DNM: ONLY FOR TEST | tiflow-test=release-6.5.12-hotfix-20260201

[haiboumich]

What problem does this PR solve?

Issue Number: close #xxx

What is changed and how it works?

Check List

Tests

• Unit test
• Integration test
• Manual test (add detailed scripts or steps below)
• No code

Questions

Will it cause performance regression or break compatibility?

Do you need to update user documentation, design documentation or monitoring documentation?

Release note

Please refer to [Release Notes Language Style Guide](https://pingcap.github.io/tidb-dev-guide/contribute-to-tidb/release-notes-style-guide.html) to write a quality release note.

If you don't think this PR needs a release note then fill it with `None`.

[ti-chi-bot]

This cherry pick PR is for a release branch and has not yet been approved by triage owners.
Adding the do-not-merge/cherry-pick-not-approved label.

To merge this cherry pick:

1. It must be LGTMed and approved by the reviewers firstly.
2. For pull requests to TiDB-x branches, it must have no failed tests.
3. AFTER it has lgtm and approved labels, please wait for the cherry-pick merging approval from triage owners.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[gemini-code-assist]

Summary of Changes

Hello @haiboumich, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly improves the accuracy and reliability of DDL replication in TiFlow. It introduces mechanisms to correctly track truncated partitioned tables, ensures the precise ordering of DDL events, and addresses a critical issue with CURRENT_TIMESTAMP defaults in MySQL DDLs by managing the session timestamp. These changes are crucial for maintaining data consistency and operational correctness in complex database environments.

Highlights

• Partitioned Table Truncation Handling: The logic for truncating tables has been enhanced to correctly identify and record all physical partition IDs that are dropped during a TRUNCATE TABLE operation on a partitioned table. Previously, only the main table ID was marked as truncated, which could lead to inconsistencies.
• DDL Event Ordering with Sequence Number: A new Seq (sequence) field has been added to the DDLEvent structure. This field is used to maintain the correct order of DDL events that share the same commit timestamp, particularly important for multi-table DDLs like RENAME TABLE. The DDL manager now uses this sequence number for tie-breaking when ordering DDLs.
• MySQL DDL Sink Session Timestamp Management: The MySQL DDL sink now includes robust handling for session timestamps. It ensures that the session's @@timestamp variable is reset to its default value before and after executing DDLs. For DDLs involving columns with CURRENT_TIMESTAMP as a default value, the session timestamp can be explicitly set to the upstream DDL's execution time, preventing timestamp discrepancies in the downstream database. Failpoints have been added to control this behavior for testing purposes.
• Automated Code Generation Update: The msgp auto-generated code for DDLEvent and RedoDDLEvent has been updated to correctly serialize and deserialize the newly introduced Seq field, ensuring data integrity across the system.
• Integration Test Coverage: New integration tests have been added to validate the correct behavior of DDL event ordering for multi-table renames and the accurate replication of CURRENT_TIMESTAMP defaults in DDLs by leveraging the new session timestamp management.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign 3pointer for approval. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Code Review

This pull request introduces several significant improvements, including correct handling of multi-table DDL ordering using a sequence number, enhanced MySQL sink replication for DEFAULT CURRENT_TIMESTAMP by managing session timestamps, and fixes for TRUNCATE TABLE behavior for partitioned tables. However, a critical SQL injection vulnerability was identified in the DDL query reconstruction logic within cdc/model/sink.go. Specifically, DDL statements such as DROP TABLE, DROP VIEW, RENAME TABLE, and EXCHANGE PARTITION are rebuilt using raw schema and table names without proper escaping of backticks, which could allow an attacker to execute arbitrary SQL. It is recommended to use the existing quotes.QuoteName utility to ensure all identifiers are properly quoted and escaped. Additionally, there is a minor suggestion for improving logging.

[gemini-code-assist]

For better error logging and to ensure type safety with the zap logger, it's recommended to use zap.Error(err) for error types and zap.String("query", ddl.Query) for string types instead of zap.Any. zap.Error can provide more structured logging for errors, including stack traces if available.

Suggested change

	log.Error("Failed to ExecContext", zap.Any("err", err), zap.Any("query", ddl.Query))
	log.Error("Failed to ExecContext", zap.Error(err), zap.String("query", ddl.Query))

[haiboumich]

/test pr-verify

[ti-chi-bot]

@haiboumich: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test pull-cdc-integration-kafka-test

/test pull-cdc-integration-mysql-test

/test pull-dm-compatibility-test

/test pull-dm-integration-test

/test pull-verify

Use /test all to run all jobs.

Details

In response to this:

/test pr-verify

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[haiboumich]

/test pull-verify

[haiboumich]

/test pull-cdc-integration-mysql-test

[ti-chi-bot]

@haiboumich: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cdc-integration-kafka-test	62e4c7e	link	true	/test pull-cdc-integration-kafka-test
pull-cdc-integration-mysql-test	62e4c7e	link	true	/test pull-cdc-integration-mysql-test

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.