[WIP] Bundled mixer configs; pre-merge checks #1627
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| # Copyright 2023 Google LLC | ||
| # | ||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||
| # you may not use this file except in compliance with the License. | ||
| # You may obtain a copy of the License at | ||
| # | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # Unless required by applicable law or agreed to in writing, software | ||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
| # See the License for the specific language governing permissions and | ||
| # limitations under the License. | ||
|
|
||
| steps: | ||
| - id: enforce-feature-flag-merge-restrictions | ||
| name: gcr.io/cloud-builders/git | ||
| entrypoint: "bash" | ||
| args: | ||
| - -c | ||
| - | | ||
| set -e | ||
| ./deploy/featureflags/enforce_merge_restrictions.sh deploy/featureflags |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| clusters: | ||
| - projects/datcom-website-autopush/locations/us-central1/clusters/website-us-central1 | ||
| liveUrl: https://autopush.datacommons.org | ||
| flags: | ||
| EnableV3: true | ||
| V3MirrorFraction: 0.5 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| clusters: | ||
| - projects/datcom-website-dev/locations/us-central1/clusters/website-us-central1 | ||
| liveUrl: https://dev.datacommons.org | ||
| flags: | ||
| EnableV3: true | ||
| V3MirrorFraction: 0.5 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
| @@ -0,0 +1,84 @@ | ||||||
| #!/bin/bash | ||||||
| # Copyright 2025 Google LLC | ||||||
| # | ||||||
| # Licensed under the Apache License, Version 2.0 (the "License"); | ||||||
| # you may not use this file except in compliance with the License. | ||||||
| # You may obtain a copy of the License at | ||||||
| # | ||||||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||||||
| # | ||||||
| # Unless required by applicable law or agreed to in writing, software | ||||||
| # distributed under the License is distributed on an "AS IS" BASIS, | ||||||
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||||
| # See the License for the specific language governing permissions and | ||||||
| # limitations under the License. | ||||||
|
|
||||||
| # This script is intended to be run exclusively within a CI/CD merge queue | ||||||
| # (e.g., via a dedicated Google Cloud Build trigger for merge_group events). | ||||||
| # | ||||||
| # It enforces production deployment restrictions by: | ||||||
| # 1. Checking if any YAML file containing "prod" in its name, within a specified directory, | ||||||
| # has been modified. | ||||||
| # 2. Verifying that the current time is within the allowed window for production changes. | ||||||
| # | ||||||
| # The time checks are always performed in the US Pacific Time Zone. | ||||||
|
|
||||||
| set -e | ||||||
|
|
||||||
| if [[ "$#" -ne 1 ]]; then | ||||||
| echo "Usage: $0 <config_dir>" | ||||||
| echo " <config_dir>: Directory containing the feature flag YAML files." | ||||||
| exit 1 | ||||||
| fi | ||||||
|
|
||||||
| CONFIG_DIR=$1 | ||||||
|
|
||||||
| # Use the _BASE_REF substitution provided by Google Cloud Build. | ||||||
| BASE_BRANCH="origin/${_BASE_REF}" | ||||||
|
|
||||||
| echo "------" | ||||||
| echo "Git remotes" | ||||||
| git remote -v | ||||||
| echo "------" | ||||||
| echo Env | ||||||
| printenv | ||||||
| echo "------" | ||||||
| echo "Checking for modified 'prod' feature flag files in '$CONFIG_DIR' against base branch '$BASE_BRANCH'..." | ||||||
|
|
||||||
| # Get the list of modified YAML files containing "prod" in their name within the config directory. | ||||||
| # This compares the current temporary merge commit (HEAD) with the target branch. | ||||||
| MODIFIED_PROD_FILES=$(git diff --name-only "$(git merge-base HEAD "$BASE_BRANCH")" HEAD -- "$CONFIG_DIR" | grep 'prod.*\.yaml$' || true) | ||||||
|
|
||||||
| if [[ -z "$MODIFIED_PROD_FILES" ]]; then | ||||||
| echo "No modified 'prod' feature flag files found. No restrictions apply." | ||||||
| exit 1 | ||||||
|
There was a problem hiding this comment. The script exits with status 1 when no modified 'prod' feature flag files are found. This is incorrect behavior for a CI check, as it will cause the build to fail when it should pass. The script should exit with status 0 to indicate success in this case.
Suggested change
|
||||||
| fi | ||||||
|
|
||||||
| echo "---" | ||||||
| echo "Found modified 'prod' feature flag files:" | ||||||
| echo "$MODIFIED_PROD_FILES" | ||||||
| echo "Enforcing production deployment restrictions." | ||||||
| echo "---" | ||||||
|
|
||||||
| # Get the current day and hour in US Pacific Time. | ||||||
| # 1 = Monday, 5 = Friday, 7 = Sunday | ||||||
| DAY_OF_WEEK=$(TZ="America/Los_Angeles" date +%u) | ||||||
| # 00-23 | ||||||
| HOUR_OF_DAY=$(TZ="America/Los_Angeles" date +%H) | ||||||
|
|
||||||
| # Block changes on Friday, Saturday, or Sunday. | ||||||
| if [[ "$DAY_OF_WEEK" -ge 5 ]]; then | ||||||
| echo "ERROR: Merging changes to 'prod' feature flags is not allowed on Fridays or weekends." | ||||||
| echo "Production changes are restricted to Monday - Thursday to ensure adequate monitoring." | ||||||
| exit 1 | ||||||
| fi | ||||||
|
|
||||||
| # Block changes outside of business hours (9 AM to 5 PM / 17:00) in US Pacific Time. | ||||||
| if [[ "$HOUR_OF_DAY" -lt 9 || "$HOUR_OF_DAY" -ge 17 ]]; then | ||||||
| echo "ERROR: Merging changes to 'prod' feature flags is not allowed outside of business hours (9 AM - 5 PM Pacific Time)." | ||||||
| echo "Current hour is ${HOUR_OF_DAY} in US Pacific Time." | ||||||
| exit 1 | ||||||
| fi | ||||||
|
|
||||||
| echo "Production change is within the allowed time window. Checks passed." | ||||||
| exit 1 | ||||||
|
There was a problem hiding this comment. The script exits with status 1 after all checks have passed successfully. This will cause the CI step to fail unexpectedly. The script should exit with status 0 to indicate a successful run.
Suggested change
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| clusters: | ||
| - projects/datcom-website-prod/locations/us-central1/clusters/website-us-central1 | ||
| - projects/datcom-website-prod/locations/us-west1/clusters/website-us-west1 | ||
| liveUrl: https://datacommons.org | ||
| flags: | ||
| EnableV3: true | ||
| V3MirrorFraction: 0.002 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| clusters: | ||
| - projects/datcom-website-staging/locations/us-central1/clusters/website-us-central1 | ||
| liveUrl: https://staging.datacommons.org | ||
| flags: | ||
| EnableV3: true | ||
| V3MirrorFraction: 0.01 |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The
greppatternprod.*\.yaml$is too broad and could cause false positives by matching files that contain "prod" but are not production environment configurations (e.g., a file namedreproduction.yaml). To avoid this, consider using a more specific pattern that matches the naming convention of your production config files, such as files starting withprod_.