From 686aec23fcb7ac4c22fb3823a3427cb6b62d6f9d Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 10:09:32 -0800 Subject: [PATCH 01/19] Speculative rewrite of TPS lock check --- .github/workflows/create-cli-release.yml | 4 +- .github/workflows/ctc.yml | 68 ------------------------ scripts/release/tps_check_lock | 52 ++++++++++++++++++ 3 files changed, 55 insertions(+), 69 deletions(-) delete mode 100644 .github/workflows/ctc.yml create mode 100644 scripts/release/tps_check_lock diff --git a/.github/workflows/create-cli-release.yml b/.github/workflows/create-cli-release.yml index 9645628a0c..9b7d6c8525 100644 --- a/.github/workflows/create-cli-release.yml +++ b/.github/workflows/create-cli-release.yml @@ -19,7 +19,9 @@ on: jobs: check-for-moratorium: if: fromJSON(inputs.isStableCandidate) - uses: ./.github/workflows/ctc.yml + run: ./scripts/release/tps_lock_check cli ${{ github.sha }} + env: + TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }} get-version-channel: runs-on: ubuntu-latest diff --git a/.github/workflows/ctc.yml b/.github/workflows/ctc.yml deleted file mode 100644 index 301195f18e..0000000000 --- a/.github/workflows/ctc.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: ctc - -on: - workflow_dispatch: - workflow_call: - -jobs: - # Use TPS service to get clearance to release from Salesforce Change-Traffic-Control: - # https://github.com/heroku/tps/blob/master/docs/ctc.md - check-tps-for-lock: - runs-on: ubuntu-latest - environment: ChangeManagement - steps: - - uses: actions/checkout@v4 - - name: Check tps.heroku.tools for lock - id: check-lock - run: | - STATUS_CODE="$(curl --w '%{http_code}' \ - -X PUT \ - -H "Accept: application/json" \ - -H "Content-Type: application/json" \ - -H "Authorization: Token ${{ secrets.TPS_API_TOKEN_PARAM }}" \ - -d '{"lock": {"sha": "${{ github.sha }}", "component_slug": "cli"}}' \ - https://tps.heroku.tools/api/ctc)" - - echo "Response status code is $STATUS_CODE." - echo "STATUS_CODE=$STATUS_CODE" >> $GITHUB_ENV - - - name: Retry if lock cannot be obtained - id: retry-lock - env: - RETRY_LATER: "409" - uses: - nick-fields/retry@v3 - if: ${{ env.STATUS_CODE == env.RETRY_LATER}} - with: - max_attempts: 12 - warning_on_retry: true - retry_wait_seconds: 300 - retry_on_exit_code: 1 - timeout_seconds: 60 - command: | - STATUS_CODE="$(curl --w '%{http_code}' \ - -X PUT \ - -H "Accept: application/json" \ - -H "Content-Type: application/json" \ - -H "Authorization: Token ${{ secrets.TPS_API_TOKEN_PARAM }}" \ - -d '{"lock": {"sha": "${{ github.sha }}", "component_slug": "cli"}}' \ - https://tps.heroku.tools/api/ctc)" - - echo "Response status code is $STATUS_CODE" - if [ $STATUS_CODE == "409" ] - then - exit 1 - else - echo "STATUS_CODE=$STATUS_CODE" >> $GITHUB_ENV - fi - - - name: Verify lock status - id: verify-lock - env: - UPDATE_LOCK_SUCCESS: "200" - NEW_LOCK_SUCCESS: "201" - if: ${{ env.STATUS_CODE != env.NEW_LOCK_SUCCESS && env.STATUS_CODE != env.UPDATE_LOCK_SUCCESS}} - uses: actions/github-script@v6 - with: - script: | - core.setFailed("Failed to create CTC lock with TPS with response code ${{ env.STATUS_CODE }}") diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock new file mode 100644 index 0000000000..db793f6b42 --- /dev/null +++ b/scripts/release/tps_check_lock @@ -0,0 +1,52 @@ +#!/bin/bash +set -eu +set -o pipefail + +if [ -z "$TPS_API_TOKEN" ]; then + echo "Requires environment variable: TPS_API_TOKEN" >&2 + exit 1 +fi + +# Argument overrides the environment variable +component_slug="${1:-$COMPONENT_SLUG}" +if [ -z "$component_slug" ]; then + echo "Requires first argument: Heroku component slug" >&2 + exit 1 +fi + +release_sha="${2:-$RELEASE_SHA}" +if [ -z "$release_sha" ]; then + echo "Requires second argument: SHA of the commit being released" >&2 + exit 1 +fi + +response_status=0 + +tpsGetLock() { + response_status="$(curl --w '%{http_code}' \ + -X PUT \ + -H "Accept: application/json" \ + -H "Content-Type: application/json" \ + -H "Authorization: Token ${TPS_API_TOKEN}" \ + -d "{\"lock\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\"}}" \ + https://tps.heroku.tools/api/ctc)" +} + +echo "Requesting deployment lock from tps.heroku.tools…" >&2 +retry_count=0 +set +e +tpsGetLock +until [ "$response_status" == "200" -a "$response_status" == "201" ] +do + tpsGetLock + ((retry_count++)) + if [ $retry_count -gt 40 ] + then + echo "❌ Could not aquire deployment lock for \"$component_name\" after retrying for 10-minutes." >&2 + exit 2 + fi + echo "⏳ Response status \"$response_status\". Retry in 15-seconds…" >&2 + sleep 15 +done +set -e +echo "✅ Lock acquired" >&2 From 3d1c731e7fe39632ff43921aedf2034456b0867f Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 11:28:22 -0800 Subject: [PATCH 02/19] Fix executable --- scripts/release/tps_check_lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) mode change 100644 => 100755 scripts/release/tps_check_lock diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock old mode 100644 new mode 100755 index db793f6b42..c1b94d5e4e --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -2,7 +2,7 @@ set -eu set -o pipefail -if [ -z "$TPS_API_TOKEN" ]; then +if [ -z "${TPS_API_TOKEN:-}" ]; then echo "Requires environment variable: TPS_API_TOKEN" >&2 exit 1 fi From 036c0e8e10dab0868e26af5c2899b7407630e574 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 11:30:22 -0800 Subject: [PATCH 03/19] Fix curl error --- scripts/release/tps_check_lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index c1b94d5e4e..586117de93 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -23,7 +23,7 @@ fi response_status=0 tpsGetLock() { - response_status="$(curl --w '%{http_code}' \ + response_status="$(curl --write-out '%{http_code}' \ -X PUT \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ From e457afde773aea8a70a230d1969bf6732b90f77e Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 11:52:39 -0800 Subject: [PATCH 04/19] More curl request fixes --- scripts/release/tps_check_lock | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index 586117de93..82672e3eca 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -2,6 +2,10 @@ set -eu set -o pipefail +if [ -z "${TPS_HOSTNAME:-}" ]; then + TPS_HOSTNAME="tps.heroku.tools" +fi + if [ -z "${TPS_API_TOKEN:-}" ]; then echo "Requires environment variable: TPS_API_TOKEN" >&2 exit 1 @@ -23,16 +27,17 @@ fi response_status=0 tpsGetLock() { - response_status="$(curl --write-out '%{http_code}' \ + response_status="$(curl --silent \ + --write-out '%{http_code}' \ -X PUT \ - -H "Accept: application/json" \ + -H "Accept: */*" \ -H "Content-Type: application/json" \ - -H "Authorization: Token ${TPS_API_TOKEN}" \ + -H "Authorization: Bearer ${TPS_API_TOKEN}" \ -d "{\"lock\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\"}}" \ - https://tps.heroku.tools/api/ctc)" + https://${TPS_HOSTNAME}/api/ctc)" } -echo "Requesting deployment lock from tps.heroku.tools…" >&2 +echo "Requesting deployment lock from ${TPS_HOSTNAME}…" >&2 retry_count=0 set +e tpsGetLock From 1d2cd02d45fb40eef5de62497185ee2a5816296d Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 12:03:36 -0800 Subject: [PATCH 05/19] Logic fix & formatting --- scripts/release/tps_check_lock | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index 82672e3eca..946a1396ba 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -28,20 +28,20 @@ response_status=0 tpsGetLock() { response_status="$(curl --silent \ - --write-out '%{http_code}' \ - -X PUT \ - -H "Accept: */*" \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer ${TPS_API_TOKEN}" \ - -d "{\"lock\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\"}}" \ - https://${TPS_HOSTNAME}/api/ctc)" + --write-out '%{http_code}' \ + -X PUT \ + -H "Accept: */*" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${TPS_API_TOKEN}" \ + -d "{\"lock\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\"}}" \ + https://${TPS_HOSTNAME}/api/ctc)" } echo "Requesting deployment lock from ${TPS_HOSTNAME}…" >&2 retry_count=0 set +e tpsGetLock -until [ "$response_status" == "200" -a "$response_status" == "201" ] +until [ "$response_status" == "200" -o "$response_status" == "201" ] do tpsGetLock ((retry_count++)) From bd9b2fd8f70389eec86dc0fa9a6ba68ff119ecfd Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 15:34:24 -0800 Subject: [PATCH 06/19] Improve error reporting in TPS lock check --- .gitignore | 2 +- scripts/release/tps_check_lock | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 555c735cbe..b4f9211a6c 100644 --- a/.gitignore +++ b/.gitignore @@ -26,4 +26,4 @@ node_modules # TEMP /packages/**/converted/* - +tpsGetLock_response.txt diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index 946a1396ba..a24c49bb2e 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -28,7 +28,7 @@ response_status=0 tpsGetLock() { response_status="$(curl --silent \ - --write-out '%{http_code}' \ + -o tpsGetLock_response.txt -w "%{response_code}" \ -X PUT \ -H "Accept: */*" \ -H "Content-Type: application/json" \ @@ -50,7 +50,8 @@ do echo "❌ Could not aquire deployment lock for \"$component_name\" after retrying for 10-minutes." >&2 exit 2 fi - echo "⏳ Response status \"$response_status\". Retry in 15-seconds…" >&2 + echo Response status $response_status: $(cat tpsGetLock_response.txt) >&2 + echo "⏳ Retry in 15-seconds…" >&2 sleep 15 done set -e From 46735eb005eea93aab96144ec2d04d6911ff8ab7 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 15:35:50 -0800 Subject: [PATCH 07/19] Include environment to get TPS secrets --- .github/workflows/create-cli-release.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/create-cli-release.yml b/.github/workflows/create-cli-release.yml index 9b7d6c8525..a188124d5c 100644 --- a/.github/workflows/create-cli-release.yml +++ b/.github/workflows/create-cli-release.yml @@ -20,6 +20,7 @@ jobs: check-for-moratorium: if: fromJSON(inputs.isStableCandidate) run: ./scripts/release/tps_lock_check cli ${{ github.sha }} + environment: ChangeManagement env: TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }} From 1025fe588e88b979996743adfd49320d409b95b0 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 15:37:13 -0800 Subject: [PATCH 08/19] Rewrite TPS release recorder to match other TPS script --- .github/workflows/promote-release.yml | 18 +++--- .gitignore | 1 + scripts/postrelease/change_management | 83 -------------------------- scripts/postrelease/tps_record_release | 78 ++++++++++++++++++++++++ 4 files changed, 87 insertions(+), 93 deletions(-) delete mode 100755 scripts/postrelease/change_management create mode 100755 scripts/postrelease/tps_record_release diff --git a/.github/workflows/promote-release.yml b/.github/workflows/promote-release.yml index 68b981142e..3b32cd5aea 100644 --- a/.github/workflows/promote-release.yml +++ b/.github/workflows/promote-release.yml @@ -58,18 +58,16 @@ jobs: change-management: needs: [ promote ] if: fromJSON(inputs.isStableRelease) - runs-on: ubuntu-latest - environment: ChangeManagement - env: - TPS_API_APP_ID: ${{ secrets.TPS_API_APP_ID }} - TPS_API_RELEASE_ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }} - TPS_API_STAGE: ${{ secrets.TPS_API_STAGE }} - TPS_API_TOKEN_PARAM: ${{ secrets.TPS_API_TOKEN_PARAM }} - TPS_API_URL_PARAM: ${{ secrets.TPS_API_URL_PARAM }} steps: + # Checkout required to get github.sha - uses: actions/checkout@v3 - - run: yarn --immutable --network-timeout 1000000 - - run: ./scripts/postrelease/change_management + - run: ./scripts/postrelease/tps_record_release cli ${{ github.sha }} + environment: ChangeManagement + env: + ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }} + APP_ID: ${{ secrets.TPS_API_APP_ID }} + STAGE: ${{ secrets.TPS_API_STAGE }} + TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }} create-fig-autocomplete-pr: if: fromJSON(inputs.isStableRelease) diff --git a/.gitignore b/.gitignore index b4f9211a6c..619105221e 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ node_modules # TEMP /packages/**/converted/* tpsGetLock_response.txt +tpsRecordRelease_response.txt diff --git a/scripts/postrelease/change_management b/scripts/postrelease/change_management deleted file mode 100755 index c1de90b915..0000000000 --- a/scripts/postrelease/change_management +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/env node - -const isStableRelease = require('../utils/isStableRelease') -const {GITHUB_REF_TYPE, GITHUB_REF_NAME} = process.env - -if (!isStableRelease(GITHUB_REF_TYPE, GITHUB_REF_NAME)) { - console.log('Not on stable release, skipping change management trigger') - process.exit(0) -} - -const REQUEST_PROMISE = require('promise-request-retry') - -// Set these in Github Actions in the heroku/cli project -// -const TPS_API_APP_ID = process.env.TPS_API_APP_ID -const TPS_API_RELEASE_ACTOR_EMAIL = process.env.TPS_API_RELEASE_ACTOR_EMAIL -const TPS_API_STAGE = process.env.TPS_API_STAGE || 'production' -const TPS_API_TOKEN_PARAM = process.env.TPS_API_TOKEN_PARAM -const TPS_API_URL_PARAM = process.env.TPS_API_URL_PARAM - -// This is set by GitHub Actions automatically -// https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables -const RELEASE_COMMIT_SHA = process.env.GITHUB_SHA - -if (TPS_API_APP_ID && - TPS_API_RELEASE_ACTOR_EMAIL && - TPS_API_STAGE && - TPS_API_TOKEN_PARAM && - TPS_API_URL_PARAM && - RELEASE_COMMIT_SHA -) { - // continue -} else { - throw(new Error('Unset env var(s). Check CI settings.')) -} - -async function sendDeployNotification () { - const actorEmail = TPS_API_RELEASE_ACTOR_EMAIL - const appId = TPS_API_APP_ID - const sha = RELEASE_COMMIT_SHA - const stage = TPS_API_STAGE - const token = TPS_API_TOKEN_PARAM - const uri = TPS_API_URL_PARAM - - const body = { - release: { - actor_email: actorEmail, - app_id: appId, - component_slug: 'cli', - description: `Deploy ${sha} of heroku/cli in ${stage}`, - sha, - stage - } - } - - try { - // Retry up to 6 (~2m) doubling the delay each time - // - const options = { - method: 'POST', - headers: { - Authorization: `Token ${token}`, - ACCEPT: 'application/json', - 'Content-Type': 'application/json' - }, - uri, - body, - accepted: [401, 403, 404], - retry: 6, - delay: 1000, - factor: 2, - json: true - } - const resp = await REQUEST_PROMISE(options) - console.log(resp) - } catch (error) { - console.log(error) - console.log(body) - process.exit(1) - } -} - -sendDeployNotification() diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release new file mode 100755 index 0000000000..cab98c27b9 --- /dev/null +++ b/scripts/postrelease/tps_record_release @@ -0,0 +1,78 @@ +#!/bin/bash +set -eu +set -o pipefail + +if [ -z "${TPS_HOSTNAME:-}" ]; then + TPS_HOSTNAME="tps.heroku.tools" +fi + +if [ -z "${TPS_API_TOKEN:-}" ]; then + echo "Requires environment variable: TPS_API_TOKEN" >&2 + exit 1 +fi + +# Argument overrides the environment variable +component_slug="${1:-$COMPONENT_SLUG}" +if [ -z "$component_slug" ]; then + echo "Requires first argument: Heroku component slug" >&2 + exit 1 +fi + +release_sha="${2:-$RELEASE_SHA}" +if [ -z "$release_sha" ]; then + echo "Requires second argument: SHA of the commit being released" >&2 + exit 1 +fi + +actor_email="${3:-$ACTOR_EMAIL}" +if [ -z "$actor_email" ]; then + echo "Requires third argument: email of actor performing the release" >&2 + exit 1 +fi + +app_id="${3:-$APP_ID}" +if [ -z "$app_id" ]; then + echo "Requires fourth argument: UUID of app being released" >&2 + exit 1 +fi + +stage="${3:-$STAGE}" +if [ -z "$stage" ]; then + echo "Requires fifth argument: stage of the release" >&2 + exit 1 +fi + +description="Deploy ${release_sha} of ${component_slug} in ${stage}" + +response_status=0 + +tpsRecordRelease() { + response_status="$(curl --silent \ + -o tpsRecordRelease_response.txt -w "%{response_code}" \ + -X POST \ + -H "Accept: */*" \ + -H "Content-Type: application/json" \ + -H "Authorization: Bearer ${TPS_API_TOKEN}" \ + -d "{\"release\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\", \"actor_email\": \"${actor_email}\", \"app_id\": \"${app_id}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ + https://${TPS_HOSTNAME}/api/component/${component_slug}/releases)" +} + +echo "Recording release with ${TPS_HOSTNAME}…" >&2 +retry_count=0 +set +e +tpsRecordRelease +until [ "$response_status" == "200" -o "$response_status" == "201" ] +do + tpsRecordRelease + ((retry_count++)) + if [ $retry_count -gt 120 ] + then + echo "❌ Could not record release for \"$component_name\" after retrying for 30-minutes." >&2 + exit 2 + fi + echo Response status $response_status: $(cat tpsRecordRelease_response.txt) >&2 + echo "⏳ Retry in 15-seconds…" >&2 + sleep 15 +done +set -e +echo "✅ Release recorded" >&2 From 364a9f399b64bc55eab1a0ab3263b40d57aa52d7 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 15:47:38 -0800 Subject: [PATCH 09/19] Continue on error when recording the release --- .github/workflows/promote-release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/promote-release.yml b/.github/workflows/promote-release.yml index 3b32cd5aea..2d41c80736 100644 --- a/.github/workflows/promote-release.yml +++ b/.github/workflows/promote-release.yml @@ -58,6 +58,8 @@ jobs: change-management: needs: [ promote ] if: fromJSON(inputs.isStableRelease) + # Failure to record the release should not fail the workflow + continue-on-error: true steps: # Checkout required to get github.sha - uses: actions/checkout@v3 From 30697aee6ed8ceecd90160c8922cba66bf79e826 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 15:58:07 -0800 Subject: [PATCH 10/19] Document usage of TPS scripts --- scripts/postrelease/tps_record_release | 9 +++++++++ scripts/release/tps_check_lock | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index cab98c27b9..f750b7a17f 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -2,6 +2,15 @@ set -eu set -o pipefail +# Usage: ./scripts/postrelease/tps_record_release +# Required env vars: TPS_API_TOKEN, COMPONENT_SLUG, RELEASE_SHA, ACTOR_EMAIL, APP_ID, STAGE + +# Alternate Usage: ./scripts/postrelease/tps_record_release +# Required env vars: TPS_API_TOKEN, ACTOR_EMAIL, APP_ID, STAGE + +# Alternate Usage: ./scripts/postrelease/tps_record_release +# Required env vars: TPS_API_TOKEN + if [ -z "${TPS_HOSTNAME:-}" ]; then TPS_HOSTNAME="tps.heroku.tools" fi diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index a24c49bb2e..7f9767cf20 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -2,6 +2,12 @@ set -eu set -o pipefail +# Usage: ./scripts/release/tps_check_lock +# Required env vars: TPS_API_TOKEN, COMPONENT_SLUG, RELEASE_SHA +# +# Alternate Usage: ./scripts/release/tps_check_lock +# Required env vars: TPS_API_TOKEN + if [ -z "${TPS_HOSTNAME:-}" ]; then TPS_HOSTNAME="tps.heroku.tools" fi From 13226f0c10ed56a905fbbd2fb921eedadfcc8b28 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 16:03:17 -0800 Subject: [PATCH 11/19] fix spelling --- scripts/release/tps_check_lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index 7f9767cf20..be7fa24a3a 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -53,7 +53,7 @@ do ((retry_count++)) if [ $retry_count -gt 40 ] then - echo "❌ Could not aquire deployment lock for \"$component_name\" after retrying for 10-minutes." >&2 + echo "❌ Could not get deployment lock for \"$component_name\" after retrying for 10-minutes." >&2 exit 2 fi echo Response status $response_status: $(cat tpsGetLock_response.txt) >&2 From c182a9d2d955d6726231d09e9952a562ca651e05 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Wed, 13 Nov 2024 17:04:43 -0800 Subject: [PATCH 12/19] Fix record release to drop app_id (CLI does not have this) and honor the 204 status for success --- .github/workflows/promote-release.yml | 1 - scripts/postrelease/tps_record_release | 25 +++++++++++++------------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/promote-release.yml b/.github/workflows/promote-release.yml index 2d41c80736..8b28e8e83c 100644 --- a/.github/workflows/promote-release.yml +++ b/.github/workflows/promote-release.yml @@ -67,7 +67,6 @@ jobs: environment: ChangeManagement env: ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }} - APP_ID: ${{ secrets.TPS_API_APP_ID }} STAGE: ${{ secrets.TPS_API_STAGE }} TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }} diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index f750b7a17f..f7fb5e5178 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -3,12 +3,12 @@ set -eu set -o pipefail # Usage: ./scripts/postrelease/tps_record_release -# Required env vars: TPS_API_TOKEN, COMPONENT_SLUG, RELEASE_SHA, ACTOR_EMAIL, APP_ID, STAGE +# Required env vars: TPS_API_TOKEN, COMPONENT_SLUG, RELEASE_SHA, ACTOR_EMAIL, STAGE # Alternate Usage: ./scripts/postrelease/tps_record_release -# Required env vars: TPS_API_TOKEN, ACTOR_EMAIL, APP_ID, STAGE +# Required env vars: TPS_API_TOKEN, ACTOR_EMAIL, STAGE -# Alternate Usage: ./scripts/postrelease/tps_record_release +# Alternate Usage: ./scripts/postrelease/tps_record_release # Required env vars: TPS_API_TOKEN if [ -z "${TPS_HOSTNAME:-}" ]; then @@ -39,18 +39,19 @@ if [ -z "$actor_email" ]; then exit 1 fi -app_id="${3:-$APP_ID}" -if [ -z "$app_id" ]; then - echo "Requires fourth argument: UUID of app being released" >&2 - exit 1 -fi - -stage="${3:-$STAGE}" +stage="${4:-$STAGE}" if [ -z "$stage" ]; then echo "Requires fifth argument: stage of the release" >&2 exit 1 fi +# No app_id for cli releases +# app_id="${5:-$APP_ID}" +# if [ -z "$app_id" ]; then +# echo "Requires fourth argument: UUID of app being released" >&2 +# exit 1 +# fi + description="Deploy ${release_sha} of ${component_slug} in ${stage}" response_status=0 @@ -62,7 +63,7 @@ tpsRecordRelease() { -H "Accept: */*" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TPS_API_TOKEN}" \ - -d "{\"release\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\", \"actor_email\": \"${actor_email}\", \"app_id\": \"${app_id}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ + -d "{\"release\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\", \"actor_email\": \"${actor_email}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ https://${TPS_HOSTNAME}/api/component/${component_slug}/releases)" } @@ -70,7 +71,7 @@ echo "Recording release with ${TPS_HOSTNAME}…" >&2 retry_count=0 set +e tpsRecordRelease -until [ "$response_status" == "200" -o "$response_status" == "201" ] +until [ "$response_status" == "204" ] do tpsRecordRelease ((retry_count++)) From 844b9d18135598dc80147eed12ef2b46b6555189 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 10:02:15 -0800 Subject: [PATCH 13/19] Clarify missing argument messages --- scripts/postrelease/tps_record_release | 8 ++++---- scripts/release/tps_check_lock | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index f7fb5e5178..0dfc54f9b5 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -23,25 +23,25 @@ fi # Argument overrides the environment variable component_slug="${1:-$COMPONENT_SLUG}" if [ -z "$component_slug" ]; then - echo "Requires first argument: Heroku component slug" >&2 + echo "Requires first argument or env var COMPONENT_SLUG: Heroku component slug" >&2 exit 1 fi release_sha="${2:-$RELEASE_SHA}" if [ -z "$release_sha" ]; then - echo "Requires second argument: SHA of the commit being released" >&2 + echo "Requires second argument or env var RELEASE_SHA: SHA of the commit being released" >&2 exit 1 fi actor_email="${3:-$ACTOR_EMAIL}" if [ -z "$actor_email" ]; then - echo "Requires third argument: email of actor performing the release" >&2 + echo "Requires third argument or env var ACTOR_EMAIL: email of actor performing the release" >&2 exit 1 fi stage="${4:-$STAGE}" if [ -z "$stage" ]; then - echo "Requires fifth argument: stage of the release" >&2 + echo "Requires fifth argument or env var STAGE: stage of the release" >&2 exit 1 fi diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index be7fa24a3a..517128ae9d 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -20,13 +20,13 @@ fi # Argument overrides the environment variable component_slug="${1:-$COMPONENT_SLUG}" if [ -z "$component_slug" ]; then - echo "Requires first argument: Heroku component slug" >&2 + echo "Requires first argument or env var COMPONENT_SLUG: Heroku component slug" >&2 exit 1 fi release_sha="${2:-$RELEASE_SHA}" if [ -z "$release_sha" ]; then - echo "Requires second argument: SHA of the commit being released" >&2 + echo "Requires second argument or env var RELEASE_SHA: SHA of the commit being released" >&2 exit 1 fi From f158c210a71ed5fc0ae3dbb3ce4279a2918c3843 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 15:17:26 -0800 Subject: [PATCH 14/19] Corrections based on PR feedback --- .github/workflows/create-cli-release.yml | 2 +- scripts/postrelease/tps_record_release | 4 ++-- scripts/release/tps_check_lock | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-cli-release.yml b/.github/workflows/create-cli-release.yml index a188124d5c..c4cb9071de 100644 --- a/.github/workflows/create-cli-release.yml +++ b/.github/workflows/create-cli-release.yml @@ -19,7 +19,7 @@ on: jobs: check-for-moratorium: if: fromJSON(inputs.isStableCandidate) - run: ./scripts/release/tps_lock_check cli ${{ github.sha }} + run: ./scripts/release/tps_check_lock cli ${{ github.sha }} environment: ChangeManagement env: TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }} diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index 0dfc54f9b5..3d369eab90 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -63,7 +63,7 @@ tpsRecordRelease() { -H "Accept: */*" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TPS_API_TOKEN}" \ - -d "{\"release\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\", \"actor_email\": \"${actor_email}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ + -d "{\"component_slug\": \"${component_slug}\", \"release\": {\"sha\": \"${release_sha}\", \"actor_email\": \"${actor_email}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ https://${TPS_HOSTNAME}/api/component/${component_slug}/releases)" } @@ -77,7 +77,7 @@ do ((retry_count++)) if [ $retry_count -gt 120 ] then - echo "❌ Could not record release for \"$component_name\" after retrying for 30-minutes." >&2 + echo "❌ Could not record release for \"$component_slug\" after retrying for 30-minutes." >&2 exit 2 fi echo Response status $response_status: $(cat tpsRecordRelease_response.txt) >&2 diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index 517128ae9d..c3285016d7 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -53,7 +53,7 @@ do ((retry_count++)) if [ $retry_count -gt 40 ] then - echo "❌ Could not get deployment lock for \"$component_name\" after retrying for 10-minutes." >&2 + echo "❌ Could not get deployment lock for \"$component_slug\" after retrying for 10-minutes." >&2 exit 2 fi echo Response status $response_status: $(cat tpsGetLock_response.txt) >&2 From 9e818085735527f62a26be07206e8cf2b4325efe Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 15:22:10 -0800 Subject: [PATCH 15/19] Stable CLI releases are always "production" --- scripts/postrelease/tps_record_release | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index 3d369eab90..e290d8b06c 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -3,12 +3,12 @@ set -eu set -o pipefail # Usage: ./scripts/postrelease/tps_record_release -# Required env vars: TPS_API_TOKEN, COMPONENT_SLUG, RELEASE_SHA, ACTOR_EMAIL, STAGE +# Required env vars: TPS_API_TOKEN, COMPONENT_SLUG, RELEASE_SHA, ACTOR_EMAIL # Alternate Usage: ./scripts/postrelease/tps_record_release -# Required env vars: TPS_API_TOKEN, ACTOR_EMAIL, STAGE +# Required env vars: TPS_API_TOKEN, ACTOR_EMAIL -# Alternate Usage: ./scripts/postrelease/tps_record_release +# Alternate Usage: ./scripts/postrelease/tps_record_release # Required env vars: TPS_API_TOKEN if [ -z "${TPS_HOSTNAME:-}" ]; then @@ -39,14 +39,8 @@ if [ -z "$actor_email" ]; then exit 1 fi -stage="${4:-$STAGE}" -if [ -z "$stage" ]; then - echo "Requires fifth argument or env var STAGE: stage of the release" >&2 - exit 1 -fi - # No app_id for cli releases -# app_id="${5:-$APP_ID}" +# app_id="${4:-$APP_ID}" # if [ -z "$app_id" ]; then # echo "Requires fourth argument: UUID of app being released" >&2 # exit 1 @@ -63,7 +57,7 @@ tpsRecordRelease() { -H "Accept: */*" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TPS_API_TOKEN}" \ - -d "{\"component_slug\": \"${component_slug}\", \"release\": {\"sha\": \"${release_sha}\", \"actor_email\": \"${actor_email}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ + -d "{\"component_slug\": \"${component_slug}\", \"release\": {\"sha\": \"${release_sha}\", \"actor_email\": \"${actor_email}\", \"stage\": \"production\", \"description\": \"${description}\"}}" \ https://${TPS_HOSTNAME}/api/component/${component_slug}/releases)" } From a1e6a43b1536332099193828d91bb761602d2ea8 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 15:23:39 -0800 Subject: [PATCH 16/19] No longer need the TPS_API_STAGE secret --- .github/workflows/promote-release.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/promote-release.yml b/.github/workflows/promote-release.yml index 8b28e8e83c..d5516fbfce 100644 --- a/.github/workflows/promote-release.yml +++ b/.github/workflows/promote-release.yml @@ -67,7 +67,6 @@ jobs: environment: ChangeManagement env: ACTOR_EMAIL: ${{ secrets.TPS_API_RELEASE_ACTOR_EMAIL }} - STAGE: ${{ secrets.TPS_API_STAGE }} TPS_API_TOKEN: ${{ secrets.TPS_API_TOKEN_PARAM }} create-fig-autocomplete-pr: From e9f330bf2e3e8c6f540877c868cf8291f4e2c874 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 15:29:57 -0800 Subject: [PATCH 17/19] Fix to set the release stage in description too --- scripts/postrelease/tps_record_release | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index e290d8b06c..975697e2e2 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -46,6 +46,7 @@ fi # exit 1 # fi +stage="production" description="Deploy ${release_sha} of ${component_slug} in ${stage}" response_status=0 @@ -57,7 +58,7 @@ tpsRecordRelease() { -H "Accept: */*" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer ${TPS_API_TOKEN}" \ - -d "{\"component_slug\": \"${component_slug}\", \"release\": {\"sha\": \"${release_sha}\", \"actor_email\": \"${actor_email}\", \"stage\": \"production\", \"description\": \"${description}\"}}" \ + -d "{\"component_slug\": \"${component_slug}\", \"release\": {\"sha\": \"${release_sha}\", \"actor_email\": \"${actor_email}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ https://${TPS_HOSTNAME}/api/component/${component_slug}/releases)" } From ee0ce85948e4c8a5813030d84f2794b16369340e Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 15:33:00 -0800 Subject: [PATCH 18/19] Always output TPS response status --- scripts/postrelease/tps_record_release | 3 ++- scripts/release/tps_check_lock | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index 975697e2e2..f728b61a09 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -60,6 +60,8 @@ tpsRecordRelease() { -H "Authorization: Bearer ${TPS_API_TOKEN}" \ -d "{\"component_slug\": \"${component_slug}\", \"release\": {\"sha\": \"${release_sha}\", \"actor_email\": \"${actor_email}\", \"stage\": \"${stage}\", \"description\": \"${description}\"}}" \ https://${TPS_HOSTNAME}/api/component/${component_slug}/releases)" + + echo Response status $response_status: $(cat tpsRecordRelease_response.txt) >&2 } echo "Recording release with ${TPS_HOSTNAME}…" >&2 @@ -75,7 +77,6 @@ do echo "❌ Could not record release for \"$component_slug\" after retrying for 30-minutes." >&2 exit 2 fi - echo Response status $response_status: $(cat tpsRecordRelease_response.txt) >&2 echo "⏳ Retry in 15-seconds…" >&2 sleep 15 done diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index c3285016d7..03e37a7e9c 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -41,6 +41,8 @@ tpsGetLock() { -H "Authorization: Bearer ${TPS_API_TOKEN}" \ -d "{\"lock\": {\"sha\": \"${release_sha}\", \"component_slug\": \"${component_slug}\"}}" \ https://${TPS_HOSTNAME}/api/ctc)" + + echo Response status $response_status: $(cat tpsGetLock_response.txt) >&2 } echo "Requesting deployment lock from ${TPS_HOSTNAME}…" >&2 @@ -56,7 +58,6 @@ do echo "❌ Could not get deployment lock for \"$component_slug\" after retrying for 10-minutes." >&2 exit 2 fi - echo Response status $response_status: $(cat tpsGetLock_response.txt) >&2 echo "⏳ Retry in 15-seconds…" >&2 sleep 15 done From a5bef184f36a21c732c9a1c6e6e4eefc39ce5416 Mon Sep 17 00:00:00 2001 From: Mars Hall Date: Thu, 14 Nov 2024 16:59:55 -0800 Subject: [PATCH 19/19] Move retry attempt to end of loop --- scripts/postrelease/tps_record_release | 2 +- scripts/release/tps_check_lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/postrelease/tps_record_release b/scripts/postrelease/tps_record_release index f728b61a09..2fac32e842 100755 --- a/scripts/postrelease/tps_record_release +++ b/scripts/postrelease/tps_record_release @@ -70,7 +70,6 @@ set +e tpsRecordRelease until [ "$response_status" == "204" ] do - tpsRecordRelease ((retry_count++)) if [ $retry_count -gt 120 ] then @@ -79,6 +78,7 @@ do fi echo "⏳ Retry in 15-seconds…" >&2 sleep 15 + tpsRecordRelease done set -e echo "✅ Release recorded" >&2 diff --git a/scripts/release/tps_check_lock b/scripts/release/tps_check_lock index 03e37a7e9c..09cbd70c95 100755 --- a/scripts/release/tps_check_lock +++ b/scripts/release/tps_check_lock @@ -51,7 +51,6 @@ set +e tpsGetLock until [ "$response_status" == "200" -o "$response_status" == "201" ] do - tpsGetLock ((retry_count++)) if [ $retry_count -gt 40 ] then @@ -60,6 +59,7 @@ do fi echo "⏳ Retry in 15-seconds…" >&2 sleep 15 + tpsGetLock done set -e echo "✅ Lock acquired" >&2