create-qa-architect 5.12.1 → 5.13.2

package/scripts/deploy-consumers.sh

@@ -0,0 +1,369 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# deploy-consumers.sh — Auto-discover and update ALL consumer repos with staged rollout
+#
+# Usage:
+#   ./scripts/deploy-consumers.sh                      # Dry run (validate only)
+#   ./scripts/deploy-consumers.sh --canary-only --push # Deploy ONLY to canary, wait for CI
+#   ./scripts/deploy-consumers.sh --push               # Full rollout: canary first, then rest
+#   ./scripts/deploy-consumers.sh --skip-canary --push # Emergency: bypass canary (use with caution)
+#
+# Staged Rollout Process:
+#   1. Deploy to canary repo (buildproven) first
+#   2. Wait for CI to complete on canary (up to 10 minutes)
+#   3. If CI passes, deploy to remaining repos
+#   4. If CI fails, abort rollout (prevents cascading failures)
+#
+# Auto-discovers repos by scanning ~/Projects for .github/workflows/quality.yml
+# files that contain the WORKFLOW_MODE marker from qa-architect.
+
+PROJECTS_DIR="$HOME/Projects"
+QA_ARCHITECT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+CANARY_REPO="buildproven"
+PUSH=false
+TIER="minimal"
+VERBOSE=false
+CANARY_ONLY=false
+SKIP_CANARY=false
+CI_TIMEOUT=600  # 10 minutes in seconds
+CI_POLL_INTERVAL=15  # Check every 15 seconds
+
+# Parse args
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --push) PUSH=true; shift ;;
+    --tier) TIER="$2"; shift 2 ;;
+    --verbose) VERBOSE=true; shift ;;
+    --canary-only) CANARY_ONLY=true; shift ;;
+    --skip-canary) SKIP_CANARY=true; shift ;;
+    --help|-h)
+      cat <<EOF
+Usage: deploy-consumers.sh [OPTIONS]
+
+OPTIONS:
+  --push            Commit and push changes (default: dry run)
+  --canary-only     Deploy ONLY to canary repo, wait for CI green
+  --skip-canary     Skip canary validation (emergency use only)
+  --tier <tier>     Workflow tier to apply (default: minimal)
+  --verbose         Show detailed output
+  --help, -h        Show this help
+
+STAGED ROLLOUT:
+  Default behavior (--push):
+    1. Deploy to canary (buildproven)
+    2. Wait for CI to pass (up to 10 minutes)
+    3. Deploy to remaining repos
+
+  Canary-only mode (--canary-only --push):
+    Deploy to canary only, validate CI passes
+
+  Skip canary (--skip-canary --push):
+    Deploy to all repos simultaneously (emergency only)
+
+EXAMPLES:
+  # Dry run (no changes)
+  ./scripts/deploy-consumers.sh
+
+  # Canary validation
+  ./scripts/deploy-consumers.sh --canary-only --push
+
+  # Full rollout (staged)
+  ./scripts/deploy-consumers.sh --push
+
+  # Emergency bypass (use with caution)
+  ./scripts/deploy-consumers.sh --skip-canary --push
+EOF
+      exit 0
+      ;;
+    *) echo "Unknown option: $1"; exit 1 ;;
+  esac
+done
+
+echo "=== QA Architect Consumer Deployment ==="
+echo "Mode: $([ "$PUSH" = true ] && echo "PUSH (will commit + push)" || echo "DRY RUN (validate only)")"
+echo "Tier: $TIER"
+echo "Canary repo: $CANARY_REPO"
+if [ "$CANARY_ONLY" = true ]; then
+  echo "⚠️  CANARY-ONLY mode: will deploy to $CANARY_REPO only"
+elif [ "$SKIP_CANARY" = true ]; then
+  echo "⚠️  SKIP-CANARY mode: bypassing canary validation (emergency use)"
+else
+  echo "Staged rollout: canary first, then remaining repos"
+fi
+echo ""
+
+# Discover consumer repos: any repo with quality.yml containing WORKFLOW_MODE marker
+# Excludes qa-architect itself
+CONSUMERS=()
+CANARY_DIR=""
+for workflow in "$PROJECTS_DIR"/*/".github/workflows/quality.yml"; do
+  [ -f "$workflow" ] || continue
+  repo_dir="$(dirname "$(dirname "$(dirname "$workflow")")")"
+  repo_name="$(basename "$repo_dir")"
+
+  # Skip qa-architect itself (compare basenames to avoid case/symlink issues)
+  [ "$(basename "$repo_dir")" = "$(basename "$QA_ARCHITECT_DIR")" ] && continue
+
+  # Check for WORKFLOW_MODE marker (proves it was generated by qa-architect)
+  if grep -q "WORKFLOW_MODE:" "$workflow" 2>/dev/null; then
+    if [ "$repo_name" = "$CANARY_REPO" ]; then
+      CANARY_DIR="$repo_dir"
+    else
+      CONSUMERS+=("$repo_dir")
+    fi
+  fi
+done
+
+# Ensure canary was found
+if [ -z "$CANARY_DIR" ]; then
+  echo "❌ ERROR: Canary repo '$CANARY_REPO' not found or doesn't have WORKFLOW_MODE marker"
+  exit 1
+fi
+
+# In canary-only mode, only process canary
+if [ "$CANARY_ONLY" = true ]; then
+  echo "Canary-only mode: processing $CANARY_REPO only"
+  CONSUMERS=()
+else
+  echo "Discovered canary repo: $CANARY_REPO"
+  echo "Discovered ${#CONSUMERS[@]} additional consumer repos:"
+  for dir in "${CONSUMERS[@]}"; do
+    echo "  - $(basename "$dir")"
+  done
+fi
+echo ""
+
+# Function to wait for CI to complete on a repo
+# Args: $1 = repo_dir, $2 = repo_name
+wait_for_ci() {
+  local repo_dir="$1"
+  local repo_name="$2"
+
+  echo "  Waiting for CI to complete on $repo_name..."
+
+  # Check if gh CLI is installed
+  if ! command -v gh &>/dev/null; then
+    echo "  ⚠️  WARNING: gh CLI not installed, cannot check CI status"
+    echo "  Install with: brew install gh"
+    echo "  Proceeding without CI validation..."
+    return 0
+  fi
+
+  # Get the repo owner/name for gh CLI
+  local remote_url
+  remote_url=$(cd "$repo_dir" && git remote get-url origin 2>/dev/null || echo "")
+  if [ -z "$remote_url" ]; then
+    echo "  ⚠️  WARNING: No git remote found, cannot check CI status"
+    return 0
+  fi
+
+  # Extract owner/repo from URL (handles both HTTPS and SSH)
+  local repo_slug
+  repo_slug=$(echo "$remote_url" | sed -E 's|^.*[:/]([^/]+/[^/]+)(\.git)?$|\1|')
+
+  # Get the current branch
+  local branch
+  branch=$(cd "$repo_dir" && git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "main")
+
+  echo "  Checking CI status for $repo_slug on branch $branch..."
+
+  local elapsed=0
+  local status=""
+
+  while [ $elapsed -lt $CI_TIMEOUT ]; do
+    # Get latest workflow run status for quality.yml on this branch
+    status=$(gh run list --repo "$repo_slug" --workflow quality.yml --branch "$branch" --limit 1 --json status,conclusion --jq '.[0].status + ":" + (.[0].conclusion // "")' 2>/dev/null || echo "")
+
+    if [ -z "$status" ]; then
+      echo "  ⚠️  No CI runs found yet (elapsed: ${elapsed}s)"
+    elif [[ "$status" == "completed:success" ]]; then
+      echo "  ✅ CI PASSED on $repo_name (elapsed: ${elapsed}s)"
+      return 0
+    elif [[ "$status" == "completed:failure" ]] || [[ "$status" == "completed:cancelled" ]]; then
+      echo "  ❌ CI FAILED on $repo_name (status: $status)"
+      return 1
+    else
+      echo "  ⏳ CI in progress on $repo_name (status: $status, elapsed: ${elapsed}s)"
+    fi
+
+    sleep $CI_POLL_INTERVAL
+    elapsed=$((elapsed + CI_POLL_INTERVAL))
+  done
+
+  echo "  ⏰ TIMEOUT: CI did not complete within ${CI_TIMEOUT}s"
+  return 1
+}
+
+# Function to deploy to a single repo
+# Args: $1 = repo_dir, $2 = is_canary (true/false)
+deploy_to_repo() {
+  local repo_dir="$1"
+  local is_canary="${2:-false}"
+  local repo_name="$(basename "$repo_dir")"
+
+  echo "--- $repo_name $([ "$is_canary" = true ] && echo "(CANARY)" || echo "") ---"
+
+  # Check if repo has package.json (needed for npx)
+  if [ ! -f "$repo_dir/package.json" ]; then
+    echo "  SKIP: No package.json"
+    return 2  # Return code 2 = skipped
+  fi
+
+  # Detect the existing tier from the workflow
+  local existing_tier="$TIER"
+  if grep -q "WORKFLOW_MODE: standard" "$repo_dir/.github/workflows/quality.yml" 2>/dev/null; then
+    existing_tier="standard"
+  elif grep -q "WORKFLOW_MODE: comprehensive" "$repo_dir/.github/workflows/quality.yml" 2>/dev/null; then
+    existing_tier="comprehensive"
+  elif grep -q "WORKFLOW_MODE: minimal" "$repo_dir/.github/workflows/quality.yml" 2>/dev/null; then
+    existing_tier="minimal"
+  fi
+
+  # Regenerate workflow (must cd to consumer dir — setup.js uses process.cwd())
+  echo "  Regenerating workflow (tier: $existing_tier)..."
+  if (cd "$repo_dir" && QAA_DEVELOPER=true node "$QA_ARCHITECT_DIR/setup.js" --update "--workflow-${existing_tier}" \
+    2>&1 | { [ "$VERBOSE" = true ] && cat || tail -1; }); then
+    :
+  else
+    echo "  FAIL: Workflow generation failed"
+    return 1
+  fi
+
+  local workflow_file="$repo_dir/.github/workflows/quality.yml"
+
+  # Validate: no node_modules/create-qa-architect references
+  if grep -q "node_modules/create-qa-architect" "$workflow_file"; then
+    echo "  FAIL: Contains node_modules/create-qa-architect references"
+    return 1
+  fi
+
+  # Validate: no section markers leaked
+  if grep -qE '\{\{(QA_ARCHITECT_ONLY|FULL_DETECTION|FULL_REPORT)_(BEGIN|END)\}\}' "$workflow_file"; then
+    echo "  FAIL: Contains section markers"
+    return 1
+  fi
+
+  # Validate: valid YAML (requires node + js-yaml)
+  if ! node -e "require('$QA_ARCHITECT_DIR/node_modules/js-yaml').load(require('fs').readFileSync('$workflow_file','utf8'))" 2>/dev/null; then
+    echo "  FAIL: Invalid YAML"
+    return 1
+  fi
+
+  # Remove stale devDep if present
+  if grep -q '"create-qa-architect"' "$repo_dir/package.json" 2>/dev/null; then
+    echo "  Removing stale create-qa-architect devDependency..."
+    if [ "$PUSH" = true ]; then
+      (cd "$repo_dir" && npm uninstall create-qa-architect 2>/dev/null || true)
+    else
+      echo "  (dry run - would remove devDep)"
+    fi
+  fi
+
+  echo "  PASS: Validated"
+
+  # Commit and push if --push
+  if [ "$PUSH" = true ]; then
+    (
+      cd "$repo_dir"
+      if git diff --quiet .github/workflows/quality.yml package.json 2>/dev/null; then
+        echo "  No changes to commit"
+      else
+        git add .github/workflows/quality.yml package.json package-lock.json 2>/dev/null || true
+        git commit -m "chore: regenerate qa-architect workflow (${existing_tier} tier)
+
+Staged rollout: $([ "$is_canary" = true ] && echo "canary deployment" || echo "validated via canary")
+Fixes node_modules/create-qa-architect fallback paths.
+Consumers use npx create-qa-architect@latest instead of devDep." 2>/dev/null || true
+        git push 2>/dev/null && echo "  Pushed" || echo "  Push failed (check remote)"
+      fi
+    )
+  fi
+
+  echo ""
+  return 0
+}
+
+# Validation counters
+PASS=0
+FAIL=0
+SKIPPED=0
+
+# STAGE 1: Deploy to canary (unless --skip-canary)
+if [ "$SKIP_CANARY" = false ]; then
+  echo "=== STAGE 1: Canary Deployment ==="
+  echo ""
+
+  if deploy_to_repo "$CANARY_DIR" true; then
+    PASS=$((PASS + 1))
+
+    # Wait for CI if in push mode
+    if [ "$PUSH" = true ]; then
+      if ! wait_for_ci "$CANARY_DIR" "$CANARY_REPO"; then
+        echo ""
+        echo "❌ ROLLOUT ABORTED: Canary CI failed or timed out"
+        echo "   Fix the issue on $CANARY_REPO before rolling out to other repos"
+        exit 1
+      fi
+    fi
+  else
+    ret=$?
+    if [ $ret -eq 2 ]; then
+      SKIPPED=$((SKIPPED + 1))
+    else
+      FAIL=$((FAIL + 1))
+      echo ""
+      echo "❌ ROLLOUT ABORTED: Canary deployment failed"
+      exit 1
+    fi
+  fi
+
+  echo ""
+  echo "✅ Canary deployment successful"
+  echo ""
+fi
+
+# Exit early if canary-only mode
+if [ "$CANARY_ONLY" = true ]; then
+  echo "=== Summary (Canary-Only) ==="
+  echo "  Pass: $PASS"
+  echo "  Fail: $FAIL"
+  echo "  Skipped: $SKIPPED"
+  echo ""
+  echo "✅ Canary deployment complete. Review CI results before full rollout."
+  exit 0
+fi
+
+# STAGE 2: Deploy to remaining repos
+if [ ${#CONSUMERS[@]} -gt 0 ]; then
+  echo "=== STAGE 2: Remaining Repos Deployment ==="
+  echo ""
+
+  for repo_dir in "${CONSUMERS[@]}"; do
+    if deploy_to_repo "$repo_dir" false; then
+      PASS=$((PASS + 1))
+    else
+      ret=$?
+      if [ $ret -eq 2 ]; then
+        SKIPPED=$((SKIPPED + 1))
+      else
+        FAIL=$((FAIL + 1))
+      fi
+    fi
+  done
+fi
+
+echo "=== Summary ==="
+echo "  Pass: $PASS"
+echo "  Fail: $FAIL"
+echo "  Skipped: $SKIPPED"
+echo "  Total: $((${#CONSUMERS[@]} + 1))"  # +1 for canary
+
+if [ "$FAIL" -gt 0 ]; then
+  echo ""
+  echo "⚠️  Some repos failed validation. Review output above."
+  exit 1
+fi
+
+echo ""
+echo "✅ Deployment complete!"