Upstream Repo Sync¶
The platform monorepo was built by subtree-merging 4 source repos. Until the migration is complete, changes land in the source repos and must be cherry-picked here.
Remotes¶
| Remote | URL | Monorepo prefix | Method |
|---|---|---|---|
inspect-action |
git@github.com:METR/inspect-action.git |
hawk/ |
cherry-pick -X subtree=hawk |
middleman |
git@github.com:metr-middleman/middleman-server.git |
middleman/ |
cherry-pick -X subtree=middleman |
datadog |
git@github.com:METR/datadog.git |
datadog/ |
cherry-pick -X subtree=datadog |
mp4-deploy |
git@github.com:METR/mp4-deploy.git |
core/, spacelift/, k8s/ |
format-patch + sed path rewrite |
Setup (first time only)¶
git remote add inspect-action git@github.com:METR/inspect-action.git
git remote add middleman git@github.com:metr-middleman/middleman-server.git
git remote add datadog git@github.com:METR/datadog.git
git remote add mp4-deploy git@github.com:METR/mp4-deploy.git
Sync Procedure¶
1. Fetch all remotes¶
git fetch inspect-action main && git fetch middleman main && git fetch datadog main && git fetch mp4-deploy main
2. Find the last synced commit for each repo¶
Match the commit message of the last cherry-picked commit against the remote's history:
3. Cherry-pick (inspect-action, middleman, datadog)¶
git cherry-pick -X subtree=hawk <last_synced_hash>..inspect-action/main
git cherry-pick -X subtree=middleman <last_synced_hash>..middleman/main
git cherry-pick -X subtree=datadog <last_synced_hash>..datadog/main
4. Cherry-pick (mp4-deploy)¶
mp4-deploy requires path rewriting because the monorepo renamed directories:
terraform/->core/terraform_spacelift/->spacelift/terraform_k8s/->k8s/
For each commit in <last_synced_hash>..mp4-deploy/main:
git format-patch -1 <commit> --stdout | \
sed \
-e 's|^diff --git a/terraform_spacelift/\(.*\) b/terraform_spacelift/\(.*\)|diff --git a/spacelift/\1 b/spacelift/\2|' \
-e 's|^--- a/terraform_spacelift/|--- a/spacelift/|' \
-e 's|^+++ b/terraform_spacelift/|+++ b/spacelift/|' \
-e 's|^diff --git a/terraform_k8s/\(.*\) b/terraform_k8s/\(.*\)|diff --git a/k8s/\1 b/k8s/\2|' \
-e 's|^--- a/terraform_k8s/|--- a/k8s/|' \
-e 's|^+++ b/terraform_k8s/|+++ b/k8s/|' \
-e 's|^diff --git a/terraform/\(.*\) b/terraform/\(.*\)|diff --git a/core/\1 b/core/\2|' \
-e 's|^--- a/terraform/|--- a/core/|' \
-e 's|^+++ b/terraform/|+++ b/core/|' \
| git am
5. Port Terraform changes to Pulumi¶
After cherry-picking, check if any Terraform changes need corresponding Pulumi updates in infra/. Common areas:
| TF module path | Pulumi equivalent | What to check |
|---|---|---|
hawk/terraform/modules/token_broker/ |
infra/hawk/token_broker.py |
IAM policies, env vars, Lambda config |
hawk/terraform/modules/dependency_validator/ |
infra/hawk/dependency_validator.py |
Timeout, memory, env vars |
hawk/terraform/modules/inspect_job_janitor/ |
infra/k8s/janitor.py |
RBAC, CronJob spec, Docker build |
hawk/terraform/modules/runner/ |
infra/hawk/ecr.py |
ECR config, scanning |
core/*.tf (mp4-deploy) |
infra/core/ |
VPC, EKS, ECR scanning, IAM |
datadog/ |
infra/datadog/monitors.py |
Monitor queries, thresholds, alerts |
Port changes in a separate PR to keep cherry-picks and Pulumi work reviewable independently.
Conflict Resolution¶
| Situation | Resolution |
|---|---|
| File was removed in monorepo restructure | git rm <file> then git cherry-pick --continue |
| Commit only touches removed files | Skip it: git cherry-pick --skip |
Lock file conflicts (uv.lock, yarn.lock) |
Take theirs: git checkout --theirs <file> && git add <file> |
format-patch fails to apply |
Manually apply the intent of the change |