fix(updater): make release-updater workflow actually work end-to-end#86
Merged
Conversation
The first_stable and prerelease update paths extract the current latest version from latest.feature with: grep -A4 'latest stable release' | grep 'Version "' | grep -oP ... The real updater_server latest.feature holds several "latest stable"/ "latest beta" scenarios (e.g. PHP-version-pinned ones), so the grep returned multiple version strings. The resulting multiline variable was interpolated into a sed `s|...|...|` expression, embedding a newline and producing: sed: -e expression #1, char 72: unterminated `s' command This only surfaced in production because the test fixture's latest.feature had a single stable + single beta scenario, so grep matched once and the bug stayed hidden. Fix: pipe both extractions through `head -1` (the first scenario is the primary entry). Expand the base test fixture with the extra PHP-version and error scenarios from the real repo so the multi-match case is covered, and regenerate the affected expected outputs. Signed-off-by: Barthelemy Briand <barthelemy.briand@nextcloud.com> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
CI runners have no default git identity, so the PR-creation step failed with 'empty ident name not allowed' (exit 128) after the feature files were generated. Derive the identity from the token owner (GH_TOKEN == RELEASE_TOKEN) via 'gh api user' so commits are authored by that bot, falling back to github-actions[bot] when the token is not a user token. Signed-off-by: Barthelemy Briand <barthelemy.briand@nextcloud.com> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
skjnldsv
force-pushed
the
fix/updater-multiline-version-sed
branch
from
1143284 to
3a5df57
Compare
The gh-cloned updater_server remote carries no push credentials, so 'git push' failed with 'could not read Username for github.com'. Run 'gh auth setup-git' before pushing so git reuses GH_TOKEN (RELEASE_TOKEN). Signed-off-by: Barthelemy Briand <barthelemy.briand@nextcloud.com> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
With --repo set, gh cannot infer the head branch from the local checkout and aborts with 'you must first push the current branch ... or use the --head flag'. Pass --head "$BRANCH" explicitly. Signed-off-by: Barthelemy Briand <barthelemy.briand@nextcloud.com> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Re-running for the same release produces a fresh commit, so a leftover branch from a prior run is non-fast-forward and the push is rejected. Force-push to keep retries idempotent. Signed-off-by: Barthelemy Briand <barthelemy.briand@nextcloud.com> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
skjnldsv
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
The manual
release-updaterrun for v34.0.0 failed (and would have failed for any release). Fixing the first error uncovered a chain of further breakages — none caught by CI because the snapshot tests ran against a synthetic fixture, not the realupdater_serverrepo. This PR fixes the whole chain and adds the missing staged-rollout coverage.Original failure: https://github.com/nextcloud-releases/server/actions/runs/27134051124/job/80084114944
Fixes (in order they surfaced)
sed: unterminated 's' command— thefirst_stable/prereleasepaths extracted the current latest version with agrepthat matched multiple scenarios in the reallatest.feature(PHP-pinned ones), producing a multiline var that broke thesed. Fixed withhead -1; fixture expanded to reproduce the multi-match.empty ident name(exit 128) — CI runners have no git identity. Derive it from the token owner viagh api user(falls back togithub-actions[bot]).could not read Username— the gh-cloned remote had no push credentials.gh auth setup-gitbefore push.403 denied—nextcloud-bot(RELEASE_TOKEN owner) lacked write onupdater_server; granted out-of-band.gh pr createno head / non-ff push — added--head "$BRANCH"and--forcepush (re-runs produce fresh commits).gh pr create"already exists" on re-run — treat as success (force-push already refreshes the head); avoidgh pr edit, which needsread:orgthe token doesn't have.Feature: staged-rollout scenario for partial deploys
When a release deploys to < 100%, the feature files need a dedicated
Not updating … (staged rollout)scenario asserting an out-of-bucket installation gets no update. The script only generated the positive scenarios, so 30%/70% rollouts shipped without it.Added
sync_staged_rollout, keyed on the deploy percentage:updater_servercommits);Wired into the
first_stableandpatchpaths (stable channel only). Also adds the GitHub release link to the generated PR body.Testing
New fixtures
rollout-bump(30% → 70%, mtime 41 → 81) androllout-remove(→ 100%, scenario dropped) cover the full rollout lifecycle.End-to-end verified live: workflow run 27137134183 is green and produced updater_server#1380, which includes the 30% staged-rollout scenario.