Commit Graph

127 Commits

Author SHA1 Message Date
George Kalpakas 68078fd620 build(aio): run the upload server as a non-previleged user
closes #19352

Previously, the upload server (for PR previews) was run as root and
"downleveled" to a non-privileged user from inside the node script.

Now, with the latest version of `pm2` (which is used to run the upload server
scripts), we can get rid of that workaround and set the desired UID directly
through `pm2`.
2017-09-25 12:01:42 -07:00
George Kalpakas 620407720c build(aio): upgrade all preview server dependencies 2017-09-25 12:01:22 -07:00
Georgios Kalpakas 06faac8b5c fix(aio): skip PWA test when redeploying non-public commit 2017-08-10 15:59:00 -07:00
Georgios Kalpakas 7c4ac68e66 build(aio): remove unused script and GitHub token
Since 808bd4af4, we are no longer pre-verifying PRs before uploading the build
artifacts to the preview server, thus we no longer need the
`travis-preverify-pr.sh` script or the `GITHUB_TEAM_MEMBERSHIP_CHECK_KEY`
variable.
2017-07-11 11:03:29 +01:00
Georgios Kalpakas 20556346a3 feat(aio): add API endpoint for notifying about PR updates
This commit adds an API endpoint for notifying the preview server about PR
updates (`/pr-updated`). According to the update, the preview server can take
several actions. Currently, it will only check and (if necessary) update the
PR's preview visibility (but more actions could be supported in the future).
The API can be used with an automatic trigger (e.g. a GitHub webhook) to
instantly update a PR's preview visibility when it changes.

Fixes #16526
2017-07-10 12:30:45 +01:00
Georgios Kalpakas 5a417b8514 feat(aio): implement a way to check and update a PR\'s preview visibility
Previously, `BuildCreator#changePrVisibility()` would throw an error if the PR's
visibility was already up-to-date or if the PR directory did not exist (e.g. was
removed). This method was only used from inside `BuildCreator#create()`, which
had already checked for the existence of the directories.

This commit renames `changePrVisibility()` to `updatePrVisibility()` and makes
it more "forgiving" (i.e. it will only throw if both public and non-public
directories exist). This allows it to be used on events that may or may not have
caused the PR's visibility to change (e.g. a GitHub webhook triggered whenever a
PR's labels change).
2017-07-10 12:30:45 +01:00
Georgios Kalpakas 8cfc2e2ec0 refactor(aio): unify error messages for invalid requests to upload-server
Previously, there was a distinction between GET requests to invalid URLs and all
other requests. This was mainly because the upload-server only accepts GET
requests, but that is not a hard limitation and may change in the future.

Thus, it makes sense to return a 404 response for requests to invalid URLs
regardless of the method used.
2017-07-10 12:30:45 +01:00
Georgios Kalpakas 11647e4c78 refactor(aio): use dedicated `constants.ts` file for e2e-specific constants 2017-07-10 12:30:45 +01:00
Georgios Kalpakas 9e1b61326c refactor(aio): move script to a more relevant directory 2017-07-10 12:30:45 +01:00
Victor Berchet c723d42d0a refactor: fix typos (#18000) 2017-07-07 16:55:17 -07:00
Georgios Kalpakas 4268c82898 feat(aio): use shorter URLs for previews
Use the 7 first characters of the 40-chars long SHAs for shorter/cleaner URLs.
The collision probability is extremely low (since all SHAs are further
"namespaced" under the corresponding PR). In case of a collision, the second PR
will not be deployed, in order to avoid overwriting the original build.

(This is a design decision to keep the implementation simple. It can be changed
later if necessary.)
2017-06-29 09:35:22 -07:00
Georgios Kalpakas 3c4eef99be fix(aio): clean up non-public previews
The previous clean-up code for PR directories on the preview server assumed that
all directories were named after the PR number. With the changes introduced
in #17640 it is possible to have PR directories that do not follow that naming
convention (e.g. "non-public" directories).

This PR ensures that both public and non-public directories are removed when
cleaning up.
2017-06-29 09:35:22 -07:00
Georgios Kalpakas f1626574dd fix(aio): build `scripts-js` before creating a new docker image for the preview server
When creating a new docker image for the preview server, the TypeScript source
code in `scripts-js/` is not copied over. Instead only the generated JavaScript
core in `scripts-js/dist/` are. Because of that, it is necessary to have run
`yarn build` before running `docker build`, so that the new docker image
contains the latest changes in `scripts-js/`.

This was previously part of the `create-image.sh` script, but was accidentally
removed in 21d213dfc.
2017-06-27 10:11:06 -07:00
Georgios Kalpakas 979bfd07e1 refactor(aio): provide fallback values for secrets (useful during dev) 2017-06-23 11:54:20 -07:00
Georgios Kalpakas b6ce814279 refactor(aio): enable `-u` flag on preview server scripts 2017-06-23 11:54:20 -07:00
Georgios Kalpakas 66088fef1a docs(aio): document preview server HTTP status codes 2017-06-23 11:54:20 -07:00
Georgios Kalpakas f90b35a85e test(aio): add e2e tests for non-public previews 2017-06-23 11:54:20 -07:00
Georgios Kalpakas 8ae0eec230 feat(aio): enable previews for any PR
This commit introduces the ability to show previews for PRs by any author. It works as follows:

- The build artifacts of all PRs are uploaded to the preview server.
- Automatically verified PRs (i.e. from trusted authors or having a specific label) are deployed and
  publicly accessible as usual.
- PRs that could not be automatically verified are stored for later use (after re-verification).
- A PR can be marked as "trusted" and make its preview publicly accessible by adding the GitHub
  label specified in the `AIO_TRUSTED_PR_LABEL` env var of the preview server.

At the moment, there is no automatic mechanism for notifying the preview server about changes to the
PR's verification status. The PR's "visibility" will be checked and updated every time a new build
is uploaded.
2017-06-23 11:54:20 -07:00
Georgios Kalpakas 0fe685102f refactor(aio): simplify preview server build events 2017-06-23 11:54:20 -07:00
Georgios Kalpakas a98440bb85 test(aio): add missing unit test for preview server 2017-06-23 11:54:20 -07:00
Georgios Kalpakas 3112311134 test(aio): fix preview server tests on Windows 2017-06-23 11:54:20 -07:00
Georgios Kalpakas 1b13bdea4b build(aio): upgrade preview server dependencies 2017-06-23 11:54:20 -07:00
Georgios Kalpakas 3361a7b834 build(aio): minor `update-preview-server.sh` improvements 2017-05-18 14:41:54 +01:00
Georgios Kalpakas 9466908c22 build(aio): add script for updating the preview server 2017-05-18 08:21:25 +01:00
Georgios Kalpakas 93d27d283a build(aio): fix syntax error in preview server's Dockerfile 2017-05-18 08:21:25 +01:00
Georgios Kalpakas 6f59a4a5b2 docs(aio): minor docs fixes for `aio-builds-setup/` 2017-05-18 08:21:25 +01:00
George Kalpakas 593fe5ed25 build(aio): enable HTTP/2 on the preview server (#16826)
Fixes #16780
2017-05-16 21:07:28 -07:00
Georgios Kalpakas 06264645fd build: use subshells when changing directories
This prevents being left in the wrong directory in case of error.
2017-05-12 12:19:51 -07:00
Georgios Kalpakas 21d213dfc7 refactor(aio): drop `run` (from `yarn run`), rename script and remove unnecessary cmds 2017-05-12 11:37:21 -07:00
Georgios Kalpakas 3065fc6cca ci(aio): build `aio-builds-setup` scripts before pre-verifying PR
(Coincidentally), this wasn't an issue before fdfeaaf1f, because
pre-verification was run after `test.sh`, during which `aio-builds-setup` was
built.
Now that `deploy-staging.sh` is being run before `test.sh`, we need to build
the `aio-builds-setup` scripts first.
2017-05-12 11:37:21 -07:00
Georgios Kalpakas bcefc61da4 ci(aio): correctly catch PR preview pre-verification errors
Previously, `aio/aio-builds-setup/scripts/travis-preverify-pr.sh` was supposed
to exit with 1 if a PR did not meet the preconditions and 2 if an error occurred
during pre-verification.
It relied on the exit codes of the node script that did the actual work, but
didn't account for errors that would be thrown in the `sh` script itself (e.g.
if the node script was not available). This caused such errors to appear as
non-verified PRs, instead of real errors that should fail the build.

This commit swaps the exit codes, so that now a 2 means non-verified PR and 1
designates an error.
2017-05-12 11:37:21 -07:00
Georgios Kalpakas c757e5794f build(aio): serve gzipped content from the preview server
Fixes #16699
2017-05-11 10:29:24 +01:00
Georgios Kalpakas c0b1bbea3e feat(aio): add log rotation in preview server 2017-04-15 10:22:40 +01:00
George Kalpakas 14b7dfa007 fix(aio): create a proper commit link on preview comments (#15941)
Previously, only a few characters of the SHA would appear on the preview link
comment posted on the PR. This was usually enough for GitHub to create a link to
the corresponding commit, but it was possible to have collisions with other
commits with the same first characters (which prevented GitHub from identifying
the correct commit and create a link.)

This commit fixes this issue by including the full SHA on the commentso GitHub
can identify the correct commit and create the link. GitHub will automatically
truncate the link text (by default to 7 chars unless more are necessary to
uniquely identify the commit).
2017-04-13 11:55:33 -07:00
Georgios Kalpakas d263595c63 ci(aio): do not fail when re-deploying preview for the same PR/SHA
Previously, when trying to upload the build artifacts for a PR/SHA that was
already successfully deployed (e.g. when re-running a Travis job), the preview
server would return a 403 and the build would fail.

Since we have other mechanisms to verify that the PR author is trusted and the
artifacts do indeed come from the specified PR and since the new artifacts
should be the same with the already deployed ones (same SHA), there is no reason
to fail the build. The preview server will reject the request with a special
HTTP status code (409 - Conflict), which the `deploy-preview` script will
recognize and exit with 0.
2017-04-13 11:26:21 +01:00
Georgios Kalpakas 15662efec4 build(aio): update project config for @angular/cli v1.0.0
This is a follow-up to 487a0e1. The changes are based on [this wiki entry][1].

[1]: https://github.com/angular/angular-cli/wiki/stories-1.0-update.
2017-03-27 11:55:26 -07:00
Ed Pelc 6605dd1c7c docs(aio): correct spelling in overview 2017-03-27 14:36:05 +01:00
Georgios Kalpakas 1bcbcfd56f revert: build(aio): implement prerendering (#15346)
This reverts commit d0bc83ca27.

Protractor-based prerendering is flakey on Travis and takes several minutes to
complete, slowing down the build. Prerendering has a lower impact now that we
use a ServiceWorker. We will revisit in the future (probably using a
`PlatformServer`-based approach).

PR Close #15346
2017-03-21 19:05:36 -05:00
Georgios Kalpakas d0bc83ca27 build(aio): implement prerendering
The current implementation is based on @igorminar's [angular-io-v42][1]. It is
using Protractor to request all docs URLs, let them fallback to `/index.html`
and save the rendered page.

[1]: https://github.com/IgorMinar/angular-io-v42/tree/05508ab3/tools/prerenderer

Fixes #15104
2017-03-17 15:31:22 -05:00
Georgios Kalpakas 4347cb2119 ci(aio): whitelist 'aio-contributors' for deploying PR previews 2017-03-15 16:11:29 -07:00
Georgios Kalpakas 4e1cf5b41a build(aio): replace all occurrences of env vars on a line in `aio-builds-setup` 2017-03-13 10:30:49 -07:00
Georgios Kalpakas 0c5f893f6e test(aio): improve test description and expectations 2017-03-13 10:30:49 -07:00
Georgios Kalpakas 17f5f3b32c ci(aio): fix clean-up script on `ngbuilds.io` 2017-03-13 10:30:49 -07:00
Georgios Kalpakas 3bb59902f7 docs(aio): add more docs about `aio-builds-setup` 2017-03-13 10:30:49 -07:00
Georgios Kalpakas b804a488c5 feat(aio): make it easy to keep relevant logs outside the docker container 2017-03-13 10:30:49 -07:00
Georgios Kalpakas cbde75e77b feat(aio): redirect HTTP to HTTPS 2017-03-13 10:30:49 -07:00
George Kalpakas fa1920a02b feat(aio): enable deep-linking on deployed apps (until prerendering is done) (#15049) 2017-03-13 09:35:16 -07:00
Georgios Kalpakas 174d4c8ef7 ci(aio): do not deploy PR if preconditions not met
This avoids incorrectly failing the build if the PR author is not a member of one of the whitelisted GitHub teams.
2017-03-07 18:24:45 -08:00
Georgios Kalpakas 4ca772eea3 refactor(aio): move scripts into `scripts/` directory 2017-03-07 18:24:45 -08:00
Georgios Kalpakas b4ec80b21d docs(aio): document arg for auto-restarting the docker container on boot 2017-03-07 18:24:45 -08:00
Georgios Kalpakas a4476654aa refactor(aio): use more intuitive log filepath 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 4210d2b4b1 test(aio): fix e2e tests 2017-03-07 18:24:45 -08:00
Georgios Kalpakas aa30c50144 feat(aio): make it easier to create a docker image (less variables to overwrite) 2017-03-07 18:24:45 -08:00
Georgios Kalpakas fd34a58e13 fix(aio): ensure `NGBUILDS_IO_KEY` is not printed
Gaining access to another PR's JWT, would allow faking that PR's author wrt to
GitHub team membership verification for as long as the JWT is valid (currently
90 mins).
2017-03-07 18:24:45 -08:00
Georgios Kalpakas e40f81b564 ci(aio): fail the build if preview deployment fails 2017-03-07 18:24:45 -08:00
Georgios Kalpakas a3a7cf2090 build(aio): allow overwriting env vars at build time 2017-03-07 18:24:45 -08:00
Georgios Kalpakas d9d9d9de6f build(aio): allow passing parameters to `docker build` 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 7e67f37fc4 ci(aio): test aio-builds-setup as part of the `aio` job 2017-03-07 18:24:45 -08:00
Georgios Kalpakas d275667da0 build(aio): upgrade to latest and pin major pm2 version 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 03a5fd01c9 fix(aio): do not hardcode the domain in preview link comments 2017-03-07 18:24:45 -08:00
Georgios Kalpakas d28ea80db8 build(aio): always compile before running tests 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 0e9277b4c3 style(aio): change mock value for consistency 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 2796790c7d feat(aio): verify uploaded builds based on JWT from Travis 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 028b274750 feat(aio): support passing secrets as files to the docker container 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 3ed1f64d43 feat(aio): implement `BuildVerifier` 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 96f11dad18 feat(aio): implement `GithubTeams` 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 060d02eb82 fix(aio): remove unnecessary `repoSlug` parameter from `GithubApi` 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 951e653b0c feat(aio): implement `GithubApi.getPaginated()` 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 37348989f0 feat(aio): make `githubToken` mandatory for `GithubApi` 2017-03-07 18:24:45 -08:00
Georgios Kalpakas c5644e5a0d refactor(aio): add `assertNotMissingOrEmpty()` helper 2017-03-07 18:24:45 -08:00
Georgios Kalpakas c8d87a936b feat(aio): add support for HTTPS (certificates provided by host - fallback to self-signed) 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 6b8413f7b3 build(aio): update TypeScript (and other dependencies) 2017-03-07 18:24:45 -08:00
Georgios Kalpakas bc831ff4a4 feat(aio): check resolution of external URLs in HEALTHCHECK 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 8a8d4fe24f test(aio): fix typos (repoSlag --> repoSlug) 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 9df9bdc0f5 style(aio): correctly type tuple 2017-03-07 18:24:45 -08:00
Georgios Kalpakas c8ead9bcd0 refactor(aio): use types intead of interfaces for functions 2017-03-07 18:24:45 -08:00
Georgios Kalpakas 115164033b ci(aio): add initial implementation for aio-builds setup 2017-03-07 18:24:45 -08:00