
• GitHub Check: backend-tests-functional
• GitHub Check: backend-tests-unit
• GitHub Check: Cloudflare Pages

🔇 Additional comments (1)

backend/infrahub/core/merge.py (1)

5-16: New CoreReadOnlyRepository import is appropriate and scoped

The added CoreReadOnlyRepository import cleanly reflects the new read‑only merge behavior introduced below and keeps dependencies constrained to the protocols module. No issues from a dependency or layering perspective.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 232503e and 575bf26.

📒 Files selected for processing (5)

• backend/infrahub/core/enums.py (1 hunks)
• backend/infrahub/core/merge.py (3 hunks)
• backend/infrahub/git/models.py (2 hunks)
• backend/infrahub/git/tasks.py (4 hunks)
• backend/tests/unit/git/test_git_rpc.py (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/infrahub/git/tasks.py

🧰 Additional context used

🧬 Code graph analysis (3)

backend/infrahub/git/models.py (2)

backend/infrahub/core/enums.py (1)

• RepositoryTypes (20-22)

backend/infrahub/git/base.py (1)

• default_branch (187-188)

backend/tests/unit/git/test_git_rpc.py (1)

backend/infrahub/core/enums.py (1)

• RepositoryTypes (20-22)

backend/infrahub/core/merge.py (4)

backend/infrahub/git/models.py (1)

• GitRepositoryMerge (87-97)

backend/infrahub/core/enums.py (1)

• RepositoryTypes (20-22)

backend/infrahub/core/manager.py (4)

• NodeManager (78-1411)
• query (81-98)
• query (102-119)
• query (122-216)

backend/infrahub/services/adapters/workflow/local.py (1)

• submit_workflow (33-41)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: documentation
• GitHub Check: json-schema
• GitHub Check: validate-generated-documentation
• GitHub Check: Cloudflare Pages

🔇 Additional comments (4)

backend/infrahub/git/models.py (1)

4-4: LGTM: Model changes support both repository types.

The changes correctly distinguish between CoreRepository and CoreReadOnlyRepository workflows:

• default_branch is now optional (used only for CoreRepository, not CoreReadOnlyRepository)
• repository_type explicitly identifies the repository kind for downstream processing

Also applies to: 96-97

backend/infrahub/core/enums.py (1)

18-22: LGTM: Clean enum definition for repository types.

The enum provides type-safe distinction between CoreRepository and CoreReadOnlyRepository, used consistently across the merge workflow.

backend/tests/unit/git/test_git_rpc.py (1)

14-14: LGTM: Test correctly updated for new required field.

The test now explicitly sets repository_type=RepositoryTypes.CoreRepository, matching the updated GitRepositoryMerge model signature.

Also applies to: 147-147

backend/infrahub/core/merge.py (1)

9-9: LGTM: Repository merge workflow properly split by type.

The refactoring cleanly separates CoreRepository and CoreReadOnlyRepository merge paths, with explicit repository_type fields passed to workflows for proper routing downstream.

Also applies to: 17-17, 227-228, 275-275

[gmazoyer]

Could this be removed if you used the InfrahubKind constants such as REPOSITORY and READONLYREPOSITORY?

[gmazoyer]

In other places we use repository_kind: str = Field(..., description="The kind of the repository"). Could this serve the same purpose?