Merge pull request #4382 from snyk/feat/HEAD-3_deployment_tests

PeterSchafer · web-flow · commit 83eaba10111f · 2023-02-03T10:14:30.000+01:00
feat: improve deployment testing
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -547,9 +547,6 @@ jobs:
       - attach_workspace:
           at: .
       - setup_npm
-      - run:
-          name: Validating NPM artifacts
-          command: ./release-scripts/validate-npm-artifacts.sh
       - run:
           name: Copy Windows cliv2 binaries to binary-releases staging area
           command: |
@@ -592,44 +589,55 @@ jobs:
           root: .
           paths:
             - binary-releases
-  release:
+  pre-release:
     executor: docker-node
     steps:
       - checkout
       - attach_workspace:
           at: .
       - setup_npm
+      - aws-cli/install:
+          version: << pipeline.parameters.aws_version >>
       - run:
-          name: Validating artifacts
-          command: ./release-scripts/validate-checksums.sh
+          name: Pre-Publishing
+          command: make release-pre
+      - run:
+          name: Handling failed release
+          command: ./release-scripts/handle-failed-release.sh
+          when: on_fail
+
+  test-release:
+    parameters:
+      executor:
+        type: string
+    executor: << parameters.executor >>
+    steps:
+      - checkout
+      - attach_workspace:
+          at: .
+      - run:
+          name: Validating NPM artifacts
+          command: bash ./release-scripts/validate-npm-artifacts.sh
+      - run:
+          name: Handling failed release
+          command: bash ./release-scripts/handle-failed-release.sh
+          when: on_fail
+
+  release:
+    executor: docker-node
+    steps:
+      - checkout
+      - attach_workspace:
+          at: .
+      - setup_npm
       - gh/setup:
           token: GH_TOKEN
           version: << pipeline.parameters.gh_version >>
       - aws-cli/install:
           version: << pipeline.parameters.aws_version >>
       - run:
-          name: Ensure master branch
-          command: |
-            if [ "$CIRCLE_BRANCH" != "master" ]; then
-              echo "Release must be on 'master' branch."
-              exit 1
-            fi
-      - run:
-          name: Ensure not already released
-          command: |
-            if git describe --contains --tags; then
-              echo "This commit has already been released."
-              exit 1
-            fi
-      - run:
-          name: Publishing npm packages
-          command: |
-            npm publish ./binary-releases/snyk-fix.tgz
-            npm publish ./binary-releases/snyk-protect.tgz
-            npm publish ./binary-releases/snyk.tgz
-      - run:
-          name: Publishing artifacts
-          command: ./release-scripts/upload-artifacts.sh
+          name: Publishing
+          command: make release-final
       - run:
           name: Handling failed release
           command: ./release-scripts/handle-failed-release.sh
@@ -1095,11 +1103,33 @@ workflows:
             branches:
               only:
                 - master
+      - pre-release:
+          name: Pre-Release
+          context: nodejs-app-release
+          requires:
+            - Release?
+          filters:
+            branches:
+              only:
+                - master
+      - test-release:
+          name: Test Release (<< matrix.executor >>)
+          matrix:
+            parameters:
+              executor: ['linux', 'win/default', 'macos']
+          requires:
+            - Pre-Release
+          filters:
+            branches:
+              only:
+                - master
       - release:
           name: Release
           context: nodejs-app-release
           requires:
-            - Release?
+            - Test Release (linux)
+            - Test Release (win/default)
+            - Test Release (macos)
           filters:
             branches:
               only:
diff --git a/Makefile b/Makefile
@@ -160,3 +160,18 @@ build:
 clean:
 	@cd $(EXTENSIBLE_CLI_DIR) && $(MAKE) clean-full
 	$(MAKE) clean-prepack
+
+# targets responsible for the CLI release
+.PHONY: release-pre
+release-pre:
+	@echo "-- Validating repository"
+	@./release-scripts/validate-repository.sh
+	@echo "-- Validating artifacts"
+	@./release-scripts/validate-checksums.sh
+	@echo "-- Publishing to S3 /version"
+	@./release-scripts/upload-artifacts.sh version
+
+.PHONY: release-final
+release-final:
+	@echo "-- Publishing"
+	@./release-scripts/upload-artifacts.sh latest github npm
diff --git a/release-scripts/upload-artifacts.sh b/release-scripts/upload-artifacts.sh
@@ -23,23 +23,38 @@ declare -a StaticFiles=(
 
 VERSION_TAG="v$(cat binary-releases/version)"
 
-# Upload files to the GitHub release
-gh release create "${VERSION_TAG}" "${StaticFiles[@]}" \
-  --target "${CIRCLE_SHA1}" \
-  --title "${VERSION_TAG}" \
-  --notes-file binary-releases/RELEASE_NOTES.md
+if [ ${#} == 0 ]; then
+  echo "No upload target defined!"
+  exit 1
+fi
 
-# Upload files to the versioned folder
-for filename in "${StaticFiles[@]}"; do
-  aws s3 cp "${filename}" s3://"${PUBLIC_S3_BUCKET}"/cli/"${VERSION_TAG}"/
-done
+for arg in "${@}"; do
+   target="${arg}"
+    if [ "${arg}" == "version" ]; then
+      target="${VERSION_TAG}"
+    fi
+    echo "Uploading to ${target}"
 
-# Upload files to the /latest folder
-for filename in "${StaticFiles[@]}"; do
-  aws s3 cp "${filename}" s3://"${PUBLIC_S3_BUCKET}"/cli/latest/
-done
+  # Upload files to the GitHub release
+  if [ "${arg}" == "github" ]; then
+    gh release create "${VERSION_TAG}" "${StaticFiles[@]}" \
+      --target "${CIRCLE_SHA1}" \
+      --title "${VERSION_TAG}" \
+      --notes-file binary-releases/RELEASE_NOTES.md
 
-aws s3 cp "binary-releases/release.json" s3://"${PUBLIC_S3_BUCKET}"/cli/"${VERSION_TAG}"/
-aws s3 cp "binary-releases/version" s3://"${PUBLIC_S3_BUCKET}"/cli/"${VERSION_TAG}"/
-aws s3 cp "binary-releases/release.json" s3://"${PUBLIC_S3_BUCKET}"/cli/latest/
-aws s3 cp "binary-releases/version" s3://"${PUBLIC_S3_BUCKET}"/cli/latest/
+  # Upload files to npm
+  elif [ "${arg}" == "npm" ]; then
+    npm publish ./binary-releases/snyk-fix.tgz
+	  npm publish ./binary-releases/snyk-protect.tgz
+	  npm publish ./binary-releases/snyk.tgz
+  
+  # Upload files to S3 bucket
+  else
+    for filename in "${StaticFiles[@]}"; do
+      aws s3 cp "${filename}" s3://"${PUBLIC_S3_BUCKET}"/cli/"${target}"/
+    done
+
+    aws s3 cp "binary-releases/release.json" s3://"${PUBLIC_S3_BUCKET}"/cli/"${target}"/
+    aws s3 cp "binary-releases/version" s3://"${PUBLIC_S3_BUCKET}"/cli/"${target}"/
+  fi  
+done
diff --git a/release-scripts/validate-npm-artifacts.sh b/release-scripts/validate-npm-artifacts.sh
@@ -10,6 +10,6 @@ echo 'Running "npm install binary-releases/snyk.tgz"...'
 npm install $releaseTar
 
 echo 'Validating "snyk" command succeeds...'
-./node_modules/snyk/bin/snyk
+./node_modules/snyk/bin/snyk -d
 
 popd
diff --git a/release-scripts/validate-repository.sh b/release-scripts/validate-repository.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if git describe --contains --tags; then
+    echo "This commit has already been released."
+    exit 1
+fi
