forked from mozilla-releng/scriptworker-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgithub.py
More file actions
212 lines (161 loc) · 9.75 KB
/
github.py
File metadata and controls
212 lines (161 loc) · 9.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
import logging
from asyncio import ensure_future
from aiohttp_retry import RetryClient
from github3 import GitHub
from github3.exceptions import NotFoundError, ServerError
from scriptworker_client.exceptions import TaskError
from scriptworker_client.utils import async_wrap, get_single_item_from_sequence, raise_future_exceptions, retry_async_decorator
log = logging.getLogger(__name__)
async def release(release_config):
if not release_config["contact_github"]:
log.warning('"contact_github" is set to False. No request to Github will be made')
return
# The token isn't needed anymore past this point. Let's take it out in order to avoid leaking
# it in some debug logs.
github_client = await _init_github_client(release_config.pop("github_token"))
github_repository = await _get_github_repository(github_client, release_config)
release_name = release_config["release_name"]
git_tag = release_config["git_tag"]
try:
existing_release = await _get_release_from_tag(github_repository, git_tag)
log.info(f"Release {release_name} already exists. Making sure it has the latest data...")
await _update_release_if_needed(existing_release, release_config)
except NotFoundError:
log.info(f"Release {release_name} does not exist. Creating it...")
await _create_release(github_repository, release_config)
log.info("Making sure the latest artifacts are present...")
existing_release = await _get_release_from_tag(github_repository, git_tag)
await _upload_artifacts_if_needed(existing_release, release_config)
log.info("All artifacts have been uploaded. Making sure everything went fine...")
existing_release = await _get_release_from_tag(github_repository, git_tag)
await _check_final_state_of_release(existing_release, release_config)
log.info("Everything is sane!")
# The github3 library already retries requests. It gives a round of waiting of usually 15 seconds.
# A delay factor of 7.5s means the second round of waiting will occur ~15s after the first one,
# the third one ~30s and so on.
_GITHUB_LIBRARY_SLEEP_TIME_KWARGS = {"delay_factor": 7.5}
github_retry = retry_async_decorator(retry_exceptions=ServerError, sleeptime_kwargs=_GITHUB_LIBRARY_SLEEP_TIME_KWARGS)
@github_retry
async def _init_github_client(token):
async_github_constructor = async_wrap(GitHub)
return await async_github_constructor(token=token)
@github_retry
async def _get_github_repository(github_client, release_config):
async_get_github_repository = async_wrap(github_client.repository)
return await async_get_github_repository(release_config["github_owner"], release_config["github_repo_name"])
@github_retry
async def _get_release_from_tag(github_repository, git_tag):
async_release_from_tag = async_wrap(github_repository.release_from_tag)
return await async_release_from_tag(git_tag)
@github_retry
async def _create_release(github_repository, release_config):
async_create_release = async_wrap(github_repository.create_release)
await async_create_release(**_get_github_release_kwargs(release_config))
@github_retry
async def _edit_existing_release(existing_release, release_config):
async_edit_release = async_wrap(existing_release.edit)
# XXX We don't include the `target_commitish` because we're likely dealing with a Github release which
# likely built off git branches. See comment in _does_release_need_to_be_updated(), for more details.
await async_edit_release(**_get_github_release_kwargs(release_config, include_target_commitish=False))
@github_retry
async def _delete_artifact(existing_artifact):
async_delete_release = async_wrap(existing_artifact.delete)
await async_delete_release()
@github_retry
async def _upload_artifact(existing_release, artifact):
async_func = async_wrap(existing_release.upload_asset)
with open(artifact["local_path"], "rb") as f:
log.debug(f'Uploading artifact "{artifact["name"]}"...')
await async_func(content_type=artifact["content_type"], name=artifact["name"], asset=f)
def _get_github_release_kwargs(release_config, include_target_commitish=True):
release_kwargs = dict(
tag_name=release_config["git_tag"],
name=release_config["release_name"],
draft=False,
prerelease=release_config["is_prerelease"],
)
if include_target_commitish:
release_kwargs["target_commitish"] = release_config["git_revision"]
return release_kwargs
async def _update_release_if_needed(existing_release, release_config):
if not _does_release_need_to_be_updated(existing_release, release_config):
log.info("Existing release already has the right data. Nothing to do.")
return
log.info("Existing release will be updated.")
await _edit_existing_release(existing_release, release_config)
def _does_release_need_to_be_updated(existing_release, release_config):
should_release_be_updated = False
for config_field, github_field in (
# XXX `git_revision` and `target_commitish` are ignored because a github release is usually
# built off a git branch. Updating `target_commitish` to a revision is indeed more secure,
# but breaks Chain of Trust. To be more explicit: Any task that runs after an updated
# `target_commitish` won't pass CoT. There is no way to make CoT more flexible because the
# Github API doesn't expose both the branch and the commit hash on its Github release
# enpoint and event.
("git_tag", "tag_name"),
("release_name", "name"),
("is_prerelease", "prerelease"),
):
target_value = release_config[config_field]
existing_value = getattr(existing_release, github_field, None)
if target_value != existing_value:
log.info(f'Field "{config_field}" differ. Expected: {target_value}. Got: {existing_value}')
should_release_be_updated = True
return should_release_be_updated
async def _upload_artifacts_if_needed(existing_release, release_config):
existing_artifacts = list(existing_release.assets())
log.debug(f"Existing release has the following artifacts attached: {existing_artifacts}")
coroutines = [ensure_future(_upload_artifact_if_needed(existing_release, existing_artifacts, artifact)) for artifact in release_config["artifacts"]]
await raise_future_exceptions(coroutines)
async def _upload_artifact_if_needed(existing_release, existing_artifacts, artifact):
artifact_name = artifact["name"]
try:
existing_artifact = _get_existing_artifact(existing_artifacts, artifact)
if await _does_existing_artifact_need_to_be_reuploaded(existing_artifact, artifact):
# XXX Updating releases only changes the metadata
# https://developer.github.com/v3/repos/releases/#update-a-release-asset
log.info(f'Artifact "{artifact_name}" exists but needs to be deleted and reuploaded. Doing so...')
await _delete_artifact(existing_artifact)
else:
log.info(f'Artifact "{artifact_name}" has already been correctly uploaded to this Github release. Nothing to do.')
return
except ValueError:
log.info(f'Artifact "{artifact_name}" does not exist on Github. Uploading...')
await _upload_artifact(existing_release, artifact)
def _get_existing_artifact(existing_artifacts, target_artifact):
return get_single_item_from_sequence(sequence=existing_artifacts, condition=lambda github_asset: github_asset.name == target_artifact["name"])
async def _does_existing_artifact_need_to_be_reuploaded(existing_artifact, target_artifact, retry_on_404=False):
should_artifact_be_reuploaded = False
artifact_name = target_artifact["name"]
for field in ("size", "content_type"):
target_value = target_artifact[field]
existing_value = getattr(existing_artifact, field, None)
if existing_value != target_value:
log.info(f'Artifact "{artifact_name}" has its "{field}" differing. Expected: {target_value}. Got: {existing_value}')
should_artifact_be_reuploaded = True
# XXX For an unknown reason, Github sometimes fails to upload assets correctly. In this case:
# the API does tell the artifact exists and has the expected size + content-type, but nothing
# is displayed on the Web UI. Trying to download the URL exposed on the Web UI enables us to
# catch this very issue.
download_url = existing_artifact.browser_download_url
# XXX A given release may be temporarilly 404 when it just got created
retry_for_statuses = {404} if retry_on_404 else {}
async with RetryClient() as client:
# XXX We cannot do simple HEAD requests because Github uses AWS and they forbid them.
# https://github.com/cavaliercoder/grab/issues/43#issuecomment-431076499
async with client.get(download_url, retry_for_statuses=retry_for_statuses) as response:
response_status = response.status
if response_status != 200:
log.warning(
f'Got an unexpected HTTP code when trying to download the existing artifact "{artifact_name}". Expected: 200. Got: {response_status}'
)
should_artifact_be_reuploaded = True
return should_artifact_be_reuploaded
async def _check_final_state_of_release(existing_release, release_config):
if _does_release_need_to_be_updated(existing_release, release_config):
raise TaskError("Release still needs to be updated!")
existing_artifacts = list(existing_release.assets())
for artifact in release_config["artifacts"]:
existing_artifact = _get_existing_artifact(existing_artifacts, artifact)
if await _does_existing_artifact_need_to_be_reuploaded(existing_artifact, artifact, retry_on_404=True):
raise TaskError(f'Artifact "{artifact["name"]}" needs to be reuploaded')