From 1750ebdcbb4fc36ee988b6d70c7a6fe71870f4a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Peter=20Scha=CC=88fer?= <101886095+PeterSchafer@users.noreply.github.com> Date: Thu, 2 Feb 2023 19:44:14 +0100 Subject: [PATCH] feat: improve deployment testing * split deployment into stages (pre-release, release testing, final release) --- .circleci/config.yml | 88 +++++++++++++++-------- Makefile | 15 ++++ release-scripts/upload-artifacts.sh | 49 ++++++++----- release-scripts/validate-npm-artifacts.sh | 2 +- release-scripts/validate-repository.sh | 7 ++ 5 files changed, 114 insertions(+), 47 deletions(-) create mode 100755 release-scripts/validate-repository.sh diff --git a/.circleci/config.yml b/.circleci/config.yml index 981b6a85cfa..e886e51558b 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -547,9 +547,6 @@ jobs: - attach_workspace: at: . - setup_npm - - run: - name: Validating NPM artifacts - command: ./release-scripts/validate-npm-artifacts.sh - run: name: Copy Windows cliv2 binaries to binary-releases staging area command: | @@ -592,44 +589,55 @@ jobs: root: . paths: - binary-releases - release: + pre-release: executor: docker-node steps: - checkout - attach_workspace: at: . - setup_npm + - aws-cli/install: + version: << pipeline.parameters.aws_version >> - run: - name: Validating artifacts - command: ./release-scripts/validate-checksums.sh + name: Pre-Publishing + command: make release-pre + - run: + name: Handling failed release + command: ./release-scripts/handle-failed-release.sh + when: on_fail + + test-release: + parameters: + executor: + type: string + executor: << parameters.executor >> + steps: + - checkout + - attach_workspace: + at: . + - run: + name: Validating NPM artifacts + command: bash ./release-scripts/validate-npm-artifacts.sh + - run: + name: Handling failed release + command: bash ./release-scripts/handle-failed-release.sh + when: on_fail + + release: + executor: docker-node + steps: + - checkout + - attach_workspace: + at: . + - setup_npm - gh/setup: token: GH_TOKEN version: << pipeline.parameters.gh_version >> - aws-cli/install: version: << pipeline.parameters.aws_version >> - run: - name: Ensure master branch - command: | - if [ "$CIRCLE_BRANCH" != "master" ]; then - echo "Release must be on 'master' branch." - exit 1 - fi - - run: - name: Ensure not already released - command: | - if git describe --contains --tags; then - echo "This commit has already been released." - exit 1 - fi - - run: - name: Publishing npm packages - command: | - npm publish ./binary-releases/snyk-fix.tgz - npm publish ./binary-releases/snyk-protect.tgz - npm publish ./binary-releases/snyk.tgz - - run: - name: Publishing artifacts - command: ./release-scripts/upload-artifacts.sh + name: Publishing + command: make release-final - run: name: Handling failed release command: ./release-scripts/handle-failed-release.sh @@ -1095,11 +1103,33 @@ workflows: branches: only: - master + - pre-release: + name: Pre-Release + context: nodejs-app-release + requires: + - Release? + filters: + branches: + only: + - master + - test-release: + name: Test Release (<< matrix.executor >>) + matrix: + parameters: + executor: ['linux', 'win/default', 'macos'] + requires: + - Pre-Release + filters: + branches: + only: + - master - release: name: Release context: nodejs-app-release requires: - - Release? + - Test Release (linux) + - Test Release (win/default) + - Test Release (macos) filters: branches: only: diff --git a/Makefile b/Makefile index 81855f26be1..67133d5e4b9 100644 --- a/Makefile +++ b/Makefile @@ -160,3 +160,18 @@ build: clean: @cd $(EXTENSIBLE_CLI_DIR) && $(MAKE) clean-full $(MAKE) clean-prepack + +# targets responsible for the CLI release +.PHONY: release-pre +release-pre: + @echo "-- Validating repository" + @./release-scripts/validate-repository.sh + @echo "-- Validating artifacts" + @./release-scripts/validate-checksums.sh + @echo "-- Publishing to S3 /version" + @./release-scripts/upload-artifacts.sh version + +.PHONY: release-final +release-final: + @echo "-- Publishing" + @./release-scripts/upload-artifacts.sh latest github npm diff --git a/release-scripts/upload-artifacts.sh b/release-scripts/upload-artifacts.sh index 332e4b187c9..dfa6f43dc5a 100755 --- a/release-scripts/upload-artifacts.sh +++ b/release-scripts/upload-artifacts.sh @@ -23,23 +23,38 @@ declare -a StaticFiles=( VERSION_TAG="v$(cat binary-releases/version)" -# Upload files to the GitHub release -gh release create "${VERSION_TAG}" "${StaticFiles[@]}" \ - --target "${CIRCLE_SHA1}" \ - --title "${VERSION_TAG}" \ - --notes-file binary-releases/RELEASE_NOTES.md +if [ ${#} == 0 ]; then + echo "No upload target defined!" + exit 1 +fi -# Upload files to the versioned folder -for filename in "${StaticFiles[@]}"; do - aws s3 cp "${filename}" s3://"${PUBLIC_S3_BUCKET}"/cli/"${VERSION_TAG}"/ -done +for arg in "${@}"; do + target="${arg}" + if [ "${arg}" == "version" ]; then + target="${VERSION_TAG}" + fi + echo "Uploading to ${target}" -# Upload files to the /latest folder -for filename in "${StaticFiles[@]}"; do - aws s3 cp "${filename}" s3://"${PUBLIC_S3_BUCKET}"/cli/latest/ -done + # Upload files to the GitHub release + if [ "${arg}" == "github" ]; then + gh release create "${VERSION_TAG}" "${StaticFiles[@]}" \ + --target "${CIRCLE_SHA1}" \ + --title "${VERSION_TAG}" \ + --notes-file binary-releases/RELEASE_NOTES.md -aws s3 cp "binary-releases/release.json" s3://"${PUBLIC_S3_BUCKET}"/cli/"${VERSION_TAG}"/ -aws s3 cp "binary-releases/version" s3://"${PUBLIC_S3_BUCKET}"/cli/"${VERSION_TAG}"/ -aws s3 cp "binary-releases/release.json" s3://"${PUBLIC_S3_BUCKET}"/cli/latest/ -aws s3 cp "binary-releases/version" s3://"${PUBLIC_S3_BUCKET}"/cli/latest/ + # Upload files to npm + elif [ "${arg}" == "npm" ]; then + npm publish ./binary-releases/snyk-fix.tgz + npm publish ./binary-releases/snyk-protect.tgz + npm publish ./binary-releases/snyk.tgz + + # Upload files to S3 bucket + else + for filename in "${StaticFiles[@]}"; do + aws s3 cp "${filename}" s3://"${PUBLIC_S3_BUCKET}"/cli/"${target}"/ + done + + aws s3 cp "binary-releases/release.json" s3://"${PUBLIC_S3_BUCKET}"/cli/"${target}"/ + aws s3 cp "binary-releases/version" s3://"${PUBLIC_S3_BUCKET}"/cli/"${target}"/ + fi +done diff --git a/release-scripts/validate-npm-artifacts.sh b/release-scripts/validate-npm-artifacts.sh index 2b7ec71d64b..095aada8303 100755 --- a/release-scripts/validate-npm-artifacts.sh +++ b/release-scripts/validate-npm-artifacts.sh @@ -10,6 +10,6 @@ echo 'Running "npm install binary-releases/snyk.tgz"...' npm install $releaseTar echo 'Validating "snyk" command succeeds...' -./node_modules/snyk/bin/snyk +./node_modules/snyk/bin/snyk -d popd diff --git a/release-scripts/validate-repository.sh b/release-scripts/validate-repository.sh new file mode 100755 index 00000000000..1d9535d3d18 --- /dev/null +++ b/release-scripts/validate-repository.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash +set -euo pipefail + +if git describe --contains --tags; then + echo "This commit has already been released." + exit 1 +fi