fix(minion): fail single-segment task when segment upload fails

[tarun11Mavani]

Summary

BaseSingleSegmentConversionExecutor caught segment-upload exceptions, logged and metered them, and then returned the conversion result normally — so the minion task was reported as SUCCESS even though the converted segment was never uploaded. Helix marked the task COMPLETED and never retried it, silently leaving
the segment un-refreshed / un-purged / un-compacted.

This affects all single-segment conversion tasks: RealtimeToOfflineSegments, PurgeTask, RefreshSegment, UpsertCompaction, etc.

Root cause

The swallow was an accidental control-flow change introduced in #10978 ("Add minion observability for segment upload/download failures"). That PR wrapped both the download and the upload calls to add metrics + logging:

• the download branch metered, logged, and rethrew the exception;
• the upload branch metered and logged but omitted the rethrow.

So the upload path has silently swallowed failures since June 2023. The download-path asymmetry shows this was an oversight, not an intentional "don't retry on upload failure" design — the PR's stated intent was observability only.

Change

• Rethrow the upload exception, mirroring the download path, so the task fails and is retried by the framework.
• Move the tarred-file cleanup into a finally block so it still runs on the failure path (the file also lives under tempDataDir, which the outer finally already deletes, so cleanup is preserved either way).
• Remove the now-dead uploadSuccessful flag.

Testing

Added BaseSingleSegmentConversionExecutorTest (new file):

• testExecuteTaskRethrowsWhenUploadFails — static-mocks SegmentConversionUtils.uploadSegment to throw and asserts executeTask propagates the exception (the regression guard for this fix).
• testExecuteTaskSucceedsWhenUploadSucceeds — control test asserting the
  success path returns the conversion result and the upload is invoked.

The test uses a test-only executor that stubs the download / CRC / convert / ZK-metadata-modifier hooks so executeTask reaches the upload step without a server, controller, or deep store, and restores the mutated process-global state in teardown.

[codecov-commenter]

Codecov Report

❌ Patch coverage is 50.00000% with 6 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.80%. Comparing base (14bc147) to head (ba5a53b).

Files with missing lines	Patch %	Lines
...ion/tasks/BaseSingleSegmentConversionExecutor.java	50.00%	5 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##             master   #18813      +/-   ##
============================================
+ Coverage     64.76%   64.80%   +0.04%     
- Complexity     1319     1335      +16     
============================================
  Files          3392     3392              
  Lines        210949   210953       +4     
  Branches      33119    33118       -1     
============================================
+ Hits         136611   136716     +105     
+ Misses        63323    63208     -115     
- Partials      11015    11029      +14     

Flag	Coverage Δ
custom-integration1	100.00% <ø> (ø)
integration	100.00% <ø> (ø)
integration1	100.00% <ø> (ø)
integration2	0.00% <ø> (ø)
java-21	64.80% <50.00%> (+0.04%)	⬆️
temurin	64.80% <50.00%> (+0.04%)	⬆️
unittests	64.80% <50.00%> (+0.04%)	⬆️
unittests1	56.95% <ø> (-0.01%)	⬇️
unittests2	37.24% <50.00%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[xiangfu0]

Found one high-signal operability issue; see inline comment.

[xiangfu0]

In METADATA push mode this rethrow turns controller-side push failures into task retries, but the retry comes back through moveSegmentToOutputPinotFS() with the same <segment>.tar.gz target. overwriteOutput is normally left false in MinionTaskUtils.getPushTaskConfig(), so if the first attempt already copied the tar before failing, the retry now dies on Output file already exists before it can resend metadata. That makes transient metadata-push failures sticky instead of self-healing. Can we make the staged tar idempotent across retries or clean it up before rethrowing?

[tarun11Mavani]

Good catch — fixed in 9863fcc.

uploadSegmentWithMetadata now deletes the staged tar from the output PinotFS if the metadata send fails, before rethrowing, so a retry re-stages cleanly instead of hitting "Output file already exists".

I went with cleanup-on-failure rather than forcing overwriteOutput=true, so the existing guard against unrelated collisions in the output dir stays intact — we only remove the tar when it's our own stale partial from a failed attempt.

Added testExecuteTaskCleansUpStagedTarWhenMetadataPushFails, verified it fails without the cleanup.