infrahub-server 1.5.0b1__py3-none-any.whl → 1.5.1__py3-none-any.whl

infrahub/profiles/queries/get_profile_data.py

@@ -57,18 +57,17 @@ CALL (profile, attr) {
     ORDER BY r.branch_level DESC, r.from DESC, r.status ASC
     RETURN r.status = "active" AS is_active
 }
-WITH profile, attr, is_active
+WITH profile, attr
 WHERE is_active = TRUE
 // --------------
 // get the attribute values
 // --------------
-MATCH (attr)-[:HAS_VALUE]->(av:AttributeValue)
-WITH DISTINCT profile, attr, av
-CALL (attr, av) {
+CALL (attr) {
     MATCH (attr)-[r:HAS_VALUE]->(av)
     WHERE %(branch_filter)s
     ORDER BY r.branch_level DESC, r.from DESC, r.status ASC
-    RETURN r.status = "active" AS is_active
+    RETURN av, r.status = "active" AS is_active
+    LIMIT 1
 }
 WITH profile, attr, av
 WHERE is_active = TRUE

infrahub/proposed_change/tasks.py

@@ -8,9 +8,10 @@ from pathlib import Path
 from typing import TYPE_CHECKING
 
 import pytest
-from infrahub_sdk.exceptions import ModuleImportError
+from infrahub_sdk.exceptions import ModuleImportError, NodeNotFoundError, URLNotFoundError
 from infrahub_sdk.node import InfrahubNode
 from infrahub_sdk.protocols import (
+    CoreArtifactDefinition,
     CoreArtifactValidator,
     CoreGeneratorDefinition,
     CoreGeneratorValidator,
@@ -58,6 +59,9 @@ from infrahub.generators.models import ProposedChangeGeneratorDefinition
 from infrahub.git.base import extract_repo_file_information
 from infrahub.git.models import TriggerRepositoryInternalChecks, TriggerRepositoryUserChecks
 from infrahub.git.repository import InfrahubRepository, get_initialized_repo
+from infrahub.git.utils import fetch_artifact_definition_targets, fetch_proposed_change_generator_definition_targets
+from infrahub.graphql.analyzer import InfrahubGraphQLQueryAnalyzer
+from infrahub.graphql.initialization import prepare_graphql_params
 from infrahub.log import get_logger
 from infrahub.message_bus.types import (
     ProposedChangeArtifactDefinition,
@@ -528,7 +532,11 @@ async def run_proposed_change_user_tests(model: RequestProposedChangeUserTests)
     log = get_run_logger()
     client = get_client()
 
-    proposed_change = await client.get(kind=InfrahubKind.PROPOSEDCHANGE, id=model.proposed_change)
+    try:
+        proposed_change = await client.get(kind=CoreProposedChange, id=model.proposed_change)
+    except NodeNotFoundError:
+        log.warning(f"Proposed change ({model.proposed_change}) not found, skipping user tests execution")
+        return
 
     def _execute(
         directory: Path, repository: ProposedChangeRepository, proposed_change: InfrahubNode
@@ -616,7 +624,7 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
     client = get_client()
 
     artifact_definition = await client.get(
-        kind=InfrahubKind.ARTIFACTDEFINITION,
+        kind=CoreArtifactDefinition,
         id=model.artifact_definition.definition_id,
         branch=model.source_branch,
     )
@@ -656,9 +664,9 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
         branch=model.source_branch,
     )
 
-    await artifact_definition.targets.fetch()
-    group = artifact_definition.targets.peer
-    await group.members.fetch()
+    group = await fetch_artifact_definition_targets(
+        client=client, branch=model.source_branch, definition=artifact_definition
+    )
 
     artifacts_by_member = {}
     for artifact in existing_artifacts:
@@ -667,6 +675,27 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
     repository = model.branch_diff.get_repository(repository_id=model.artifact_definition.repository_id)
     impacted_artifacts = model.branch_diff.get_subscribers_ids(kind=InfrahubKind.ARTIFACT)
 
+    source_schema_branch = registry.schema.get_schema_branch(name=model.source_branch)
+    source_branch = registry.get_branch_from_registry(branch=model.source_branch)
+
+    graphql_params = await prepare_graphql_params(db=await get_database(), branch=model.source_branch)
+    query_analyzer = InfrahubGraphQLQueryAnalyzer(
+        query=model.artifact_definition.query_payload,
+        branch=source_branch,
+        schema_branch=source_schema_branch,
+        schema=graphql_params.schema,
+    )
+
+    only_has_unique_targets = query_analyzer.query_report.only_has_unique_targets
+    if not only_has_unique_targets:
+        log.warning(
+            f"Artifact definition {artifact_definition.name.value} query does not guarantee unique targets. All targets will be processed."
+        )
+
+    managed_branch = model.source_branch_sync_with_git and model.branch_diff.has_file_modifications
+    if managed_branch:
+        log.info("Source branch is synced with Git repositories with updates, all artifacts will be processed")
+
     checks = []
 
     for relationship in group.members.peers:
@@ -674,8 +703,9 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
         artifact_id = artifacts_by_member.get(member.id)
         if _should_render_artifact(
             artifact_id=artifact_id,
-            managed_branch=model.source_branch_sync_with_git,
+            managed_branch=managed_branch,
             impacted_artifacts=impacted_artifacts,
+            only_has_unique_targets=only_has_unique_targets,
         ):
             log.info(f"Trigger Artifact processing for {member.display_label}")
 
@@ -695,6 +725,7 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
                 repository_kind=repository.kind,
                 branch_name=model.source_branch,
                 query=model.artifact_definition.query_name,
+                query_id=model.artifact_definition.query_id,
                 variables=await member.extract(params=artifact_definition.parameters.value),
                 target_id=member.id,
                 target_kind=member.get_kind(),
@@ -720,21 +751,26 @@ async def validate_artifacts_generation(model: RequestArtifactDefinitionCheck, c
     )
 
 
-def _should_render_artifact(artifact_id: str | None, managed_branch: bool, impacted_artifacts: list[str]) -> bool:  # noqa: ARG001
+def _should_render_artifact(
+    artifact_id: str | None,
+    managed_branch: bool,
+    impacted_artifacts: list[str],
+    only_has_unique_targets: bool,
+) -> bool:
     """Returns a boolean to indicate if an artifact should be generated or not.
     Will return true if:
         * The artifact_id wasn't set which could be that it's a new object that doesn't have a previous artifact
-        * The source brance is not data only which would indicate that it could contain updates in git to the transform
+        * The source branch is not data only which would indicate that it could contain updates in git to the transform
         * The artifact_id exists in the impacted_artifacts list
+        * The query failes the only_has_unique_targets check
     Will return false if:
         * The source branch is a data only branch and the artifact_id exists and is not in the impacted list
     """
 
-    # if not artifact_id or managed_branch:
-    #    return True
-    # return artifact_id in impacted_artifacts
-    # Temporary workaround tracked in https://github.com/opsmill/infrahub/issues/4991
-    return True
+    if not only_has_unique_targets or not artifact_id or managed_branch:
+        return True
+
+    return artifact_id in impacted_artifacts
 
 
 @flow(
@@ -925,14 +961,9 @@ async def request_generator_definition_check(model: RequestGeneratorDefinitionCh
         branch=model.source_branch,
     )
 
-    group = await client.get(
-        kind=InfrahubKind.GENERICGROUP,
-        prefetch_relationships=True,
-        populate_store=True,
-        id=model.generator_definition.group_id,
-        branch=model.source_branch,
+    group = await fetch_proposed_change_generator_definition_targets(
+        client=client, branch=model.source_branch, definition=model.generator_definition
     )
-    await group.members.fetch()
 
     instance_by_member = {}
     for instance in existing_instances:
@@ -1254,12 +1285,16 @@ query GatherArtifactDefinitions {
             }
             query {
               node {
+                id
                 models {
                   value
                 }
                 name {
                   value
                 }
+                query {
+                  value
+                }
               }
             }
             ... on CoreTransformJinja2 {
@@ -1475,7 +1510,9 @@ def _parse_artifact_definitions(definitions: list[dict]) -> list[ProposedChangeA
             content_type=definition["node"]["content_type"]["value"],
             timeout=definition["node"]["transformation"]["node"]["timeout"]["value"],
             query_name=definition["node"]["transformation"]["node"]["query"]["node"]["name"]["value"],
+            query_id=definition["node"]["transformation"]["node"]["query"]["node"]["id"],
             query_models=definition["node"]["transformation"]["node"]["query"]["node"]["models"]["value"] or [],
+            query_payload=definition["node"]["transformation"]["node"]["query"]["node"]["query"]["value"],
             repository_id=definition["node"]["transformation"]["node"]["repository"]["node"]["id"],
             transform_kind=definition["node"]["transformation"]["node"]["__typename"],
         )
@@ -1499,8 +1536,14 @@ async def _get_proposed_change_repositories(
     destination_all = await client.execute_graphql(
         query=DESTINATION_ALLREPOSITORIES, branch_name=model.destination_branch
     )
-    source_managed = await client.execute_graphql(query=SOURCE_REPOSITORIES, branch_name=model.source_branch)
-    source_readonly = await client.execute_graphql(query=SOURCE_READONLY_REPOSITORIES, branch_name=model.source_branch)
+    try:
+        source_managed = await client.execute_graphql(query=SOURCE_REPOSITORIES, branch_name=model.source_branch)
+        source_readonly = await client.execute_graphql(
+            query=SOURCE_READONLY_REPOSITORIES, branch_name=model.source_branch
+        )
+    except URLNotFoundError:
+        # If the URL is not found it means that the source branch has been deleted after the proposed change was created
+        return []
 
     destination_all = destination_all[InfrahubKind.GENERICREPOSITORY]["edges"]
     source_all = (

infrahub/server.py

@@ -24,6 +24,7 @@ from infrahub.api.exception_handlers import generic_api_exception_handler
 from infrahub.components import ComponentType
 from infrahub.constants.environment import INSTALLATION_TYPE
 from infrahub.core.initialization import initialization
+from infrahub.database.graph import validate_graph_version
 from infrahub.dependencies.registry import build_component_registry
 from infrahub.exceptions import Error, ValidationError
 from infrahub.graphql.api.endpoints import router as graphql_router
@@ -83,10 +84,13 @@ async def app_initialization(application: FastAPI, enable_scheduler: bool = True
     initialize_lock(service=service)
     # We must initialize DB after initialize lock and initialize lock depends on cache initialization
     async with application.state.db.start_session() as db:
-        await initialization(db=db, add_database_indexes=True)
+        is_initial_setup = await initialization(db=db, add_database_indexes=True)
+
+    async with database.start_session() as dbs:
+        await validate_graph_version(db=dbs)
 
     # Initialize the workflow after the registry has been setup
-    await service.initialize_workflow()
+    await service.initialize_workflow(is_initial_setup=is_initial_setup)
 
     application.state.service = service
     application.state.response_delay = config.SETTINGS.miscellaneous.response_delay

infrahub/services/__init__.py

@@ -112,7 +112,7 @@ class InfrahubServices:
 
         return service
 
-    async def initialize_workflow(self) -> None:
+    async def initialize_workflow(self, is_initial_setup: bool = False) -> None:
         if self.workflow is not None and isinstance(self.workflow, WorkflowWorkerExecution):
             assert self.component is not None
             # Ideally `WorkflowWorkerExecution.initialize` would be directly part of WorkflowWorkerExecution
@@ -120,7 +120,7 @@ class InfrahubServices:
             # after workflow instantiation.
             await self.component.refresh_heartbeat()
             is_primary = await self.component.is_primary_gunicorn_worker()
-            await self.workflow.initialize(component_is_primary_server=is_primary)
+            await self.workflow.initialize(component_is_primary_server=is_primary, is_initial_setup=is_initial_setup)
 
     @property
     def component(self) -> InfrahubComponent:

infrahub/services/adapters/http/__init__.py

@@ -3,10 +3,15 @@ from __future__ import annotations
 from typing import TYPE_CHECKING, Any
 
 if TYPE_CHECKING:
+    import ssl
+
     import httpx
 
 
 class InfrahubHTTP:
+    def verify_tls(self, verify: bool | None = None) -> bool | ssl.SSLContext:
+        raise NotImplementedError()
+
     async def get(
         self,
         url: str,

infrahub/services/adapters/workflow/worker.py

@@ -3,10 +3,12 @@ from __future__ import annotations
 from typing import TYPE_CHECKING, Any, overload
 
 from prefect.client.schemas.objects import StateType
+from prefect.context import AsyncClientContext
 from prefect.deployments import run_deployment
 
+from infrahub.services.adapters.http.httpx import HttpxAdapter
 from infrahub.workers.utils import inject_context_parameter
-from infrahub.workflows.initialization import setup_task_manager
+from infrahub.workflows.initialization import setup_task_manager, setup_task_manager_identifiers
 from infrahub.workflows.models import WorkflowInfo
 
 from . import InfrahubWorkflow, Return
@@ -19,11 +21,19 @@ if TYPE_CHECKING:
 
 
 class WorkflowWorkerExecution(InfrahubWorkflow):
+    # This is required to grab a cached SSLContext from the HttpAdapter.
+    # We cannot use the get_http() dependency since it introduces a circular dependency.
+    # We could remove this later on by introducing a cached SSLContext outside of this adapter.
+    _http_adapter = HttpxAdapter()
+
     @staticmethod
-    async def initialize(component_is_primary_server: bool) -> None:
+    async def initialize(component_is_primary_server: bool, is_initial_setup: bool = False) -> None:
         if component_is_primary_server:
             await setup_task_manager()
 
+        if is_initial_setup:
+            await setup_task_manager_identifiers()
+
     @overload
     async def execute_workflow(
         self,
@@ -79,5 +89,6 @@ class WorkflowWorkerExecution(InfrahubWorkflow):
         parameters = dict(parameters) if parameters is not None else {}
         inject_context_parameter(func=flow_func, parameters=parameters, context=context)
 
-        flow_run = await run_deployment(name=workflow.full_name, timeout=0, parameters=parameters or {}, tags=tags)  # type: ignore[return-value, misc]
+        async with AsyncClientContext(httpx_settings={"verify": self._http_adapter.verify_tls()}):
+            flow_run = await run_deployment(name=workflow.full_name, timeout=0, parameters=parameters or {}, tags=tags)  # type: ignore[return-value, misc]
         return WorkflowInfo.from_flow(flow_run=flow_run)

infrahub/task_manager/event.py

@@ -160,6 +160,9 @@ class PrefectEventData(PrefectEventModel):
     def _return_branch_rebased(self) -> dict[str, Any]:
         return {"rebased_branch": self._get_branch_name_from_resource()}
 
+    def _return_branch_migrated(self) -> dict[str, Any]:
+        return {"migrated_branch": self._get_branch_name_from_resource()}
+
     def _return_group_event(self) -> dict[str, Any]:
         members = []
         ancestors = []
@@ -228,6 +231,8 @@ class PrefectEventData(PrefectEventModel):
                 event_specifics = self._return_branch_deleted()
             case "infrahub.branch.merged":
                 event_specifics = self._return_branch_merged()
+            case "infrahub.branch.migrated":
+                event_specifics = self._return_branch_migrated()
             case "infrahub.branch.rebased":
                 event_specifics = self._return_branch_rebased()
             case "infrahub.group.member_added" | "infrahub.group.member_removed":

infrahub/task_manager/models.py

@@ -141,6 +141,13 @@ class InfrahubEventFilter(EventFilter):
             if branches:
                 self.resource = EventResourceFilter(labels=ResourceSpecification({"infrahub.branch.name": branches}))
 
+        if branch_migrated := event_type_filter.get("branch_migrated"):
+            branches = branch_migrated.get("branches") or []
+            if "infrahub.branch.created" not in event_type:
+                event_type.append("infrahub.branch.migrated")
+            if branches:
+                self.resource = EventResourceFilter(labels=ResourceSpecification({"infrahub.branch.name": branches}))
+
         if branch_rebased := event_type_filter.get("branch_rebased"):
             branches = branch_rebased.get("branches") or []
             if "infrahub.branch.created" not in event_type:

infrahub/task_manager/task.py

@@ -1,7 +1,10 @@
+import asyncio
 import uuid
+from datetime import datetime, timedelta, timezone
 from typing import Any
 from uuid import UUID
 
+from prefect import State
 from prefect.client.orchestration import PrefectClient, get_client
 from prefect.client.schemas.filters import (
     ArtifactFilter,
@@ -12,6 +15,7 @@ from prefect.client.schemas.filters import (
     FlowRunFilter,
     FlowRunFilterId,
     FlowRunFilterName,
+    FlowRunFilterStartTime,
     FlowRunFilterState,
     FlowRunFilterStateType,
     FlowRunFilterTags,
@@ -311,3 +315,72 @@ class PrefectTask:
                     )
 
         return {"count": count or 0, "edges": nodes}
+
+    @classmethod
+    async def delete_flow_runs(
+        cls,
+        states: list[StateType] = [StateType.COMPLETED, StateType.FAILED, StateType.CANCELLED],  # noqa: B006
+        delete: bool = True,
+        days_to_keep: int = 2,
+        batch_size: int = 100,
+    ) -> None:
+        """Delete flow runs in the specified states and older than specified days."""
+
+        logger = get_logger()
+
+        async with get_client(sync_client=False) as client:
+            cutoff = datetime.now(timezone.utc) - timedelta(days=days_to_keep)
+
+            flow_run_filter = FlowRunFilter(
+                start_time=FlowRunFilterStartTime(before_=cutoff),  # type: ignore[arg-type]
+                state=FlowRunFilterState(type=FlowRunFilterStateType(any_=states)),
+            )
+
+            # Get flow runs to delete
+            flow_runs = await client.read_flow_runs(flow_run_filter=flow_run_filter, limit=batch_size)
+
+            deleted_total = 0
+
+            while True:
+                batch_deleted = 0
+                failed_deletes = []
+
+                # Delete each flow run through the API
+                for flow_run in flow_runs:
+                    try:
+                        if delete:
+                            await client.delete_flow_run(flow_run_id=flow_run.id)
+                        else:
+                            await client.set_flow_run_state(
+                                flow_run_id=flow_run.id,
+                                state=State(type=StateType.CRASHED),
+                                force=True,
+                            )
+                        deleted_total += 1
+                        batch_deleted += 1
+                    except Exception as e:
+                        logger.warning(f"Failed to delete flow run {flow_run.id}: {e}")
+                        failed_deletes.append(flow_run.id)
+
+                    # Rate limiting
+                    if batch_deleted % 10 == 0:
+                        await asyncio.sleep(0.5)
+
+                logger.info(f"Delete {batch_deleted}/{len(flow_runs)} flow runs (total: {deleted_total})")
+
+                # Get next batch
+                previous_flow_run_ids = [fr.id for fr in flow_runs]
+                flow_runs = await client.read_flow_runs(flow_run_filter=flow_run_filter, limit=batch_size)
+
+                if not flow_runs:
+                    logger.info("No more flow runs to delete")
+                    break
+
+                if previous_flow_run_ids == [fr.id for fr in flow_runs]:
+                    logger.info("Found same flow runs to delete, aborting")
+                    break
+
+                # Delay between batches to avoid overwhelming the API
+                await asyncio.sleep(1.0)
+
+            logger.info(f"Retention complete. Total deleted tasks: {deleted_total}")

infrahub/trigger/setup.py

@@ -6,6 +6,7 @@ from prefect.cache_policies import NONE
 from prefect.client.orchestration import PrefectClient, get_client
 from prefect.client.schemas.filters import DeploymentFilter, DeploymentFilterName
 from prefect.events.schemas.automations import Automation
+from prefect.exceptions import PrefectHTTPStatusError
 
 from infrahub import lock
 from infrahub.database import InfrahubDatabase
@@ -51,7 +52,7 @@ async def setup_triggers_specific(
             )  # type: ignore[misc]
 
 
-@task(name="trigger-setup", task_run_name="Setup triggers", cache_policy=NONE)  # type: ignore[arg-type]
+@task(name="trigger-setup", task_run_name="Setup triggers", cache_policy=NONE)
 async def setup_triggers(
     client: PrefectClient,
     triggers: list[TriggerDefinition],
@@ -83,7 +84,9 @@ async def setup_triggers(
     existing_automations: dict[str, Automation] = {}
     if trigger_type:
         existing_automations = {
-            item.name: item for item in await client.read_automations() if item.name.startswith(trigger_type.value)
+            item.name: item
+            for item in await client.read_automations()
+            if item.name.startswith(f"{trigger_type.value}::")
         }
     else:
         existing_automations = {item.name: item for item in await client.read_automations()}
@@ -133,8 +136,14 @@ async def setup_triggers(
             continue
 
         report.deleted.append(existing_automation)
-        await client.delete_automation(automation_id=existing_automation.id)
-        log.info(f"{item_to_delete} Deleted")
+        try:
+            await client.delete_automation(automation_id=existing_automation.id)
+            log.info(f"{item_to_delete} Deleted")
+        except PrefectHTTPStatusError as exc:
+            if exc.response.status_code == 404:
+                log.info(f"{item_to_delete} was already deleted")
+            else:
+                raise
 
     if trigger_type:
         log.info(

infrahub/trigger/tasks.py

@@ -7,6 +7,7 @@ from infrahub.computed_attribute.gather import (
     gather_trigger_computed_attribute_python,
 )
 from infrahub.display_labels.gather import gather_trigger_display_labels_jinja2
+from infrahub.hfid.gather import gather_trigger_hfid
 from infrahub.trigger.catalogue import builtin_triggers
 from infrahub.webhook.gather import gather_trigger_webhook
 from infrahub.workers.dependencies import get_database
@@ -20,6 +21,7 @@ async def trigger_configure_all() -> None:
     async with database.start_session() as db:
         webhook_trigger = await gather_trigger_webhook(db=db)
         display_label_triggers = await gather_trigger_display_labels_jinja2()
+        human_friendly_id_triggers = await gather_trigger_hfid()
         computed_attribute_j2_triggers = await gather_trigger_computed_attribute_jinja2()
         (
             computed_attribute_python_triggers,
@@ -31,6 +33,7 @@ async def trigger_configure_all() -> None:
             + computed_attribute_python_triggers
             + computed_attribute_python_query_triggers
             + display_label_triggers
+            + human_friendly_id_triggers
             + builtin_triggers
             + webhook_trigger
             + action_rules

infrahub/workers/dependencies.py

@@ -7,6 +7,7 @@ from infrahub_sdk.config import Config
 from infrahub import config
 from infrahub.components import ComponentType
 from infrahub.constants.environment import INSTALLATION_TYPE
+from infrahub.core.registry import registry
 from infrahub.database import InfrahubDatabase, get_db
 from infrahub.services.adapters.cache import InfrahubCache
 from infrahub.services.adapters.event import InfrahubEventService
@@ -34,7 +35,15 @@ def get_component_type() -> ComponentType:
 
 
 def build_client() -> InfrahubClient:
-    return InfrahubClient(config=Config(address=config.SETTINGS.main.internal_address, retry_on_failure=True))
+    client_config = Config(address=config.SETTINGS.main.internal_address, retry_on_failure=True)
+    client_config.set_ssl_context(context=get_http().verify_tls())
+    client = InfrahubClient(config=client_config)
+    # Populate client schema cache using our internal schema cache
+    if registry.schema:
+        for branch in registry.schema.get_branches():
+            client.schema.set_cache(schema=registry.schema.get_sdk_schema_branch(name=branch), branch=branch)
+
+    return client
 
 
 @inject

infrahub/workers/infrahub_async.py

@@ -8,6 +8,7 @@ from infrahub_sdk import Config, InfrahubClient
 from infrahub_sdk.exceptions import Error as SdkError
 from prefect import settings as prefect_settings
 from prefect.client.schemas.objects import FlowRun
+from prefect.context import AsyncClientContext
 from prefect.flow_engine import run_flow_async
 from prefect.logging.handlers import APILogHandler
 from prefect.workers.base import BaseJobConfiguration, BaseVariables, BaseWorker, BaseWorkerResult
@@ -18,6 +19,7 @@ from infrahub import config
 from infrahub.components import ComponentType
 from infrahub.core import registry
 from infrahub.core.initialization import initialization
+from infrahub.database.graph import validate_graph_version
 from infrahub.dependencies.registry import build_component_registry
 from infrahub.git import initialize_repositories_directory
 from infrahub.lock import initialize_lock
@@ -27,6 +29,7 @@ from infrahub.workers.dependencies import (
     get_cache,
     get_component,
     get_database,
+    get_http,
     get_message_bus,
     get_workflow,
     set_component_type,
@@ -129,6 +132,9 @@ class InfrahubWorkerAsync(BaseWorker):
 
             await self.service.component.refresh_schema_hash()
 
+        async with self.service.database.start_session() as dbs:
+            await validate_graph_version(db=dbs)
+
         initialize_repositories_directory()
         build_component_registry()
         await self.service.scheduler.start_schedule()
@@ -138,7 +144,7 @@ class InfrahubWorkerAsync(BaseWorker):
         self,
         flow_run: FlowRun,
         configuration: BaseJobConfiguration,
-        task_status: TaskStatus | None = None,
+        task_status: TaskStatus[int] | None = None,
     ) -> BaseWorkerResult:
         flow_run_logger = self.get_flow_run_logger(flow_run)
 
@@ -154,7 +160,9 @@ class InfrahubWorkerAsync(BaseWorker):
         if task_status:
             task_status.started(True)
 
-        await run_flow_async(flow=flow_func, flow_run=flow_run, parameters=params, return_type="state")
+        async with AsyncClientContext(httpx_settings={"verify": get_http().verify_tls()}) as ctx:
+            ctx._httpx_settings = None  # Hack to make all child task/flow runs use the same client
+            await run_flow_async(flow=flow_func, flow_run=flow_run, parameters=params, return_type="state")
 
         return InfrahubWorkerAsyncResult(status_code=0, identifier=str(flow_run.id))
 

infrahub/workflows/catalogue.py

@@ -230,6 +230,13 @@ BRANCH_REBASE = WorkflowDefinition(
     function="rebase_branch",
     tags=[WorkflowTag.DATABASE_CHANGE],
 )
+BRANCH_MIGRATE = WorkflowDefinition(
+    name="branch-migrate",
+    type=WorkflowType.CORE,
+    module="infrahub.core.branch.tasks",
+    function="migrate_branch",
+    tags=[WorkflowTag.DATABASE_CHANGE],
+)
 
 BRANCH_CREATE = WorkflowDefinition(
     name="create-branch",
@@ -641,6 +648,7 @@ WORKFLOWS = [
     BRANCH_MERGED,
     BRANCH_MERGE_MUTATION,
     BRANCH_MERGE_POST_PROCESS,
+    BRANCH_MIGRATE,
     BRANCH_REBASE,
     BRANCH_VALIDATE,
     CLEAN_UP_DEADLOCKS,

infrahub/workflows/initialization.py

@@ -76,6 +76,11 @@ async def setup_task_manager() -> None:
         await setup_triggers(
             client=client, triggers=builtin_triggers, trigger_type=TriggerType.BUILTIN, force_update=True
         )
+
+
+@flow(name="task-manager-identifiers", flow_run_name="Setup Task Manager Display Labels and HFID")
+async def setup_task_manager_identifiers() -> None:
+    async with get_client(sync_client=False) as client:
         display_label_triggers = await gather_trigger_display_labels_jinja2()
         await setup_triggers(
             client=client,

infrahub/workflows/utils.py

@@ -9,6 +9,7 @@ from prefect.runtime import flow_run
 from infrahub.core.constants import GLOBAL_BRANCH_NAME
 from infrahub.core.registry import registry
 from infrahub.tasks.registry import refresh_branches
+from infrahub.workers.dependencies import get_http
 
 from .constants import TAG_NAMESPACE, WorkflowTag
 
@@ -26,7 +27,7 @@ async def add_tags(
     namespace: bool = True,
     db_change: bool = False,
 ) -> None:
-    client = get_client(sync_client=False)
+    client = get_client(httpx_settings={"verify": get_http().verify_tls()}, sync_client=False)
     current_flow_run_id = flow_run.id
     current_tags: list[str] = flow_run.tags
     branch_tags = (

infrahub_sdk/analyzer.py

@@ -30,7 +30,7 @@ class GraphQLOperation(BaseModel):
 
 
 class GraphQLQueryAnalyzer:
-    def __init__(self, query: str, schema: GraphQLSchema | None = None):
+    def __init__(self, query: str, schema: GraphQLSchema | None = None) -> None:
         self.query: str = query
         self.schema: GraphQLSchema | None = schema
         self.document: DocumentNode = parse(self.query)