@jira-deploy/core 1.0.4 → 1.0.6

package/constants/users.js

@@ -5,12 +5,12 @@
  */
 export const USER_MAP = {
   // 格式：'名稱/暱稱（不分大小寫）': 'accountId'
-  'Solar Chen': 'BK00619',
-  'Rex Li': 'BK00619',
-  'James Yu': 'BK00619',
-  'Alvin Wang': 'BK00619',
-  'Chester Kuo': 'BK00619',
-  'Riemann Tseng': 'BK00619',
+  'Solar Chen': 'BK00325',
+  'Rex Li': 'BK00325',
+  'James Yu': 'BK00325',
+  'Alvin Wang': 'BK00325',
+  'Chester Kuo': 'BK00325',
+  'Riemann Tseng': 'BK00325',
   // 'Solar Chen': 'BK00129',
   // 'Rex Li': 'BK00136',
   // 'James Yu': 'BK00178',

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jira-deploy/core",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "type": "module",
   "main": "./index.js",
   "repository": {
@@ -21,6 +21,7 @@
   },
   "files": [
     "constants/**/*.js",
+    "scripts/**/*.py",
     "tools/**/*.js",
     "*.js"
   ],

package/scripts/jabber_notify.py

@@ -0,0 +1,298 @@
+#!/usr/bin/env python3
+"""
+jabber_notify.py — Send a Jabber message to a MUC room or a specific user.
+
+Usage:
+    python3 src/scripts/jabber_notify.py "<message>"
+
+Required environment variables:
+    JABBER_SERVER
+    JABBER_USER
+    JABBER_DOMAIN
+    JABBER_KEYCHAIN_SERVICE
+    JABBER_KEYCHAIN_ACCOUNT
+
+One of the following must be set:
+    JABBER_ROOM   — MUC room JID (e.g. webqa@conference.linebank.com.tw)
+    JABBER_TO     — Direct message recipient JID (e.g. BK00178@linebank.com.tw)
+
+Optional environment variables:
+    JABBER_PORT (defaults to 5222)
+    JABBER_RESOURCE (defaults to copilot)
+    JABBER_NICK (defaults to Copilot)  — only used for MUC
+
+To add or update Keychain entry:
+    security add-generic-password -a "$JABBER_KEYCHAIN_ACCOUNT" -s "$JABBER_KEYCHAIN_SERVICE" -w
+"""
+
+import base64
+import os
+import socket
+import ssl
+import subprocess
+import sys
+import time
+
+
+def required_env(key: str) -> str:
+    value = os.getenv(key, "").strip()
+    if not value:
+        raise RuntimeError(f"Missing required environment variable: {key}")
+    return value
+
+
+def load_config() -> dict:
+    room = os.getenv("JABBER_ROOM", "").strip()
+    to = os.getenv("JABBER_TO", "").strip()
+    if not room and not to:
+        raise RuntimeError("Either JABBER_ROOM or JABBER_TO must be set")
+    return {
+        "server": required_env("JABBER_SERVER"),
+        "port": int(os.getenv("JABBER_PORT", "5222")),
+        "user": required_env("JABBER_USER"),
+        "domain": required_env("JABBER_DOMAIN"),
+        "resource": os.getenv("JABBER_RESOURCE", "copilot").strip() or "copilot",
+        "room": room,
+        "to": to,
+        "nick": os.getenv("JABBER_NICK", "Copilot").strip() or "Copilot",
+        "keychain_service": required_env("JABBER_KEYCHAIN_SERVICE"),
+        "keychain_account": required_env("JABBER_KEYCHAIN_ACCOUNT"),
+    }
+
+
+def recv_all(sock, timeout=2):
+    sock.settimeout(timeout)
+    data = b""
+    try:
+        while True:
+            chunk = sock.recv(8192)
+            if not chunk:
+                break
+            data += chunk
+    except socket.timeout:
+        pass
+    return data.decode(errors="replace")
+
+
+def get_jabber_password(keychain_service: str, keychain_account: str) -> str:
+    # Keychain credential must be created before using this script.
+    # Example setup:
+    # security add-generic-password -a "$JABBER_KEYCHAIN_ACCOUNT" -s "$JABBER_KEYCHAIN_SERVICE" -w
+    result = subprocess.run(
+        [
+            "security",
+            "find-generic-password",
+            "-s",
+            keychain_service,
+            "-a",
+            keychain_account,
+            "-w",
+        ],
+        capture_output=True,
+        text=True,
+    )
+    if result.returncode != 0:
+        raise RuntimeError(
+            "Cannot read Jabber password from Keychain. "
+            "Check JABBER_KEYCHAIN_SERVICE and JABBER_KEYCHAIN_ACCOUNT."
+        )
+    return result.stdout.strip()
+
+
+def _extract_error_reason(xml_text: str) -> str:
+    reasons = [
+        "not-authorized",
+        "forbidden",
+        "conflict",
+        "service-unavailable",
+        "item-not-found",
+        "not-allowed",
+        "registration-required",
+        "remote-server-not-found",
+        "internal-server-error",
+    ]
+    for reason in reasons:
+        if f"<{reason}" in xml_text:
+            return reason
+    if "<error" in xml_text:
+        return "unknown"
+    return ""
+
+
+def _wait_for_join_confirmation(tls, room: str, nick: str, timeout_seconds: int = 10) -> None:
+    deadline = time.time() + timeout_seconds
+    self_presence_markers = [
+        '<status code="110"',
+        "<status code='110'",
+    ]
+    explicit_nick_markers = [
+        f'from="{room}/{nick}"',
+        f"from='{room}/{nick}'",
+    ]
+    room_presence_markers = [
+        f'from="{room}/',
+        f"from='{room}/",
+    ]
+    saw_room_presence = False
+
+    while time.time() < deadline:
+        chunk = recv_all(tls, 1)
+        if not chunk:
+            continue
+
+        error_reason = _extract_error_reason(chunk)
+        if error_reason:
+            raise RuntimeError(f"Jabber room join failed: {error_reason}")
+
+        if "<presence" in chunk and any(marker in chunk for marker in room_presence_markers):
+            saw_room_presence = True
+            if "type=\"error\"" in chunk or "type='error'" in chunk:
+                raise RuntimeError("Jabber room join failed: error")
+            if "type=\"unavailable\"" in chunk or "type='unavailable'" in chunk:
+                continue
+
+            if any(marker in chunk for marker in self_presence_markers):
+                return
+
+            if any(marker in chunk for marker in explicit_nick_markers):
+                return
+
+    if saw_room_presence:
+        return
+    raise RuntimeError("Jabber room join not confirmed")
+
+
+def _wait_for_message_confirmation(
+    tls,
+    room: str,
+    msg_id: str,
+    timeout_seconds: int = 5,
+) -> None:
+    deadline = time.time() + timeout_seconds
+    id_markers = [f'id="{msg_id}"', f"id='{msg_id}'"]
+
+    while time.time() < deadline:
+        chunk = recv_all(tls, 1)
+        if not chunk:
+            continue
+
+        if "<message" in chunk and any(marker in chunk for marker in id_markers):
+            if "type=\"error\"" in chunk or "type='error'" in chunk:
+                error_reason = _extract_error_reason(chunk) or "error"
+                raise RuntimeError(f"Jabber message rejected: {error_reason}")
+
+        if "<message" in chunk and (
+            "type=\"error\"" in chunk or "type='error'" in chunk
+        ):
+            error_reason = _extract_error_reason(chunk) or "error"
+            raise RuntimeError(f"Jabber message rejected: {error_reason}")
+
+    return
+
+
+def send_to_room(message: str) -> None:
+    config = load_config()
+    password = get_jabber_password(
+        config["keychain_service"],
+        config["keychain_account"],
+    )
+
+    sasl_plain = base64.b64encode(f"\x00{config['user']}\x00{password}".encode()).decode()
+
+    ctx = ssl.create_default_context()
+    ctx.check_hostname = False
+    ctx.verify_mode = ssl.CERT_NONE
+
+    raw = None
+    tls = None
+    try:
+        # ── TCP connect ──────────────────────────────────────────────────────
+        raw = socket.create_connection((config["server"], config["port"]), timeout=10)
+        raw.sendall(
+            f"<?xml version='1.0'?><stream:stream xmlns='jabber:client' version='1.0' "
+            f"xmlns:stream='http://etherx.jabber.org/streams' to='{config['domain']}'>".encode()
+        )
+        time.sleep(0.3)
+        recv_all(raw, 1)
+
+        # ── STARTTLS ─────────────────────────────────────────────────────────
+        raw.sendall(b"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>")
+        time.sleep(0.3)
+        recv_all(raw, 1)
+        tls = ctx.wrap_socket(raw, server_hostname=config["server"])
+
+        # ── Re-open stream over TLS ──────────────────────────────────────────
+        tls.sendall(
+            f"<?xml version='1.0'?><stream:stream xmlns='jabber:client' version='1.0' "
+            f"xmlns:stream='http://etherx.jabber.org/streams' to='{config['domain']}'>".encode()
+        )
+        time.sleep(0.3)
+        recv_all(tls, 1)
+
+        # ── SASL PLAIN auth ──────────────────────────────────────────────────
+        tls.sendall(
+            f"<auth xmlns='urn:ietf:params:xml:ns:xmpp-sasl' mechanism='PLAIN'>{sasl_plain}</auth>".encode()
+        )
+        time.sleep(1)
+        auth_resp = recv_all(tls, 2)
+        if "success" not in auth_resp:
+            raise RuntimeError("Jabber authentication failed")
+
+        # ── Re-open stream after auth ────────────────────────────────────────
+        tls.sendall(
+            f"<?xml version='1.0'?><stream:stream xmlns='jabber:client' version='1.0' "
+            f"xmlns:stream='http://etherx.jabber.org/streams' to='{config['domain']}'>".encode()
+        )
+        time.sleep(0.5)
+        recv_all(tls, 1)
+
+        # ── Resource bind ────────────────────────────────────────────────────
+        tls.sendall(
+            f'<iq type="set" id="b1"><bind xmlns="urn:ietf:params:xml:ns:xmpp-bind">'
+            f'<resource>{config["resource"]}</resource></bind></iq>'.encode()
+        )
+        time.sleep(0.5)
+        bind_resp = recv_all(tls, 2)
+        bind_error = _extract_error_reason(bind_resp)
+        if bind_error:
+            raise RuntimeError(f"Jabber resource bind failed: {bind_error}")
+
+        safe_msg = message.replace("&", "&amp;").replace("<", "&lt;").replace(">", "&gt;")
+        msg_id = f"notify-{int(time.time() * 1000)}"
+
+        if config["to"]:
+            # ── Direct message ───────────────────────────────────────────────
+            tls.sendall(
+                f'<message id="{msg_id}" to="{config["to"]}" type="chat"><body>{safe_msg}</body></message>'.encode()
+            )
+            time.sleep(0.5)
+        else:
+            # ── Join MUC room ────────────────────────────────────────────────
+            tls.sendall(
+                f'<presence to="{config["room"]}/{config["nick"]}"><x xmlns="http://jabber.org/protocol/muc"/></presence>'.encode()
+            )
+            _wait_for_join_confirmation(tls, config["room"], config["nick"], timeout_seconds=20)
+
+            # ── Send MUC message ─────────────────────────────────────────────
+            tls.sendall(
+                f'<message id="{msg_id}" to="{config["room"]}" type="groupchat"><body>{safe_msg}</body></message>'.encode()
+            )
+            _wait_for_message_confirmation(tls, config["room"], msg_id, timeout_seconds=5)
+
+            # ── Leave room ───────────────────────────────────────────────────
+            tls.sendall(f'<presence to="{config["room"]}/{config["nick"]}" type="unavailable"/>'.encode())
+            time.sleep(0.3)
+    finally:
+        if tls is not None:
+            tls.close()
+        elif raw is not None:
+            raw.close()
+
+
+if __name__ == "__main__":
+    if len(sys.argv) < 2:
+        print("Usage: python3 src/scripts/jabber_notify.py '<message>'")
+        sys.exit(1)
+    msg = sys.argv[1]
+    send_to_room(msg)
+    print("Jabber message sent")

package/tools/grayrelease.js

@@ -570,7 +570,7 @@ export async function handleAutoGrayRelease(args, ctx) {
     });
     await notifier.notify(issueKey, '開始自動執行 GrayRelease 流程');
 
-    const result = await executeGrayReleaseFlow(
+    const result = await executeAutoGrayReleaseFlow(
       issueKey,
       {
         maxBuildRetries: args.maxBuildRetries ?? 3,
@@ -655,7 +655,7 @@ export async function handleContinueGrayRelease(args, ctx) {
       currentStatus: status.currentStatus,
     });
 
-    const result = await executeGrayReleaseFlow(
+    const result = await executeAutoGrayReleaseFlow(
       issueKey,
       {
         maxBuildRetries: args.maxBuildRetries ?? 3,
@@ -830,7 +830,7 @@ async function executeGrayReleaseDeployFlow(issueKey, ctx) {
 /**
  * 主執行流程：從當前狀態開始，自動執行到完成或需要人工介入
  */
-async function executeGrayReleaseFlow(issueKey, options, ctx) {
+async function executeAutoGrayReleaseFlow(issueKey, options, ctx) {
   const { jira, notifier } = ctx;
   const log = [];
   let buildAttempts = 0;
@@ -1007,16 +1007,16 @@ async function runGrayReleaseDeployStep(issueKey, systemCode, ctx, log) {
   await notifier.notify(issueKey, '觸發 GrayRelease Deploy');
 
   // 等待部署完成：優先輪詢 deploy result、VERIFY 狀態，
-  // 或「To Verify」transition 是否出現。
-  // 最多等待 3 分鐘（避免 MCP client timeout），
+  // 最多等待 10 分鐘（避免 MCP client timeout），
   // 若超時則回傳「部署中」訊息，請使用者稍後繼續。
-  const DEPLOY_WAIT_MS = Math.min(getPollTimeoutMs(), 3 * 60 * 1000);
-  const DEPLOY_POLL_MS = Math.min(getPollIntervalMs(), 10_000);
+  // 每 3 分鐘 輪詢一次
+  const DEPLOY_WAIT_MS = Math.min(getPollTimeoutMs(), 10 * 60 * 1000);
+  const DEPLOY_POLL_MS = Math.min(getPollIntervalMs(),  3 * 60 * 1000);
   const deployDeadline = Date.now() + DEPLOY_WAIT_MS;
   let deployCompleted = false;
   let attempts = 0;
 
-  log.push('  ⏳ 等待部署完成（最多 3 分鐘）...');
+  log.push('  ⏳ 等待部署完成（最多 10 分鐘）...');
   while (Date.now() <= deployDeadline) {
     attempts++;
     const issue = await jira.getIssue(issueKey);
@@ -1037,10 +1037,10 @@ async function runGrayReleaseDeployStep(issueKey, systemCode, ctx, log) {
       nextPollMs: DEPLOY_POLL_MS,
     });
 
-    if (statusNow === 'VERIFY') {
+    if (statusNow === 'VERIFY' && isPassingResult(deployResult)) {
       // Jira automation 或 Jenkins 已自動切到 VERIFY
       deployCompleted = true;
-      log.push('  ✅ 狀態已進入 VERIFY（自動切換），跳過手動 To Verify');
+      log.push('  ✅ Deploy 完成，狀態已進入 VERIFY（cid jira worker 自動切換），進入驗證階段');
       break;
     }
 
@@ -1071,8 +1071,9 @@ async function runGrayReleaseDeployStep(issueKey, systemCode, ctx, log) {
     await sleep(DEPLOY_POLL_MS);
   }
 
+
   if (!deployCompleted) {
-    log.push('  ⚠️ 3 分鐘內未看到部署結果，部署可能仍在進行中');
+    log.push('  ⚠️ 10 分鐘內未看到部署結果，部署可能仍在進行中');
     log.push('  請稍後使用 get_grayrelease_status 或 deploy_grayrelease 繼續');
     await notifier.notify(issueKey, '部署仍在進行中，請稍後查詢狀態');
     return false;
@@ -1246,8 +1247,7 @@ async function handleGrayReleaseApproval(issueKey, environment, systemCode, ctx)
 
 /**
  * 判斷是否需要執行 Switch Execution Node
- * 規則：查詢同系統上次 CD 部署的環境群組，若與本次不同則需切換
- * 注意：不查詢 GrayRelease 歷史，因為 GrayRelease 永遠是 nonPrd
+ * 規則：查詢同系統上次 CD or GrayRelease 部署的環境群組，若與本次不同則需切換
  */
 async function needSwitchExecutionNode(issueKey, systemCode, jira) {
   if (await hasRecentSwitchExecutionNodeComment(issueKey, systemCode, jira)) {
@@ -1260,12 +1260,13 @@ async function needSwitchExecutionNode(issueKey, systemCode, jira) {
   // 只查詢 CD 單的部署歷史（不包含 GrayRelease）
   const isPrdEnv = (env) => ['prd', 'dr', 'prd/dr', 'prd&dr'].includes(env?.toLowerCase()?.trim());
 
-  const jql_cd = `project = CID AND issuetype = CD AND "System Code[Select List (single choice)]" = "${systemCode}" AND status = Done AND issueKey != "${issueKey}" ORDER BY updated DESC`;
+  const jql_cd = `project = CID AND (issuetype = CD OR issuetype = GrayRelease) AND text ~ "${systemCode}" AND status = Done AND issueKey != "${issueKey}" ORDER BY updated DESC`;
 
   try {
     const cdResults = await jira.searchIssues(jql_cd, ['customfield_13436', 'updated'], 1);
     const cdIssue = cdResults[0] ?? null;
 
+
     // 查不到歷史 → 保守執行 Switch
     if (!cdIssue) {
       return true;
@@ -1311,7 +1312,7 @@ async function hasRecentSwitchExecutionNodeComment(issueKey, systemCode, jira) {
     const lowerSystemCode = String(systemCode ?? '').toLowerCase();
     return comments.some((comment) => {
       const body = String(comment.body ?? '').toLowerCase();
-      const author = String(comment.author?.displayName ?? comment.author?.name ?? '').toLowerCase();
+      const author = String(comment.author?.displayName ?? '').toLowerCase();
       return author === 'cid jira worker'
         && body.includes('instance_group')
         && body.includes('nonprd_executionnode')

package/tools/index.js

@@ -727,8 +727,8 @@ export async function executeTool(name, args, deps) {
 
       // 查詢同系統最近一筆已完成的部署（CD 或 GrayRelease），回傳 'prd' | 'nonPrd' | null
       const getLastDeployEnvGroup = async (systemCode, excludeKey) => {
-        const jql_cd = `project = CID AND issuetype = CD AND "System Code[Select List (single choice)]" = "${systemCode}" AND status = Done AND issueKey != "${excludeKey}" ORDER BY updated DESC`;
-        const jql_gr = `project = CID AND issuetype = GrayRelease AND "System Code[Select List (single choice)]" = "${systemCode}" AND status = Done ORDER BY updated DESC`;
+        const jql_cd = `project = CID AND issuetype = CD AND text ~ "${systemCode}" AND status = Done AND issueKey != "${excludeKey}" ORDER BY updated DESC`;
+        const jql_gr = `project = CID AND issuetype = GrayRelease AND text ~ "${systemCode}" AND status = Done ORDER BY updated DESC`;
 
         const [cdResults, grResults] = await Promise.all([
           jira.searchIssues(jql_cd, ['customfield_13436', 'updated'], 1).catch(() => []),

package/tools.test.js

@@ -1666,7 +1666,7 @@ describe('auto_grayrelease — approval payload handling', () => {
       assert.ok(!result.content[0].text.startsWith('❌'), 'STG approval should continue');
       const data = JSON.parse(result.content[0].text);
       assert.equal(data.finalStatus, 'VERIFY');
-      assert.deepEqual(jira.calls.updateAssignee, [{ issueKey: 'CID-100', accountId: 'BK00619' }]);
+      assert.deepEqual(jira.calls.updateAssignee, [{ issueKey: 'CID-100', accountId: 'BK00325' }]);
     } finally {
       await new Promise((resolve, reject) => {
         server.close((err) => (err ? reject(err) : resolve()));
@@ -1683,7 +1683,7 @@ describe('auto_grayrelease — approval payload handling', () => {
       process.env.POLL_TIMEOUT_MS = '10';
 
       const jira = makeApprovalJira('uat', {
-        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00619', displayName: 'James Yu' } }],
+        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00325', displayName: 'James Yu' } }],
       });
       const result = await executeTool(
         'auto_grayrelease',
@@ -1695,8 +1695,8 @@ describe('auto_grayrelease — approval payload handling', () => {
       const data = JSON.parse(result.content[0].text);
       assert.equal(data.finalStatus, 'VERIFY');
       assert.deepEqual(jira.calls.updateAssignee, [
-        { issueKey: 'CID-101', accountId: 'BK00619' },
-        { issueKey: 'CID-101', accountId: 'BK00619' },
+        { issueKey: 'CID-101', accountId: 'BK00325' },
+        { issueKey: 'CID-101', accountId: 'BK00325' },
       ]);
     } finally {
       restoreEnv();
@@ -1711,7 +1711,7 @@ describe('auto_grayrelease — approval payload handling', () => {
       process.env.POLL_TIMEOUT_MS = '10';
 
       const jira = makeApprovalJira('uat', {
-        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00619', displayName: 'James Yu' } }],
+        comments: [{ body: 'Approved, please proceed', author: { name: 'BK00325', displayName: 'James Yu' } }],
       });
       const result = await executeTool(
         'auto_grayrelease',