can-i-deploy

question: First: • We create a build of our consumer at version

consumer-v1

and publish the contracts • The provider verifies those contracts ✅ •

can-i-deploy

returns true • We release consumer version

consumer-v1

to the environment ` Then: • We create a build of our consumer at version

consumer-v2

and publish the contracts ◦ These contracts are slightly different to the previous version from

consumer-v1

• The provider verifies those contracts ✅ •

can-i-deploy

returns true • We release consumer version

consumer-v2

to the environment Later: • We revert the changes from the consumer, producing a new consumer version

consumer-v3

and publish the contracts ◦ The JSON for these contracts is identical to those published by

consumer-v1

Should

can-i-deploy

return

true

in this instance (assuming the provider hasn't been deployed)? Or does the provider need to explicitly verify this consumer version?

(assuming the provider hasn’t been deployed)?

I think this breaks your example, yes? Because if the provider has never been deployed, all can-i-deploy queries should return false. Anyway, to your question:

Or does the provider need to explicitly verify this consumer version?

No, the provider doesn’t need to re-verify the same contract with a new version. The broker hashes the contract contents, and knows that it is already verified. See https://docs.pact.io/getting_started/versioning_in_the_pact_broker for more details.

Thanks for confirming. I should have been more precise - I meant "assuming the provider hasn't been deployed *again since*" 😉

No, the provider doesn’t need to re-verify the same contract with a new version

That was my understanding. I was trying to figure out why it wasn't working here (given my understanding of how the hashing works). It turns out the other team had released the provider subsequently. They don't have

can-i-deploy

integrated into their pipeline yet and hadn't checked the current contracts (only the new contracts we'd asked them to check)

Ah! That’s going to be a problem, because can-i-deploy needs to know what is and isn’t deployed in order to reason about it. So, your can-i-deploy check will be untrustworthy if the provider isn’t doing record-deployment (etc)

yes, absolutely.

It turns out the other team had released the provider subsequently. They don’t have can-i-deploy integrated into their pipeline yet

FWIW, this problem is the other reason I wrote absolute version - so (when integrated) I could query a health endpoint and get back exactly what was deployed by the other team.