-
Notifications
You must be signed in to change notification settings - Fork 167
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ansible: add cloudflare-deploy role #3501
base: main
Are you sure you want to change the base?
Conversation
deployed to |
I thought the goal was to have a sort of rsync? I don't see how this implementation will work with the release workflow, which includes a manual promomotion step from the releaser who signs the checksums. |
can you elaborate more about the signing step? I was under the impression the release is uploaded through https://github.com/nodejs/node/blob/fef7927cc3a7a3fb81c355301aada4a679c5661c/Makefile#L1143-L1147 (and other places in this file) and https://github.com/nodejs/node/blob/fef7927cc3a7a3fb81c355301aada4a679c5661c/vcbuild.bat#L520-L538 this is also what logs at https://ci-release.nodejs.org/job/iojs+release/nodes=rhel8-x64-release/9643/console show. |
The release is uploaded to a staging area on the www server. It cannot be accessed by the public/downloaded before the releaser executes the promotion script, which moves it to the publicly accessible directory. |
where is this promotion script?
this has the exact same timestamp as https://nodejs.org/dist/v20.7.0/
|
@targos maybe you are referring to the |
Promotion script is here: https://github.com/nodejs/node/blob/main/tools/release.sh AFAIK, all builds (release, nightly, rc, etc) are uploaded to the staging area. The difference between releases and other builds is that the releases are promoted manually, and the other builds are promoted automatically by a cron job. @richardlau may know more about this. |
|
the entire goal here is to end up with a more resilient architecture, in the case of all build types except release (nightly, rc, test, v8-canary)- it makes sense to me to upload directly from Jenkins to R2 WDYT? |
I think the overall strategy should be discussed and agreed on within the WG before we make too many infra changes, that's all. My personal opinion isn't totally made on this. |
95a6fd5
to
c1f679d
Compare
I added a diagram outline of the release process to this repository, with clickable labels on most of the boxes/steps linking to the relevant scripts (either in this repository or nodejs/node): https://github.com/nodejs/build/blob/main/doc/release-overview.md
|
Having had a quick glance at https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html and this PR the immediate problem I see is clients only for Linux, macOS and Windows, so we're going to have an issue on AIX (which is Unix, not Linux). |
We'll need to be uploading the SHASUM256.txt files to R2 from the promotion scripts for all build types as that is where we're currently generating the shasums
via
|
It's probably possible to upload the file with |
Shasum files are going to be challenging indeed. |
yes. it can also be installed with pip I think
we can start with deploying from the promotion script, and in the future make the promotion script run from inside a Cloudflare worker |
I think this would be a long term solution, added a short term implementation #3505, and will discuss in the build WG meeting |
rclone also speaks s3 and uses a rsync-like protocol for deciding changes. It seems to have (third party) builds for AIX: https://github.com/skytap/rclone
Yep, probs the best option. |
Discussed in build WG meeting today, agreed to remove from agend in favor of the top level issue about the R2 migration. |
Refs: https://github.com/nodejs-private/secrets/pull/286
Refs: #3461
the intent is to add an
aws cp
command in all places that upload artifacts, i.e.:https://github.com/nodejs/node/blob/fef7927cc3a7a3fb81c355301aada4a679c5661c/Makefile#L1143-L1147
https://github.com/nodejs/node/blob/fef7927cc3a7a3fb81c355301aada4a679c5661c/vcbuild.bat#L520-L538