superset-showtime 0.6.3__py3-none-any.whl → 0.6.6__py3-none-any.whl

showtime/core/pull_request.py

@@ -4,14 +4,13 @@
 Handles atomic transactions, trigger processing, and environment orchestration.
 """
 
-import os
 from dataclasses import dataclass
-from datetime import datetime
 from typing import Any, List, Optional
 
 from .aws import AWSInterface
 from .github import GitHubInterface
 from .show import Show, short_sha
+from .sync_state import ActionNeeded, AuthStatus, BlockedReason, SyncState
 
 # Lazy singletons to avoid import-time failures
 _github = None
@@ -127,7 +126,7 @@ class PullRequest:
         # Create Show objects for each SHA
         shows = []
         for sha in shas:
-            show = Show.from_circus_labels(self.pr_number, self.labels, sha)
+            show = Show.from_circus_labels(self.pr_number, list(self.labels), sha)
             if show:
                 shows.append(show)
 
@@ -213,19 +212,27 @@ class PullRequest:
         active_pointer = f"{active_prefix}{show.sha}"  # "🎪 🎯 abc123f"
         self.add_label(active_pointer)
 
-    def _check_authorization(self) -> bool:
-        """Check if current GitHub actor is authorized for operations"""
-        import os
+    def _check_authorization(self) -> tuple[bool, dict]:
+        """Check if current GitHub actor is authorized for operations
 
+        Returns:
+            tuple: (is_authorized, debug_info_dict)
+        """
         import httpx
 
+        # Get actor info using centralized function
+        actor_info = GitHubInterface.get_actor_debug_info()
+        debug_info = {**actor_info, "permission": "unknown", "auth_status": "unknown"}
+
         # Only check in GitHub Actions context
-        if os.getenv("GITHUB_ACTIONS") != "true":
-            return True
+        if not debug_info["is_github_actions"]:
+            debug_info["auth_status"] = "skipped_not_actions"
+            return True, debug_info
 
-        actor = os.getenv("GITHUB_ACTOR")
-        if not actor:
-            return True  # No actor info, allow operation
+        actor = debug_info["actor"]
+        if not actor or actor == "unknown":
+            debug_info["auth_status"] = "allowed_no_actor"
+            return True, debug_info
 
         try:
             # Use existing GitHubInterface for consistency
@@ -237,58 +244,202 @@ class PullRequest:
             with httpx.Client() as client:
                 response = client.get(perm_url, headers=github.headers)
                 if response.status_code == 404:
-                    return False  # Not a collaborator
+                    debug_info["permission"] = "not_collaborator"
+                    debug_info["auth_status"] = "denied_404"
+                    return False, debug_info
+
                 response.raise_for_status()
 
                 data = response.json()
                 permission = data.get("permission", "none")
+                debug_info["permission"] = permission
 
                 # Allow write and admin permissions only
                 authorized = permission in ["write", "admin"]
 
                 if not authorized:
+                    debug_info["auth_status"] = "denied_insufficient_perms"
                     print(f"🚨 Unauthorized actor {actor} (permission: {permission})")
                     # Set blocked label for security
                     self.add_label("🎪 🔒 showtime-blocked")
+                else:
+                    debug_info["auth_status"] = "authorized"
 
-                return authorized
+                return authorized, debug_info
 
         except Exception as e:
+            debug_info["auth_status"] = f"error_{type(e).__name__}"
+            debug_info["error"] = str(e)
             print(f"⚠️ Authorization check failed: {e}")
-            return True  # Fail open for non-security operations
+            return True, debug_info  # Fail open for non-security operations
 
-    def analyze(self, target_sha: str, pr_state: str = "open") -> AnalysisResult:
-        """Analyze what actions are needed (read-only, for --check-only)
+    def analyze(self, target_sha: str, pr_state: str = "open") -> SyncState:
+        """Analyze what actions are needed with comprehensive debugging info
 
         Args:
             target_sha: Target commit SHA to analyze
             pr_state: PR state (open/closed)
 
         Returns:
-            AnalysisResult with action plan and flags
+            SyncState with complete analysis and debug info
         """
+        import os
+
         # Handle closed PRs
         if pr_state == "closed":
-            return AnalysisResult(
-                action_needed="cleanup", build_needed=False, sync_needed=True, target_sha=target_sha
+            return SyncState(
+                action_needed=ActionNeeded.DESTROY_ENVIRONMENT,
+                build_needed=False,
+                sync_needed=True,
+                target_sha=target_sha,
+                github_actor=GitHubInterface.get_current_actor(),
+                is_github_actions=os.getenv("GITHUB_ACTIONS") == "true",
+                permission_level="cleanup",
+                auth_status=AuthStatus.SKIPPED_NOT_ACTIONS,
+                action_reason="pr_closed",
             )
 
-        # Determine action needed
-        action_needed = self._determine_action(target_sha)
+        # Get fresh labels
+        self.refresh_labels()
 
-        # Determine if Docker build is needed
-        build_needed = action_needed in ["create_environment", "rolling_update", "auto_sync"]
+        # Initialize state tracking
+        target_sha_short = target_sha[:7]
+        target_show = self.get_show_by_sha(target_sha_short)
+        trigger_labels = [label for label in self.labels if "showtime-trigger-" in label]
 
-        # Determine if sync execution is needed
-        sync_needed = action_needed not in ["no_action", "blocked"]
+        # Check for existing blocked label
+        blocked_reason = BlockedReason.NOT_BLOCKED
+        if "🎪 🔒 showtime-blocked" in self.labels:
+            blocked_reason = BlockedReason.EXISTING_BLOCKED_LABEL
+
+        # Check authorization
+        is_authorized, auth_debug = self._check_authorization()
+        if not is_authorized and blocked_reason == BlockedReason.NOT_BLOCKED:
+            blocked_reason = BlockedReason.AUTHORIZATION_FAILED
 
-        return AnalysisResult(
+        # Determine action needed
+        action_needed_str = (
+            "blocked"
+            if blocked_reason != BlockedReason.NOT_BLOCKED
+            else self._evaluate_action_logic(target_sha_short, target_show, trigger_labels)
+        )
+
+        # Map string to enum
+        action_map = {
+            "no_action": ActionNeeded.NO_ACTION,
+            "create_environment": ActionNeeded.CREATE_ENVIRONMENT,
+            "rolling_update": ActionNeeded.ROLLING_UPDATE,
+            "auto_sync": ActionNeeded.AUTO_SYNC,
+            "destroy_environment": ActionNeeded.DESTROY_ENVIRONMENT,
+            "blocked": ActionNeeded.BLOCKED,
+        }
+        action_needed = action_map.get(action_needed_str, ActionNeeded.NO_ACTION)
+
+        # Build sync state
+        return SyncState(
             action_needed=action_needed,
-            build_needed=build_needed,
-            sync_needed=sync_needed,
+            build_needed=action_needed
+            in [
+                ActionNeeded.CREATE_ENVIRONMENT,
+                ActionNeeded.ROLLING_UPDATE,
+                ActionNeeded.AUTO_SYNC,
+            ],
+            sync_needed=action_needed not in [ActionNeeded.NO_ACTION, ActionNeeded.BLOCKED],
             target_sha=target_sha,
+            github_actor=auth_debug.get("actor", "unknown"),
+            is_github_actions=auth_debug.get("is_github_actions", False),
+            permission_level=auth_debug.get("permission", "unknown"),
+            auth_status=self._parse_auth_status(auth_debug.get("auth_status", "unknown")),
+            blocked_reason=blocked_reason,
+            trigger_labels=trigger_labels,
+            target_show_status=target_show.status if target_show else None,
+            has_previous_shows=len(self.shows) > 0,
+            action_reason=self._get_action_reason(action_needed_str, target_show, trigger_labels),
+            auth_error=auth_debug.get("error"),
         )
 
+    def _evaluate_action_logic(
+        self, target_sha_short: str, target_show: Optional[Show], trigger_labels: List[str]
+    ) -> str:
+        """Pure logic for evaluating what action is needed (no side effects, for testability)"""
+        if trigger_labels:
+            for trigger in trigger_labels:
+                if "showtime-trigger-start" in trigger:
+                    if not target_show or target_show.status == "failed":
+                        return "create_environment"  # New SHA or failed SHA
+                    elif target_show.status in ["building", "built", "deploying"]:
+                        return "no_action"  # Target SHA already in progress
+                    elif target_show.status == "running":
+                        return "create_environment"  # Force rebuild with trigger
+                    else:
+                        return "create_environment"  # Default for unknown states
+                elif "showtime-trigger-stop" in trigger:
+                    return "destroy_environment"
+
+        # No explicit triggers - only auto-create if there's ANY previous environment
+        if not target_show:
+            # Target SHA doesn't exist - only create if there's any previous environment
+            if self.shows:  # Any previous environment exists
+                return "create_environment"
+            else:
+                # No previous environments - don't auto-create without explicit trigger
+                return "no_action"
+        elif target_show.status == "failed":
+            # Target SHA failed - rebuild it
+            return "create_environment"
+        elif target_show.status in ["building", "built", "deploying"]:
+            # Target SHA in progress - wait
+            return "no_action"
+        elif target_show.status == "running":
+            # Target SHA already running - no action needed
+            return "no_action"
+
+        return "no_action"
+
+    def _get_action_reason(
+        self, action_needed: str, target_show: Optional[Show], trigger_labels: List[str]
+    ) -> str:
+        """Get human-readable reason for the action"""
+        if action_needed == "blocked":
+            return "operation_blocked"
+        elif trigger_labels:
+            if any("trigger-start" in label for label in trigger_labels):
+                if not target_show:
+                    return "explicit_start_new_sha"
+                elif target_show.status == "failed":
+                    return "explicit_start_failed_sha"
+                elif target_show.status == "running":
+                    return "explicit_start_force_rebuild"
+                else:
+                    return "explicit_start_trigger"
+            elif any("trigger-stop" in label for label in trigger_labels):
+                return "explicit_stop_trigger"
+        elif action_needed == "create_environment":
+            if not target_show:
+                return "auto_sync_new_commit"
+            elif target_show.status == "failed":
+                return "auto_rebuild_failed"
+            else:
+                return "create_environment"
+        elif action_needed == "no_action":
+            if target_show and target_show.status == "running":
+                return "already_running"
+            elif target_show and target_show.status in ["building", "deploying"]:
+                return "in_progress"
+            else:
+                return "no_previous_environments"
+        return action_needed
+
+    def _parse_auth_status(self, auth_status_str: str) -> AuthStatus:
+        """Parse auth status string to enum, handling errors gracefully"""
+        try:
+            return AuthStatus(auth_status_str)
+        except ValueError:
+            # Handle error cases that include exception type (e.g., "error_UnsupportedProtocol")
+            if auth_status_str.startswith("error_"):
+                return AuthStatus.ERROR
+            return AuthStatus.ERROR
+
     def sync(
         self,
         target_sha: str,
@@ -411,16 +562,25 @@ class PullRequest:
                 return SyncResult(success=True, action_taken=action_needed, show=new_show)
 
             elif action_needed == "destroy_environment":
+                # Stop the current environment if it exists
                 if self.current_show:
                     print(f"🗑️ Destroying environment {self.current_show.sha}...")
-                    self.current_show.stop(dry_run_github=dry_run_github, dry_run_aws=dry_run_aws)
-                    print("☁️ AWS resources deleted")
+                    success = self.current_show.stop(
+                        dry_run_github=dry_run_github, dry_run_aws=dry_run_aws
+                    )
+                    if success:
+                        print("☁️ AWS resources deleted")
+                    else:
+                        print("⚠️ AWS resource deletion may have failed")
                     self._post_cleanup_comment(self.current_show, dry_run_github)
-                    # Remove all circus labels after successful stop
-                    if not dry_run_github:
-                        self.remove_showtime_labels()
-                        print("🏷️ GitHub labels cleaned up")
-                    print("✅ Environment destroyed")
+                else:
+                    print("🗑️ No current environment to destroy")
+
+                # ALWAYS remove all circus labels for stop trigger, regardless of current_show
+                if not dry_run_github:
+                    self.remove_showtime_labels()
+                    print("🏷️ GitHub labels cleaned up")
+                print("✅ Environment destroyed")
                 return SyncResult(success=True, action_taken="destroy_environment")
 
             else:
@@ -441,16 +601,22 @@ class PullRequest:
 
     def stop_environment(self, **kwargs: Any) -> SyncResult:
         """Stop current environment (CLI stop command logic)"""
-        if not self.current_show:
-            return SyncResult(
-                success=True, action_taken="no_environment", error="No environment to stop"
-            )
-
         try:
-            self.current_show.stop(**kwargs)
-            # Remove all circus labels after successful stop
+            # Stop the current environment if it exists
+            if self.current_show:
+                success = self.current_show.stop(**kwargs)
+                if success:
+                    print("☁️ AWS resources deleted")
+                else:
+                    print("⚠️ AWS resource deletion may have failed")
+                    return SyncResult(success=False, action_taken="stop_environment")
+            else:
+                print("🗑️ No current environment to destroy")
+
+            # ALWAYS remove all circus labels for stop command, regardless of current_show
             if not kwargs.get("dry_run_github", False):
                 self.remove_showtime_labels()
+                print("🏷️ GitHub labels cleaned up")
             return SyncResult(success=True, action_taken="stopped")
         except Exception as e:
             return SyncResult(success=False, action_taken="stop_failed", error=str(e))
@@ -505,6 +671,7 @@ class PullRequest:
                         "ttl": show.ttl,
                         "requested_by": show.requested_by,
                         "created_at": show.created_at,
+                        "age": show.age_display(),  # Add age display
                         "aws_service_name": show.aws_service_name,
                         "show_type": show_type,  # New field for display
                     },
@@ -514,7 +681,7 @@ class PullRequest:
         return all_environments
 
     def _determine_action(self, target_sha: str) -> str:
-        """Determine what sync action is needed based on target SHA state"""
+        """Determine what sync action is needed (includes all checks and refreshes labels)"""
         # CRITICAL: Get fresh labels before any decisions
         self.refresh_labels()
 
@@ -523,7 +690,8 @@ class PullRequest:
             return "blocked"
 
         # Check authorization (security layer)
-        if not self._check_authorization():
+        is_authorized, _ = self._check_authorization()
+        if not is_authorized:
             return "blocked"
 
         target_sha_short = target_sha[:7]  # Ensure we're working with short SHA
@@ -620,13 +788,16 @@ class PullRequest:
 
     def _create_new_show(self, target_sha: str) -> Show:
         """Create a new Show object for the target SHA"""
+        from .constants import DEFAULT_TTL
+        from .date_utils import format_utc_now
+
         return Show(
             pr_number=self.pr_number,
             sha=short_sha(target_sha),
             status="building",
-            created_at=datetime.utcnow().strftime("%Y-%m-%dT%H-%M"),
-            ttl="24h",
-            requested_by=os.getenv("GITHUB_ACTOR", "unknown"),
+            created_at=format_utc_now(),
+            ttl=DEFAULT_TTL,
+            requested_by=GitHubInterface.get_current_actor(),
         )
 
     def _post_building_comment(self, show: Show, dry_run: bool = False) -> None:
@@ -699,6 +870,48 @@ class PullRequest:
 
         return False  # Not expired
 
+    def cleanup_orphaned_shows(self, max_age_hours: int, dry_run: bool = False) -> int:
+        """Clean up orphaned shows (environments without pointer labels)
+
+        Args:
+            max_age_hours: Maximum age in hours before considering orphaned environment for cleanup
+            dry_run: If True, just check don't actually stop
+
+        Returns:
+            Number of orphaned environments cleaned up
+        """
+        cleaned_count = 0
+
+        # Find orphaned shows (shows without active or building pointers)
+        orphaned_shows = []
+        for show in self.shows:
+            has_pointer = any(
+                label in self.labels for label in [f"🎪 🎯 {show.sha}", f"🎪 🏗️ {show.sha}"]
+            )
+            if not has_pointer and show.is_expired(max_age_hours):
+                orphaned_shows.append(show)
+
+        # Clean up each orphaned show
+        for show in orphaned_shows:
+            if dry_run:
+                print(
+                    f"🎪 [DRY-RUN] Would clean orphaned environment: PR #{self.pr_number} SHA {show.sha}"
+                )
+                cleaned_count += 1
+            else:
+                print(f"🧹 Cleaning orphaned environment: PR #{self.pr_number} SHA {show.sha}")
+                # Stop the specific show (AWS resources)
+                success = show.stop(dry_run_github=False, dry_run_aws=False)
+                if success:
+                    # Also clean up GitHub labels for this specific show
+                    self.remove_sha_labels(show.sha)
+                    cleaned_count += 1
+                    print(f"✅ Cleaned orphaned environment: {show.sha}")
+                else:
+                    print(f"⚠️ Failed to clean orphaned environment: {show.sha}")
+
+        return cleaned_count
+
     @classmethod
     def find_all_with_environments(cls) -> List[int]:
         """Find all PR numbers that have active environments"""
@@ -721,9 +934,11 @@ class PullRequest:
 
         # For running environments, ensure only ONE active pointer exists
         if show.status == "running":
-            # Remove ALL existing active pointers (there should only be one)
+            # Remove ALL existing active pointers EXCEPT for this SHA's pointer
             existing_active_pointers = [
-                label for label in self.labels if label.startswith("🎪 🎯 ")
+                label
+                for label in self.labels
+                if label.startswith("🎪 🎯 ") and label != f"🎪 🎯 {show.sha}"
             ]
             for old_pointer in existing_active_pointers:
                 print(f"🎯 Removing old active pointer: {old_pointer}")

showtime/core/service_name.py

@@ -0,0 +1,104 @@
+"""Service name parsing and generation utilities."""
+
+import re
+from dataclasses import dataclass
+from typing import Optional
+
+
+@dataclass
+class ServiceName:
+    """
+    Handles ECS service name parsing and generation.
+
+    Service names follow the pattern: pr-{pr_number}-{sha}-service
+    Where sha can be either full or short (7 chars).
+
+    Examples:
+        pr-34868-service (legacy, no SHA)
+        pr-34868-abc123f-service (with short SHA)
+        pr-34868-abc123f456def-service (with full SHA)
+    """
+
+    pr_number: int
+    sha: Optional[str] = None
+
+    @classmethod
+    def from_service_name(cls, service_name: str) -> "ServiceName":
+        """
+        Parse a service name into its components.
+
+        Args:
+            service_name: ECS service name like "pr-34868-abc123f-service"
+
+        Returns:
+            ServiceName instance with parsed components
+        """
+        # Remove -service suffix if present
+        base_name = service_name.replace("-service", "")
+
+        # Parse pattern: pr-{number}[-{sha}]
+        match = re.match(r"pr-(\d+)(?:-([a-f0-9]+))?", base_name)
+        if not match:
+            raise ValueError(f"Invalid service name format: {service_name}")
+
+        pr_number = int(match.group(1))
+        sha = match.group(2)  # May be None for legacy services
+
+        return cls(pr_number=pr_number, sha=sha)
+
+    @classmethod
+    def from_base_name(cls, base_name: str, pr_number: int) -> "ServiceName":
+        """
+        Create from base name (without pr- prefix and -service suffix).
+
+        Args:
+            base_name: Name like "pr-34868-abc123f"
+            pr_number: PR number for validation
+
+        Returns:
+            ServiceName instance
+        """
+        # Remove pr- prefix if present
+        if base_name.startswith("pr-"):
+            base_name = base_name[3:]
+
+        # Parse pattern: {number}[-{sha}]
+        parts = base_name.split("-", 1)
+        parsed_pr = int(parts[0])
+
+        if parsed_pr != pr_number:
+            raise ValueError(f"PR number mismatch: expected {pr_number}, got {parsed_pr}")
+
+        sha = parts[1] if len(parts) > 1 else None
+
+        return cls(pr_number=pr_number, sha=sha)
+
+    @property
+    def base_name(self) -> str:
+        """Get base name without -service suffix (e.g., pr-34868-abc123f)"""
+        if self.sha:
+            return f"pr-{self.pr_number}-{self.sha}"
+        return f"pr-{self.pr_number}"
+
+    @property
+    def service_name(self) -> str:
+        """Get full ECS service name (e.g., pr-34868-abc123f-service)"""
+        return f"{self.base_name}-service"
+
+    @property
+    def image_tag(self) -> str:
+        """Get Docker image tag (e.g., pr-34868-abc123f-ci)"""
+        if not self.sha:
+            raise ValueError("SHA is required for image tag")
+        return f"{self.base_name}-ci"
+
+    @property
+    def short_sha(self) -> Optional[str]:
+        """Get short SHA (first 7 chars) if available"""
+        if self.sha:
+            return self.sha[:7]
+        return None
+
+    def __str__(self) -> str:
+        """String representation returns the full service name"""
+        return self.service_name

showtime/core/show.py

@@ -8,6 +8,8 @@ from dataclasses import dataclass
 from datetime import datetime
 from typing import List, Optional
 
+from .constants import DEFAULT_TTL
+
 
 # Import interfaces for singleton access
 # Note: These will be imported when the module loads, creating singletons
@@ -28,7 +30,7 @@ class Show:
     status: str  # building, built, deploying, running, updating, failed
     ip: Optional[str] = None  # Environment IP address
     created_at: Optional[str] = None  # ISO timestamp
-    ttl: str = "24h"  # 24h, 48h, close, etc.
+    ttl: str = DEFAULT_TTL  # 24h, 48h, close, etc.
     requested_by: Optional[str] = None  # GitHub username
 
     @property
@@ -80,26 +82,38 @@ class Show:
         """Check if environment needs update to latest SHA"""
         return self.sha != latest_sha[:7]
 
+    @property
+    def created_datetime(self) -> Optional[datetime]:
+        """Parse created_at timestamp into datetime object (UTC)"""
+        from .date_utils import parse_circus_time
+
+        if self.created_at is None:
+            return None
+        return parse_circus_time(self.created_at)
+
     def is_expired(self, max_age_hours: int) -> bool:
         """Check if this environment is expired based on age"""
-        if not self.created_at:
+        from .date_utils import is_expired
+
+        if self.created_at is None:
             return False
+        return is_expired(self.created_at, max_age_hours)
 
-        try:
-            from datetime import datetime, timedelta
+    def age_display(self) -> str:
+        """Get human-readable age of this environment"""
+        from .date_utils import age_display
 
-            created_time = datetime.fromisoformat(self.created_at.replace("-", ":"))
-            expiry_time = created_time + timedelta(hours=max_age_hours)
-            return datetime.now() > expiry_time
-        except (ValueError, AttributeError):
-            return False  # If we can't parse, assume not expired
+        if self.created_at is None:
+            return "unknown"
+        return age_display(self.created_at)
 
     def to_circus_labels(self) -> List[str]:
         """Convert show state to circus tent emoji labels (per-SHA format)"""
+        from .date_utils import format_utc_now
         from .emojis import CIRCUS_PREFIX, MEANING_TO_EMOJI
 
         if not self.created_at:
-            self.created_at = datetime.utcnow().strftime("%Y-%m-%dT%H-%M")
+            self.created_at = format_utc_now()
 
         labels = [
             f"{CIRCUS_PREFIX} {self.sha} {MEANING_TO_EMOJI['status']} {self.status}",  # SHA-first status
@@ -142,21 +156,20 @@ class Show:
             # Mock successful deployment for dry-run
             self.ip = "52.1.2.3"
 
-    def stop(self, dry_run_github: bool = False, dry_run_aws: bool = False) -> None:
+    def stop(self, dry_run_github: bool = False, dry_run_aws: bool = False) -> bool:
         """Stop this environment (cleanup AWS resources)
 
-        Raises:
-            Exception: On cleanup failure
+        Returns:
+            True if successful, False otherwise
         """
         github, aws = get_interfaces()
 
         # Delete AWS resources (pure technical work)
         if not dry_run_aws:
-            success = aws.delete_environment(self.aws_service_name, self.pr_number)
-            if not success:
-                raise Exception(f"Failed to delete AWS service: {self.aws_service_name}")
+            result = aws.delete_environment(self.aws_service_name, self.pr_number)
+            return bool(result)
 
-        # No comments - PullRequest handles that!
+        return True  # Dry run is always "successful"
 
     def _build_docker_image(self) -> None:
         """Build Docker image for this environment"""