fa-harness-tools 1.0.5 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 43514c409f804648259a4b51366d9d4eec846c54badb0642a9fb3d916d13ad8d
-  data.tar.gz: 5c5e29f48aaf5e1f82a7cc608523086728e1085e89c9dde688c47db522b73b9f
+  metadata.gz: 421353286e74cdc70badf595a611fc8d9a34a5f14e4341cacac88bbba11cee19
+  data.tar.gz: f80a236d16ea035736191b65c2138abec2cff6c126d36b930b3866e01d50489d
 SHA512:
-  metadata.gz: 070f23a423e9e104c294eb3c6fd47fb0d45d5edc904be12cef90e1c83cd22e372b97e7544f9f3824006066e1c3a285274a3c10e0d6b7b0badf5360acaf2dcc86
-  data.tar.gz: 5cce7e38b1286181ae729433d5fdcd556dccb4c79500ee5b1c3cc471263ed767e714453ae10f910399954c4606c4ec1fbefbfec648e9f822a22ae151ba3b8ed8
+  metadata.gz: d610913dbd0979c1d6d5a19a04fe68b511042e333fbd4a616919855fb1d34dca130ea10e1e6a5d58d0579ad86fd796f9e2983a19ae222ddd2dea9b1015bbd229
+  data.tar.gz: 0fa44445386572aa266ef138f1bcc1bda3b84ea8b0fe6f98cfd86f17d58c0e5f045650c9b19bbc7309018f1cb9e0237f3e07f34f01e75b0110009d20a26035c3

data/Gemfile.lock

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    fa-harness-tools (1.0.5)
+    fa-harness-tools (1.1.0)
       octokit (~> 4.0)
+      pastel (~> 0.7)
       tzinfo (~> 2.0)
       tzinfo-data (~> 1.0)
 
@@ -13,12 +14,16 @@ GEM
       public_suffix (>= 2.0.2, < 5.0)
     concurrent-ruby (1.1.6)
     diff-lcs (1.3)
+    equatable (0.6.1)
     faraday (1.0.1)
       multipart-post (>= 1.2, < 3)
     multipart-post (2.1.1)
     octokit (4.18.0)
       faraday (>= 0.9)
       sawyer (~> 0.8.0, >= 0.5.3)
+    pastel (0.7.4)
+      equatable (~> 0.6)
+      tty-color (~> 0.5)
     public_suffix (4.0.5)
     rake (13.0.1)
     rspec (3.9.0)
@@ -38,6 +43,7 @@ GEM
       addressable (>= 2.3.5)
       faraday (> 0.8, < 2.0)
     timecop (0.9.1)
+    tty-color (0.5.1)
     tzinfo (2.0.2)
       concurrent-ruby (~> 1.0)
     tzinfo-data (1.2020.1)

data/README.md

@@ -24,9 +24,9 @@ Examples below use [variables defined by Harness](https://docs.harness.io/articl
 
 Full scripts that can be used in Harness are available in the [examples/](examples/) directory.
 
-### Required environment variables
+### Optional environment variables
 
-* `GITHUB_OAUTH_TOKEN` must be exported, containing a valid [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) for GitHub
+* To access private repositories, `GITHUB_OAUTH_TOKEN` must be exported, containing a valid [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) for GitHub
 
 ### check-branch-brotection
 

data/examples/production-preflight-checks/production-preflight-checks.sh

@@ -9,11 +9,13 @@ export GITHUB_OAUTH_TOKEN="${secrets.getValue("github-oauth-token")}"
 run() {
   CMD=$1
   shift
+  echo
   $CMD \
     --build-no "${artifact.buildNo}" \
     --environment "${env.name}" \
     --repository "${artifact.source.repositoryName}" \
     "$@"
+  echo
 }
 
 # 1. Check we're within the daily deployment schedule

data/exe/check-branch-protection

@@ -32,7 +32,7 @@ OptionParser.new do |opts|
 end.parse!
 
 client = FaHarnessTools::GithubClient.new(
-  oauth_token: ENV.fetch("GITHUB_OAUTH_TOKEN"),
+  oauth_token: ENV.fetch("GITHUB_OAUTH_TOKEN", nil),
   owner: options.fetch(:github_owner),
   repo: options.fetch(:repo),
 )
@@ -48,10 +48,4 @@ result = FaHarnessTools::CheckBranchProtection.new(
   branch: options.fetch(:branch),
 ).verify?
 
-if result.first
-  puts result.last
-  exit 0
-else
-  $stderr.puts result.last
-  exit 1
-end
+exit result ? 0 : 1

data/exe/check-forward-deploy

@@ -48,10 +48,4 @@ result = FaHarnessTools::CheckForwardDeploy.new(
   tag_prefix: options.fetch(:tag_prefix),
 ).verify?
 
-if result.first
-  puts result.last
-  exit 0
-else
-  $stderr.puts result.last
-  exit 1
-end
+exit result ? 0 : 1

data/exe/check-recent-deploy

@@ -54,10 +54,4 @@ result = FaHarnessTools::CheckRecentDeploy.new(
   allowed_rollback_count: options.fetch(:allowed_rollback_count),
 ).verify?
 
-if result.first
-  puts result.last
-  exit 0
-else
-  $stderr.puts result.last
-  exit 1
-end
+exit result ? 0 : 1

data/exe/check-schedule

@@ -10,10 +10,4 @@ end.parse!
 
 result = FaHarnessTools::CheckSchedule.new.verify?
 
-if result.first
-  puts result.last
-  exit 0
-else
-  $stderr.puts result.last
-  exit 1
-end
+exit result ? 0 : 1

data/fa-harness-tools.gemspec

@@ -27,6 +27,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_runtime_dependency "octokit", "~> 4.0"
+  spec.add_runtime_dependency "pastel", "~> 0.7"
   spec.add_runtime_dependency "tzinfo", "~> 2.0"
   spec.add_runtime_dependency "tzinfo-data", "~> 1.0"
 

data/lib/fa-harness-tools/check_branch_protection.rb

@@ -5,14 +5,23 @@ module FaHarnessTools
       @client = client
       @context = context
       @branch = branch
+      @logger = CheckLogger.new(
+        name: "Check branch protection",
+        description: "Only allow commits on the #{@branch} branch to be deployed",
+      )
     end
 
     def verify?
+      @logger.start
+      @logger.context_info(@client, @context)
+
       new_sha = @context.new_commit_sha
+
+      @logger.info("checking if #{@branch} branch contains the commit")
       if @client.branch_contains?(@branch, new_sha)
-        [true, "#{@branch} contains #{new_sha}"]
+        @logger.pass "#{@branch} contains #{new_sha}"
       else
-        [false, "#{@branch} does not contain #{new_sha}"]
+        @logger.fail "#{@branch} does not contain #{new_sha}"
       end
     end
   end

data/lib/fa-harness-tools/check_forward_deploy.rb

@@ -13,25 +13,36 @@ module FaHarnessTools
       @client = client
       @context = context
       @tag_prefix = tag_prefix
+      @logger = CheckLogger.new(
+        name: "Check forward deploy",
+        description: "Only allow deployments that are newer than what's currently deployed",
+      )
     end
 
     def verify?
+      @logger.start
+      @logger.context_info(@client, @context)
+
       current_tag = @client.last_deploy_tag(
         prefix: @tag_prefix, environment: @context.environment)
 
       if current_tag.nil?
         # If no previous deploys we need to let it deploy otherwise it will
         # never get past this check!
-        return true, "first deploy"
+        @logger.info "no #{@tag_prefix} tag was found, so this must be the first deployment"
+        return @logger.pass("this is the first recorded deployment so is permitted")
       end
 
+      @logger.info("the most recent deployment is #{current_tag[:name]}")
+
       current_deployed_rev = current_tag[:commit][:sha]
       rev = @context.new_commit_sha
+      @logger.info("which means the currently deployed commit is #{current_deployed_rev}")
 
       if @client.is_ancestor_of?(current_deployed_rev, rev)
-        [true, "forward deploy, #{rev} is ahead of #{current_deployed_rev}"]
+        @logger.pass "the commit being deployed is more recent than the currently deployed commit"
       else
-        [false, "not a forward deploy, #{rev} is behind #{current_deployed_rev}"]
+        @logger.fail "the commit being deployed is before the currently deployed commit, so would revert changes"
       end
     end
   end

data/lib/fa-harness-tools/check_logger.rb

@@ -0,0 +1,34 @@
+require "pastel"
+
+module FaHarnessTools
+  class CheckLogger
+    def initialize(name:, description:)
+      @name = name
+      @description = description
+      @pastel = Pastel.new(enabled: true)
+    end
+
+    def start
+      puts @pastel.cyan(@pastel.bold(@name), %{ (#{@description})})
+    end
+
+    def info(message)
+      puts "  ... #{message}"
+    end
+
+    def context_info(client, context)
+      info("we're deploying repo #{client.owner_repo} into environment #{context.environment}")
+      info("we're trying to deploy commit #{context.new_commit_sha}")
+    end
+
+    def pass(message)
+      puts @pastel.green("PASS: #{message}")
+      true
+    end
+
+    def fail(message)
+      puts @pastel.red("FAIL: #{message}")
+      false
+    end
+  end
+end

data/lib/fa-harness-tools/check_recent_deploy.rb

@@ -27,9 +27,16 @@ module FaHarnessTools
       @context = context
       @tag_prefix = tag_prefix
       @allowed_rollback_count = allowed_rollback_count
+      @logger = CheckLogger.new(
+        name: "Check recent deploys",
+        description: "Only allow deployments of recent commits, up to #{@allowed_rollback_count} deployment rollbacks",
+      )
     end
 
     def verify?
+      @logger.start
+      @logger.context_info(@client, @context)
+
       tags = @client.
         all_deploy_tags(prefix: @tag_prefix, environment: @context.environment).
         sort_by { |tag| tag[:name] }
@@ -39,16 +46,20 @@ module FaHarnessTools
       if latest_allowed_tag.nil?
         # If no previous deploys we need to let it deploy otherwise it will
         # never get past this check!
-        return true, "first deploy"
+        @logger.info "no #{@tag_prefix} tag was found, so this must be the first deployment"
+        return @logger.pass("this is the first recorded deployment so is permitted")
       end
 
+      @logger.info("the most recent tag allowed is #{latest_allowed_tag[:name]}")
+
       latest_allowed_rev = @client.get_commit_sha_from_tag(latest_allowed_tag)
       rev = @context.new_commit_sha
+      @logger.info("which means the most recent commit allowed is #{latest_allowed_rev}")
 
       if @client.is_ancestor_of?(latest_allowed_rev, rev)
-        [true, "#{rev} is ahead of no.#{@allowed_rollback_count} most recent commit with #{@tag_prefix.inspect} tag"]
+        @logger.pass "the commit being deployed is more recent than the last permitted rollback commit"
       else
-        [false, "#{rev} is prior to no.#{@allowed_rollback_count} most recent commit with #{@tag_prefix.inspect} tag"]
+        @logger.fail "the commit being deployed is older than the last permitted rollback commit"
       end
     end
   end

data/lib/fa-harness-tools/check_schedule.rb

@@ -9,22 +9,33 @@ module FaHarnessTools
   class CheckSchedule
     def initialize(timezone: "Europe/London")
       tz = TZInfo::Timezone.get(timezone)
+      @timezone = timezone
       @now = tz.to_local(Time.now.utc)
+      @logger = CheckLogger.new(
+        name: "Check deployment schedule",
+        description: "Only allow deployments within certain times of the day",
+      )
     end
 
     def verify?
+      @logger.start
+      @logger.info("operating in the #{@timezone} timezone")
+      @logger.info("local time is #{@now}")
+
       permitted = false
       case @now.wday
       when 1..4
+        @logger.info("deployments are allowed between 9am to 4pm today (Mon-Thu)")
         permitted = true if @now.hour >= 9 && @now.hour < 16
       when 5
+        @logger.info("deployments are allowed between 9am to 12pm today (Fri)")
         permitted = true if @now.hour >= 9 && @now.hour < 12
       end
 
       if permitted
-        [true, "scheduled deploy time"]
+        @logger.pass "inside the deployment schedule"
       else
-        [false, "outside deployment schedule"]
+        @logger.fail "outside the deployment schedule"
       end
     end
   end

data/lib/fa-harness-tools/github_client.rb

@@ -9,6 +9,8 @@ module FaHarnessTools
       @octokit = Octokit::Client.new(access_token: oauth_token)
       @owner = owner
       @repo = repo
+      @oauth_token = oauth_token
+      validate_repo
     end
 
     def owner_repo
@@ -91,14 +93,20 @@ module FaHarnessTools
     #
     # @return [Bool] True is <ancestor> is ancestor of <commit>
     def is_ancestor_of?(ancestor, commit)
-      !!find_commit(commit) { |c| c[:sha] == ancestor }
+      # Compare returns the merge base, the common point in history between the
+      # two commits. If X is the ancestor of Y, then the merge base must be X.
+      # If not, it's a different branch.
+      @octokit.compare(owner_repo, ancestor, commit)[:merge_base_commit][:sha] == get_commit_sha(ancestor)
     end
 
     # Checks if <commit> is on branch <branch>
     #
     # @return [Bool] True is <commit> is on <branch>
     def branch_contains?(branch, commit)
-      !!find_commit(branch) { |c| c[:sha] == commit }
+      # The same implementation works for this question. We have both methods
+      # to make the intent clearer and also this one is guaranteed to resolve a
+      # branch name for the first argument.
+      is_ancestor_of?(commit, branch)
     end
 
     # Creates a Git tag
@@ -112,16 +120,15 @@ module FaHarnessTools
 
     private
 
-    # Paginate over commits from a given sha/branch, and exit early if the
-    # supplied block matches
-    def find_commit(sha_or_branch, &block)
-      result = @octokit.commits(owner_repo, sha_or_branch).find(&block)
-      response = @octokit.last_response
-      until result || !response.rels[:next]
-        response = response.rels[:next].get
-        result = response.data.find(&block)
-      end
-      result
+    # Validates a repository exists.
+    # Raises a `LookupError` in the event a repository can't be found.
+    def validate_repo
+      @octokit.repo(owner_repo)
+
+    rescue Octokit::NotFound
+      message = "Unable to find repository #{owner_repo}"
+      message = "#{message}. If the repository is private, try setting GITHUB_OAUTH_TOKEN" unless @oauth_token
+      raise LookupError, message
     end
   end
 end

data/lib/fa-harness-tools/harness_context.rb

@@ -9,7 +9,7 @@ module FaHarnessTools
     end
 
     def new_commit_sha
-      @client.get_commit_sha(@build_no)
+      @new_commit_sha ||= @client.get_commit_sha(@build_no)
     end
   end
 end

data/lib/fa-harness-tools/version.rb

@@ -1,3 +1,3 @@
 module FaHarnessTools
-  VERSION = "1.0.5"
+  VERSION = "1.1.0"
 end

data/lib/fa-harness-tools.rb

@@ -1,3 +1,4 @@
+require "fa-harness-tools/check_logger"
 require "fa-harness-tools/check_branch_protection"
 require "fa-harness-tools/check_forward_deploy"
 require "fa-harness-tools/check_recent_deploy"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fa-harness-tools
 version: !ruby/object:Gem::Version
-  version: 1.0.5
+  version: 1.1.0
 platform: ruby
 authors:
 - FreeAgent
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-20 00:00:00.000000000 Z
+date: 2020-05-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: octokit
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: pastel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
 - !ruby/object:Gem::Dependency
   name: tzinfo
   requirement: !ruby/object:Gem::Requirement
@@ -146,6 +160,7 @@ files:
 - lib/fa-harness-tools.rb
 - lib/fa-harness-tools/check_branch_protection.rb
 - lib/fa-harness-tools/check_forward_deploy.rb
+- lib/fa-harness-tools/check_logger.rb
 - lib/fa-harness-tools/check_recent_deploy.rb
 - lib/fa-harness-tools/check_schedule.rb
 - lib/fa-harness-tools/github_client.rb