fix: workflows using the same job agent syntax as deployments

[dacbd]

Summary by CodeRabbit

• Documentation

  • Updated job_agent block schema with provider-specific nested block options.

• Refactor

  • job_agent configuration changed: config attribute removed in favor of explicit nested blocks for argo_workflow, argocd, github, terraform_cloud, and test_runner.
  • Reduced job_agent required fields to name, ref, and selector.

[coderabbitai]

Warning

Rate limit exceeded

@dacbd has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 34 minutes and 28 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5704de86-0992-469d-a618-6db5893b8ce6

📥 Commits

Reviewing files that changed from the base of the PR and between 866e7ac and 3ef1ea3.

📒 Files selected for processing (1)

• internal/provider/workflow_resource.go

📝 Walkthrough

Walkthrough

This PR refactors the job_agent configuration schema from a generic config map to provider-specific nested blocks (argo_workflow, argocd, github, terraform_cloud, test_runner). It introduces shared dispatch configuration helpers, updates resource schemas, and adds validation to ensure exactly one dispatch block is configured per job agent.

Changes

Cohort / File(s)	Summary
Schema Documentation & Examples docs/resources/workflow.md, examples/resources/workflow/workflows.tf	Updated schema documentation and configuration examples to replace inline config map usage with explicit typed test_runner dispatch block syntax.
Dispatch Configuration Infrastructure internal/provider/job_agent_dispatch_config.go	New module defining Terraform schema, typed models, and helpers for five mutually-exclusive job-agent dispatch blocks (ArgoCD, Argo Workflow, GitHub, Terraform Cloud, Test Runner), including serialization, deserialization, and block-kind inference logic.
Workflow Resource internal/provider/workflow_resource.go, internal/provider/workflow_resource_test.go	Added ValidateConfig method to enforce exactly one dispatch block per job agent; refactored schema to use dispatch blocks instead of generic config map; updated API serialization and state mapping to use dispatch-block conversion helpers.
Deployment Resource Refactoring internal/provider/deployment_resource.go	Removed inline schema and per-block model logic; delegated to shared jobAgentDispatchConfigBlocks() helpers; refactored validation and API payload construction to use dispatch-block conversion utilities, reducing code by ~340 lines.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• #39: Both PRs directly modify the workflow and job_agent configuration feature, refactoring schema and validation logic.
• #43: Both PRs refactor job_agent handling to replace generic config maps with provider-specific typed dispatch blocks and shared helpers.
• #32: Both PRs touch job_agent dispatch configuration (terraform_cloud block) and related deployment resource config schema changes.

Suggested reviewers

• mleonidas

Poem

🐰 From tangled maps to blocks so clear,
Each agent finds its home right here,
Typed dispatch brings order true,
Config chaos—nothing new! ✨
—The Code Rabbit

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: standardizing job agent configuration syntax across both workflows and deployments by replacing generic config maps with provider-specific dispatch blocks.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dacbd/rework-jobagent-config

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 34 minutes and 28 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@docs/resources/workflow.md`:
- Around line 40-46: Update the Go schema Description fields for the job_agent
resource so the generated docs clearly state that exactly one nested dispatch
block must be chosen: modify the Description on the job_agent Schema (and/or the
parent resource schema builder function that defines job_agent) to read
something like “Exactly one of the following blocks must be set: argo_workflow,
argocd, github, terraform_cloud, test_runner” and also append a short
mutually-exclusive note to each nested block’s Description (argo_workflow,
argocd, github, terraform_cloud, test_runner) so terraform-plugin-docs will emit
the exactly-one-of constraint in the generated markdown; leave validation logic
as-is.

In `@internal/provider/job_agent_dispatch_config.go`:
- Around line 373-406: The current inferDispatchBlockType is too permissive and
can misclassify partial configs; update it so it only returns a type when
unambiguous discriminator fields are present (otherwise return ""), i.e.
keep/require only truly unique selectors: for github only return "github" when
gh.Owner, gh.Repo, gh.InstallationId, or gh.WorkflowId are set; for
terraform_cloud only when tfc.Organization, tfc.Address, or
tfc.TriggerRunOnChange are set; for test_runner only when tr.DelaySeconds or
tr.Status are set; for argo_workflow only when aw.WebhookSecret,
aw.HttpInsecure, or aw.Name are set; for argocd only when ac.ServerUrl,
ac.Template, or ac.ApiKey are set—do not attempt to infer from ambiguous
single-field payloads like github.ref, test_runner.message, or
terraform_cloud.token, and return "" when none of these unambiguous
discriminators match.

In `@internal/provider/workflow_resource.go`:
- Around line 359-377: priorByName currently collapses duplicate job_agent
entries by using only Name as the map key; either enforce Name uniqueness in
validation or preserve prior state by using a non-colliding key (e.g., composite
key or index). Fix by replacing priorByName with a map keyed by a composite of
unique fields (for example Name+Ref+Selector or Name+Ref+Selector+index) when
building the prior map from data.JobAgents, and look up using the same composite
key when iterating w.JobAgents before calling
setJobAgentDispatchBlocksFromConfig and agent.setDispatchBlocks; alternatively,
if Name is intended to be unique, add validation logic to enforce uniqueness of
Name in the resource schema and keep the existing lookup logic.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c957970f-b1b3-4be6-a4fd-548f71ae8c5e

📥 Commits

Reviewing files that changed from the base of the PR and between 487551f and 866e7ac.

📒 Files selected for processing (6)

• docs/resources/workflow.md
• examples/resources/workflow/workflows.tf
• internal/provider/deployment_resource.go
• internal/provider/job_agent_dispatch_config.go
• internal/provider/workflow_resource.go
• internal/provider/workflow_resource_test.go

[coderabbitai]

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Document that job_agent must choose exactly one dispatch block.

These generated docs currently read as if all five nested blocks are independently optional, but the provider rejects both zero and multiple selections. Please surface the exactly-one-of constraint through the schema descriptions so users see it in the published docs instead of only at plan time.

Based on learnings docs/resources/policy.md is auto-generated by terraform-plugin-docs, so this needs to be fixed in the Go schema Description fields rather than by editing the generated markdown.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@docs/resources/workflow.md` around lines 40 - 46, Update the Go schema
Description fields for the job_agent resource so the generated docs clearly
state that exactly one nested dispatch block must be chosen: modify the
Description on the job_agent Schema (and/or the parent resource schema builder
function that defines job_agent) to read something like “Exactly one of the
following blocks must be set: argo_workflow, argocd, github, terraform_cloud,
test_runner” and also append a short mutually-exclusive note to each nested
block’s Description (argo_workflow, argocd, github, terraform_cloud,
test_runner) so terraform-plugin-docs will emit the exactly-one-of constraint in
the generated markdown; leave validation logic as-is.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

The fallback block-type inference is unsafe for partial configs.

When there is no prior state, this heuristic misses valid one-field payloads like github.ref, test_runner.message, and terraform_cloud.token, and it can also misclassify Argo Workflow payloads that only use shared keys (apiKey/serverUrl/template) as argocd. That means import/first read can hydrate the wrong block or none at all. The safer fallback is to infer only from unambiguous discriminator fields and otherwise leave the block unset until config provides the type.

Based on learnings the deployment Read path intentionally produces empty nested blocks after terraform import when no prior state exists, so falling back to “unset” on ambiguous payloads is already an accepted pattern in this repository.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@internal/provider/job_agent_dispatch_config.go` around lines 373 - 406, The
current inferDispatchBlockType is too permissive and can misclassify partial
configs; update it so it only returns a type when unambiguous discriminator
fields are present (otherwise return ""), i.e. keep/require only truly unique
selectors: for github only return "github" when gh.Owner, gh.Repo,
gh.InstallationId, or gh.WorkflowId are set; for terraform_cloud only when
tfc.Organization, tfc.Address, or tfc.TriggerRunOnChange are set; for
test_runner only when tr.DelaySeconds or tr.Status are set; for argo_workflow
only when aw.WebhookSecret, aw.HttpInsecure, or aw.Name are set; for argocd only
when ac.ServerUrl, ac.Template, or ac.ApiKey are set—do not attempt to infer
from ambiguous single-field payloads like github.ref, test_runner.message, or
terraform_cloud.token, and return "" when none of these unambiguous
discriminators match.