superset-showtime 0.6.4__py3-none-any.whl → 0.6.7__py3-none-any.whl

showtime/core/github_messages.py

@@ -16,7 +16,9 @@ AWS_REGION = "us-west-2"
 
 def get_github_actor() -> str:
     """Get current GitHub actor with fallback"""
-    return os.getenv("GITHUB_ACTOR", "unknown")
+    from .github import GitHubInterface
+
+    return GitHubInterface.get_current_actor()
 
 
 def get_github_workflow_url() -> str:

showtime/core/pull_request.py

@@ -4,14 +4,13 @@
 Handles atomic transactions, trigger processing, and environment orchestration.
 """
 
-import os
 from dataclasses import dataclass
-from datetime import datetime
 from typing import Any, List, Optional
 
 from .aws import AWSInterface
 from .github import GitHubInterface
 from .show import Show, short_sha
+from .sync_state import ActionNeeded, AuthStatus, BlockedReason, SyncState
 
 # Lazy singletons to avoid import-time failures
 _github = None
@@ -127,7 +126,7 @@ class PullRequest:
         # Create Show objects for each SHA
         shows = []
         for sha in shas:
-            show = Show.from_circus_labels(self.pr_number, self.labels, sha)
+            show = Show.from_circus_labels(self.pr_number, list(self.labels), sha)
             if show:
                 shows.append(show)
 
@@ -213,19 +212,27 @@ class PullRequest:
         active_pointer = f"{active_prefix}{show.sha}"  # "🎪 🎯 abc123f"
         self.add_label(active_pointer)
 
-    def _check_authorization(self) -> bool:
-        """Check if current GitHub actor is authorized for operations"""
-        import os
+    def _check_authorization(self) -> tuple[bool, dict]:
+        """Check if current GitHub actor is authorized for operations
 
+        Returns:
+            tuple: (is_authorized, debug_info_dict)
+        """
         import httpx
 
+        # Get actor info using centralized function
+        actor_info = GitHubInterface.get_actor_debug_info()
+        debug_info = {**actor_info, "permission": "unknown", "auth_status": "unknown"}
+
         # Only check in GitHub Actions context
-        if os.getenv("GITHUB_ACTIONS") != "true":
-            return True
+        if not debug_info["is_github_actions"]:
+            debug_info["auth_status"] = "skipped_not_actions"
+            return True, debug_info
 
-        actor = os.getenv("GITHUB_ACTOR")
-        if not actor:
-            return True  # No actor info, allow operation
+        actor = debug_info["actor"]
+        if not actor or actor == "unknown":
+            debug_info["auth_status"] = "allowed_no_actor"
+            return True, debug_info
 
         try:
             # Use existing GitHubInterface for consistency
@@ -237,58 +244,202 @@ class PullRequest:
             with httpx.Client() as client:
                 response = client.get(perm_url, headers=github.headers)
                 if response.status_code == 404:
-                    return False  # Not a collaborator
+                    debug_info["permission"] = "not_collaborator"
+                    debug_info["auth_status"] = "denied_404"
+                    return False, debug_info
+
                 response.raise_for_status()
 
                 data = response.json()
                 permission = data.get("permission", "none")
+                debug_info["permission"] = permission
 
                 # Allow write and admin permissions only
                 authorized = permission in ["write", "admin"]
 
                 if not authorized:
+                    debug_info["auth_status"] = "denied_insufficient_perms"
                     print(f"🚨 Unauthorized actor {actor} (permission: {permission})")
                     # Set blocked label for security
                     self.add_label("🎪 🔒 showtime-blocked")
+                else:
+                    debug_info["auth_status"] = "authorized"
 
-                return authorized
+                return authorized, debug_info
 
         except Exception as e:
+            debug_info["auth_status"] = f"error_{type(e).__name__}"
+            debug_info["error"] = str(e)
             print(f"⚠️ Authorization check failed: {e}")
-            return True  # Fail open for non-security operations
+            return True, debug_info  # Fail open for non-security operations
 
-    def analyze(self, target_sha: str, pr_state: str = "open") -> AnalysisResult:
-        """Analyze what actions are needed (read-only, for --check-only)
+    def analyze(self, target_sha: str, pr_state: str = "open") -> SyncState:
+        """Analyze what actions are needed with comprehensive debugging info
 
         Args:
             target_sha: Target commit SHA to analyze
             pr_state: PR state (open/closed)
 
         Returns:
-            AnalysisResult with action plan and flags
+            SyncState with complete analysis and debug info
         """
+        import os
+
         # Handle closed PRs
         if pr_state == "closed":
-            return AnalysisResult(
-                action_needed="cleanup", build_needed=False, sync_needed=True, target_sha=target_sha
+            return SyncState(
+                action_needed=ActionNeeded.DESTROY_ENVIRONMENT,
+                build_needed=False,
+                sync_needed=True,
+                target_sha=target_sha,
+                github_actor=GitHubInterface.get_current_actor(),
+                is_github_actions=os.getenv("GITHUB_ACTIONS") == "true",
+                permission_level="cleanup",
+                auth_status=AuthStatus.SKIPPED_NOT_ACTIONS,
+                action_reason="pr_closed",
             )
 
-        # Determine action needed
-        action_needed = self._determine_action(target_sha)
+        # Get fresh labels
+        self.refresh_labels()
 
-        # Determine if Docker build is needed
-        build_needed = action_needed in ["create_environment", "rolling_update", "auto_sync"]
+        # Initialize state tracking
+        target_sha_short = target_sha[:7]
+        target_show = self.get_show_by_sha(target_sha_short)
+        trigger_labels = [label for label in self.labels if "showtime-trigger-" in label]
+
+        # Check for existing blocked label
+        blocked_reason = BlockedReason.NOT_BLOCKED
+        if "🎪 🔒 showtime-blocked" in self.labels:
+            blocked_reason = BlockedReason.EXISTING_BLOCKED_LABEL
+
+        # Check authorization
+        is_authorized, auth_debug = self._check_authorization()
+        if not is_authorized and blocked_reason == BlockedReason.NOT_BLOCKED:
+            blocked_reason = BlockedReason.AUTHORIZATION_FAILED
 
-        # Determine if sync execution is needed
-        sync_needed = action_needed not in ["no_action", "blocked"]
+        # Determine action needed
+        action_needed_str = (
+            "blocked"
+            if blocked_reason != BlockedReason.NOT_BLOCKED
+            else self._evaluate_action_logic(target_sha_short, target_show, trigger_labels)
+        )
+
+        # Map string to enum
+        action_map = {
+            "no_action": ActionNeeded.NO_ACTION,
+            "create_environment": ActionNeeded.CREATE_ENVIRONMENT,
+            "rolling_update": ActionNeeded.ROLLING_UPDATE,
+            "auto_sync": ActionNeeded.AUTO_SYNC,
+            "destroy_environment": ActionNeeded.DESTROY_ENVIRONMENT,
+            "blocked": ActionNeeded.BLOCKED,
+        }
+        action_needed = action_map.get(action_needed_str, ActionNeeded.NO_ACTION)
 
-        return AnalysisResult(
+        # Build sync state
+        return SyncState(
             action_needed=action_needed,
-            build_needed=build_needed,
-            sync_needed=sync_needed,
+            build_needed=action_needed
+            in [
+                ActionNeeded.CREATE_ENVIRONMENT,
+                ActionNeeded.ROLLING_UPDATE,
+                ActionNeeded.AUTO_SYNC,
+            ],
+            sync_needed=action_needed not in [ActionNeeded.NO_ACTION, ActionNeeded.BLOCKED],
             target_sha=target_sha,
+            github_actor=auth_debug.get("actor", "unknown"),
+            is_github_actions=auth_debug.get("is_github_actions", False),
+            permission_level=auth_debug.get("permission", "unknown"),
+            auth_status=self._parse_auth_status(auth_debug.get("auth_status", "unknown")),
+            blocked_reason=blocked_reason,
+            trigger_labels=trigger_labels,
+            target_show_status=target_show.status if target_show else None,
+            has_previous_shows=len(self.shows) > 0,
+            action_reason=self._get_action_reason(action_needed_str, target_show, trigger_labels),
+            auth_error=auth_debug.get("error"),
         )
 
+    def _evaluate_action_logic(
+        self, target_sha_short: str, target_show: Optional[Show], trigger_labels: List[str]
+    ) -> str:
+        """Pure logic for evaluating what action is needed (no side effects, for testability)"""
+        if trigger_labels:
+            for trigger in trigger_labels:
+                if "showtime-trigger-start" in trigger:
+                    if not target_show or target_show.status == "failed":
+                        return "create_environment"  # New SHA or failed SHA
+                    elif target_show.status in ["building", "built", "deploying"]:
+                        return "no_action"  # Target SHA already in progress
+                    elif target_show.status == "running":
+                        return "create_environment"  # Force rebuild with trigger
+                    else:
+                        return "create_environment"  # Default for unknown states
+                elif "showtime-trigger-stop" in trigger:
+                    return "destroy_environment"
+
+        # No explicit triggers - only auto-create if there's ANY previous environment
+        if not target_show:
+            # Target SHA doesn't exist - only create if there's any previous environment
+            if self.shows:  # Any previous environment exists
+                return "create_environment"
+            else:
+                # No previous environments - don't auto-create without explicit trigger
+                return "no_action"
+        elif target_show.status == "failed":
+            # Target SHA failed - rebuild it
+            return "create_environment"
+        elif target_show.status in ["building", "built", "deploying"]:
+            # Target SHA in progress - wait
+            return "no_action"
+        elif target_show.status == "running":
+            # Target SHA already running - no action needed
+            return "no_action"
+
+        return "no_action"
+
+    def _get_action_reason(
+        self, action_needed: str, target_show: Optional[Show], trigger_labels: List[str]
+    ) -> str:
+        """Get human-readable reason for the action"""
+        if action_needed == "blocked":
+            return "operation_blocked"
+        elif trigger_labels:
+            if any("trigger-start" in label for label in trigger_labels):
+                if not target_show:
+                    return "explicit_start_new_sha"
+                elif target_show.status == "failed":
+                    return "explicit_start_failed_sha"
+                elif target_show.status == "running":
+                    return "explicit_start_force_rebuild"
+                else:
+                    return "explicit_start_trigger"
+            elif any("trigger-stop" in label for label in trigger_labels):
+                return "explicit_stop_trigger"
+        elif action_needed == "create_environment":
+            if not target_show:
+                return "auto_sync_new_commit"
+            elif target_show.status == "failed":
+                return "auto_rebuild_failed"
+            else:
+                return "create_environment"
+        elif action_needed == "no_action":
+            if target_show and target_show.status == "running":
+                return "already_running"
+            elif target_show and target_show.status in ["building", "deploying"]:
+                return "in_progress"
+            else:
+                return "no_previous_environments"
+        return action_needed
+
+    def _parse_auth_status(self, auth_status_str: str) -> AuthStatus:
+        """Parse auth status string to enum, handling errors gracefully"""
+        try:
+            return AuthStatus(auth_status_str)
+        except ValueError:
+            # Handle error cases that include exception type (e.g., "error_UnsupportedProtocol")
+            if auth_status_str.startswith("error_"):
+                return AuthStatus.ERROR
+            return AuthStatus.ERROR
+
     def sync(
         self,
         target_sha: str,
@@ -414,8 +565,13 @@ class PullRequest:
                 # Stop the current environment if it exists
                 if self.current_show:
                     print(f"🗑️ Destroying environment {self.current_show.sha}...")
-                    self.current_show.stop(dry_run_github=dry_run_github, dry_run_aws=dry_run_aws)
-                    print("☁️ AWS resources deleted")
+                    success = self.current_show.stop(
+                        dry_run_github=dry_run_github, dry_run_aws=dry_run_aws
+                    )
+                    if success:
+                        print("☁️ AWS resources deleted")
+                    else:
+                        print("⚠️ AWS resource deletion may have failed")
                     self._post_cleanup_comment(self.current_show, dry_run_github)
                 else:
                     print("🗑️ No current environment to destroy")
@@ -448,8 +604,12 @@ class PullRequest:
         try:
             # Stop the current environment if it exists
             if self.current_show:
-                self.current_show.stop(**kwargs)
-                print("☁️ AWS resources deleted")
+                success = self.current_show.stop(**kwargs)
+                if success:
+                    print("☁️ AWS resources deleted")
+                else:
+                    print("⚠️ AWS resource deletion may have failed")
+                    return SyncResult(success=False, action_taken="stop_environment")
             else:
                 print("🗑️ No current environment to destroy")
 
@@ -486,10 +646,15 @@ class PullRequest:
         pr_numbers = get_github().find_prs_with_shows()
 
         all_environments = []
+        github_service_names = set()  # Track services we found via GitHub
+
         for pr_number in pr_numbers:
             pr = cls.from_id(pr_number)
             # Show ALL environments, not just current_show
             for show in pr.shows:
+                # Track this service name for later
+                github_service_names.add(show.ecs_service_name)
+
                 # Determine show type based on pointer presence
                 show_type = "orphaned"  # Default
 
@@ -511,16 +676,71 @@ class PullRequest:
                         "ttl": show.ttl,
                         "requested_by": show.requested_by,
                         "created_at": show.created_at,
+                        "age": show.age_display(),  # Add age display
                         "aws_service_name": show.aws_service_name,
                         "show_type": show_type,  # New field for display
+                        "is_legacy": False,  # Regular environment
                     },
                 }
                 all_environments.append(environment_data)
 
+        # TODO: Remove after legacy cleanup - Find AWS-only services (legacy pr-XXXXX-service format)
+        try:
+            from .aws import get_aws
+            from .service_name import ServiceName
+
+            aws = get_aws()
+            aws_services = aws.list_circus_environments()
+
+            for aws_service in aws_services:
+                service_name_str = aws_service.get("service_name", "")
+
+                # Skip if we already have this from GitHub
+                if service_name_str in github_service_names:
+                    continue
+
+                # Parse the service name to get PR number
+                try:
+                    svc = ServiceName.from_service_name(service_name_str)
+
+                    # Legacy services have no SHA
+                    is_legacy = svc.sha is None
+
+                    # Add as a legacy/orphaned environment
+                    environment_data = {
+                        "pr_number": svc.pr_number,
+                        "status": "active",  # Keep for compatibility
+                        "show": {
+                            "sha": svc.sha or "-",  # Show dash for missing SHA
+                            "status": aws_service["status"].lower()
+                            if aws_service.get("status")
+                            else "running",
+                            "ip": aws_service.get("ip"),
+                            "ttl": None,  # Legacy environments have no TTL labels
+                            "requested_by": "-",  # Unknown user for legacy
+                            "created_at": None,  # Will show as "-" in display
+                            "age": "-",  # Unknown age
+                            "aws_service_name": svc.base_name,  # pr-XXXXX or pr-XXXXX-sha format
+                            "show_type": "legacy"
+                            if is_legacy
+                            else "orphaned",  # Mark as legacy type
+                            "is_legacy": is_legacy,  # Flag for display formatting
+                        },
+                    }
+                    all_environments.append(environment_data)
+
+                except ValueError:
+                    # Skip services that don't match our pattern
+                    continue
+
+        except Exception:
+            # If AWS lookup fails, just show GitHub-based environments
+            pass
+
         return all_environments
 
     def _determine_action(self, target_sha: str) -> str:
-        """Determine what sync action is needed based on target SHA state"""
+        """Determine what sync action is needed (includes all checks and refreshes labels)"""
         # CRITICAL: Get fresh labels before any decisions
         self.refresh_labels()
 
@@ -529,7 +749,8 @@ class PullRequest:
             return "blocked"
 
         # Check authorization (security layer)
-        if not self._check_authorization():
+        is_authorized, _ = self._check_authorization()
+        if not is_authorized:
             return "blocked"
 
         target_sha_short = target_sha[:7]  # Ensure we're working with short SHA
@@ -626,13 +847,16 @@ class PullRequest:
 
     def _create_new_show(self, target_sha: str) -> Show:
         """Create a new Show object for the target SHA"""
+        from .constants import DEFAULT_TTL
+        from .date_utils import format_utc_now
+
         return Show(
             pr_number=self.pr_number,
             sha=short_sha(target_sha),
             status="building",
-            created_at=datetime.utcnow().strftime("%Y-%m-%dT%H-%M"),
-            ttl="24h",
-            requested_by=os.getenv("GITHUB_ACTOR", "unknown"),
+            created_at=format_utc_now(),
+            ttl=DEFAULT_TTL,
+            requested_by=GitHubInterface.get_current_actor(),
         )
 
     def _post_building_comment(self, show: Show, dry_run: bool = False) -> None:
@@ -705,6 +929,48 @@ class PullRequest:
 
         return False  # Not expired
 
+    def cleanup_orphaned_shows(self, max_age_hours: int, dry_run: bool = False) -> int:
+        """Clean up orphaned shows (environments without pointer labels)
+
+        Args:
+            max_age_hours: Maximum age in hours before considering orphaned environment for cleanup
+            dry_run: If True, just check don't actually stop
+
+        Returns:
+            Number of orphaned environments cleaned up
+        """
+        cleaned_count = 0
+
+        # Find orphaned shows (shows without active or building pointers)
+        orphaned_shows = []
+        for show in self.shows:
+            has_pointer = any(
+                label in self.labels for label in [f"🎪 🎯 {show.sha}", f"🎪 🏗️ {show.sha}"]
+            )
+            if not has_pointer and show.is_expired(max_age_hours):
+                orphaned_shows.append(show)
+
+        # Clean up each orphaned show
+        for show in orphaned_shows:
+            if dry_run:
+                print(
+                    f"🎪 [DRY-RUN] Would clean orphaned environment: PR #{self.pr_number} SHA {show.sha}"
+                )
+                cleaned_count += 1
+            else:
+                print(f"🧹 Cleaning orphaned environment: PR #{self.pr_number} SHA {show.sha}")
+                # Stop the specific show (AWS resources)
+                success = show.stop(dry_run_github=False, dry_run_aws=False)
+                if success:
+                    # Also clean up GitHub labels for this specific show
+                    self.remove_sha_labels(show.sha)
+                    cleaned_count += 1
+                    print(f"✅ Cleaned orphaned environment: {show.sha}")
+                else:
+                    print(f"⚠️ Failed to clean orphaned environment: {show.sha}")
+
+        return cleaned_count
+
     @classmethod
     def find_all_with_environments(cls) -> List[int]:
         """Find all PR numbers that have active environments"""
@@ -727,9 +993,11 @@ class PullRequest:
 
         # For running environments, ensure only ONE active pointer exists
         if show.status == "running":
-            # Remove ALL existing active pointers (there should only be one)
+            # Remove ALL existing active pointers EXCEPT for this SHA's pointer
             existing_active_pointers = [
-                label for label in self.labels if label.startswith("🎪 🎯 ")
+                label
+                for label in self.labels
+                if label.startswith("🎪 🎯 ") and label != f"🎪 🎯 {show.sha}"
             ]
             for old_pointer in existing_active_pointers:
                 print(f"🎯 Removing old active pointer: {old_pointer}")

showtime/core/service_name.py

@@ -0,0 +1,104 @@
+"""Service name parsing and generation utilities."""
+
+import re
+from dataclasses import dataclass
+from typing import Optional
+
+
+@dataclass
+class ServiceName:
+    """
+    Handles ECS service name parsing and generation.
+
+    Service names follow the pattern: pr-{pr_number}-{sha}-service
+    Where sha can be either full or short (7 chars).
+
+    Examples:
+        pr-34868-service (legacy, no SHA)
+        pr-34868-abc123f-service (with short SHA)
+        pr-34868-abc123f456def-service (with full SHA)
+    """
+
+    pr_number: int
+    sha: Optional[str] = None
+
+    @classmethod
+    def from_service_name(cls, service_name: str) -> "ServiceName":
+        """
+        Parse a service name into its components.
+
+        Args:
+            service_name: ECS service name like "pr-34868-abc123f-service"
+
+        Returns:
+            ServiceName instance with parsed components
+        """
+        # Remove -service suffix if present
+        base_name = service_name.replace("-service", "")
+
+        # Parse pattern: pr-{number}[-{sha}]
+        match = re.match(r"pr-(\d+)(?:-([a-f0-9]+))?", base_name)
+        if not match:
+            raise ValueError(f"Invalid service name format: {service_name}")
+
+        pr_number = int(match.group(1))
+        sha = match.group(2)  # May be None for legacy services
+
+        return cls(pr_number=pr_number, sha=sha)
+
+    @classmethod
+    def from_base_name(cls, base_name: str, pr_number: int) -> "ServiceName":
+        """
+        Create from base name (without pr- prefix and -service suffix).
+
+        Args:
+            base_name: Name like "pr-34868-abc123f"
+            pr_number: PR number for validation
+
+        Returns:
+            ServiceName instance
+        """
+        # Remove pr- prefix if present
+        if base_name.startswith("pr-"):
+            base_name = base_name[3:]
+
+        # Parse pattern: {number}[-{sha}]
+        parts = base_name.split("-", 1)
+        parsed_pr = int(parts[0])
+
+        if parsed_pr != pr_number:
+            raise ValueError(f"PR number mismatch: expected {pr_number}, got {parsed_pr}")
+
+        sha = parts[1] if len(parts) > 1 else None
+
+        return cls(pr_number=pr_number, sha=sha)
+
+    @property
+    def base_name(self) -> str:
+        """Get base name without -service suffix (e.g., pr-34868-abc123f)"""
+        if self.sha:
+            return f"pr-{self.pr_number}-{self.sha}"
+        return f"pr-{self.pr_number}"
+
+    @property
+    def service_name(self) -> str:
+        """Get full ECS service name (e.g., pr-34868-abc123f-service)"""
+        return f"{self.base_name}-service"
+
+    @property
+    def image_tag(self) -> str:
+        """Get Docker image tag (e.g., pr-34868-abc123f-ci)"""
+        if not self.sha:
+            raise ValueError("SHA is required for image tag")
+        return f"{self.base_name}-ci"
+
+    @property
+    def short_sha(self) -> Optional[str]:
+        """Get short SHA (first 7 chars) if available"""
+        if self.sha:
+            return self.sha[:7]
+        return None
+
+    def __str__(self) -> str:
+        """String representation returns the full service name"""
+        return self.service_name