-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for fetching a greeting CTA as part of the update flow MONGOSH-1897 #2254
base: main
Are you sure you want to change the base?
Conversation
|
||
config.isDryRun ||= process.argv.includes('--dry-run'); | ||
await updateJsonFeedCTA(ctaConfig); | ||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is the only step in this approach that I don't fully follow – is the idea that we'd locally run the update-cta
command? How would we get the credentials to access the relevant S3 bucket?
We're definitely moving towards a world in which less and less access will be given to individual developers' machines, so I don't think this is something we could easily do, and we may just need to fall back to a variant in which we update the CTA entries along with the version feed during releases only – I think that would be okay though, we're generally free to do mongosh releases whenever necessary.
(In the future, we'll need to make sure that even this kind of flow where we update an existing file in S3 as part of the releases is supported – see e.g. https://jira.mongodb.org/browse/WRITING-16730)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was hoping we could decouple releases from CTA updates. I had the following in mind - let me know how it sounds:
- Updates are published when
cta.conf.js
is updated. This will have to go through the normal PR flow of accepting changes. - When the change is merged into
main
, a github action triggers that has access to the S3 credentials through environment secrets and runs theupdate-cta
command. - The secrets are stored in an environment - let's say "production" - that will have protection rules configured, which means the deployment will be paused until the protection rules are satisfied (e.g. approval required by specified people/wait specified number of hours).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a github action triggers that has access to the S3 credentials through environment secrets and runs the update-cta command.
We can do that but I think we'd be going for Evergreen rather than GHA here? That's the only platform I'd really expect to be available to access release infrastructure in the long run. I think we'd encounter some resistance if we wanted to put downloads.mongodb.com secrets into another CI environment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We could sort it out - my personal preference is towards GHA and we already have a handful of products being signed and released with secrets stored in GHA, as well as all our code being hosted by github. That being said, if there's a strong desire to only do that on evergreen, we could work with those limitations - the important part here is that the flow of publishing CTA updates happens on CI and in a somewhat automated and reviewable fashion.
This is an early POC of an approach to fetch a greeting CTA via the versions json. The proposed design adds support for reading a
cta
field in the version objects:These are optional and nothing will be displayed if they're not present. If they are present and the version matches the current version, we'll format the chunks with their corresponding styles and display the message as part of the greeting.
Additionally, we add the following to the
update-metadata.json
:The greeting CTA for the current version based on package.json will be picked, but locally we're saving both the current and the latest version's CTAs to make it readily available once the user upgrades.