In order to ease local development, self-signed SSL/TLS certificates are
created when building the preview server Docker image. These
certificates are valid for 365 days. Thus, it is possible for an old
certificate to be re-used past its expiration date due to Docker's
caching intermediate layers.
Previously, this would lead to hard-to-debug failures in the
`aio-health-check` and `aio-verify-setup` checks. Even after finding out
that the failures were caused by an expired certificate, it was not
obvious why that would be the case.
This commit adds an additional check to the `aio-health-check` command
that checks the certificates' expiration dates. This helps surface such
errors. It also prints a more helpful message, prompting the user to
build the Docker image with the `--no-cache` option to fix the problem
with self-signed certificates.
PR Close#36837
Includes the following fixes:
- Fix cron entry format for clean-up script.
Crontabs in `/etc` should not have a user field. No idea why it used
to work before, but it started giving errors recently:
`/bin/sh: root: not found`.
- Set required env variable in clean-up script. (Broken in cc6f36a9d.)
This was producing the following error:
`ERROR: Missing required environment variable 'AIO_CIRCLE_CI_TOKEN'!`
- Use the correct path for downloads to be removed. (Broken in cc6f36a9d.)
PR Close#25671
closes#19352
Previously, the upload server (for PR previews) was run as root and
"downleveled" to a non-privileged user from inside the node script.
Now, with the latest version of `pm2` (which is used to run the upload server
scripts), we can get rid of that workaround and set the desired UID directly
through `pm2`.
This commit introduces the ability to show previews for PRs by any author. It works as follows:
- The build artifacts of all PRs are uploaded to the preview server.
- Automatically verified PRs (i.e. from trusted authors or having a specific label) are deployed and
publicly accessible as usual.
- PRs that could not be automatically verified are stored for later use (after re-verification).
- A PR can be marked as "trusted" and make its preview publicly accessible by adding the GitHub
label specified in the `AIO_TRUSTED_PR_LABEL` env var of the preview server.
At the moment, there is no automatic mechanism for notifying the preview server about changes to the
PR's verification status. The PR's "visibility" will be checked and updated every time a new build
is uploaded.
George Kalpakas
Pete Bacon Darwin