-
Notifications
You must be signed in to change notification settings - Fork 118
Expand file tree
/
Copy pathbootstrap-preview-auth.sh
More file actions
117 lines (94 loc) · 3.66 KB
/
bootstrap-preview-auth.sh
File metadata and controls
117 lines (94 loc) · 3.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
# shellcheck source=.github/scripts/preview/common.sh
source "${SCRIPT_DIR}/common.sh"
require_env_vars \
API_URL \
SPICEDB_PRESHARED_KEY \
INKEEP_AGENTS_MANAGE_UI_USERNAME \
INKEEP_AGENTS_MANAGE_UI_PASSWORD \
BETTER_AUTH_SECRET
mask_env_vars RUN_DB_URL SPICEDB_ENDPOINT SPICEDB_PRESHARED_KEY INKEEP_AGENTS_MANAGE_UI_PASSWORD BETTER_AUTH_SECRET
SPICEDB_TRANSIENT_RETRY_PATTERN='(No connection established|UNAVAILABLE|ECONNRESET|ECONNREFUSED|EPIPE|ETIMEDOUT|deadline exceeded|Protocol error|transport is closing)'
run_with_transient_spicedb_retry() {
local label="$1"
local attempts="$2"
shift 2
local attempt=""
local log_file=""
local status="0"
for attempt in $(seq 1 "${attempts}"); do
preview_log "${label} (attempt ${attempt}/${attempts})."
log_file="$(mktemp)"
set +e
"$@" 2>&1 | tee "${log_file}"
status="${PIPESTATUS[0]}"
set -e
if [ "${status}" = "0" ]; then
rm -f "${log_file}"
return 0
fi
if [ "${attempt}" -lt "${attempts}" ] && grep -Eqi "${SPICEDB_TRANSIENT_RETRY_PATTERN}" "${log_file}"; then
preview_log "${label} failed with a transient SpiceDB transport error; retrying."
rm -f "${log_file}"
sleep_with_backoff_and_jitter 2 "${attempt}" 10
continue
fi
rm -f "${log_file}"
return "${status}"
done
return 1
}
if [ -z "${RUN_DB_URL:-}" ] || [ -z "${SPICEDB_ENDPOINT:-}" ]; then
require_env_vars \
RAILWAY_API_TOKEN \
RAILWAY_PROJECT_ID \
RAILWAY_OUTPUT_SERVICE \
RAILWAY_RUN_DB_URL_KEY \
RAILWAY_SPICEDB_ENDPOINT_KEY \
PR_NUMBER
RAILWAY_ENV_NAME="$(pr_env_name "${PR_NUMBER}")"
preview_log "Resolving runtime bootstrap values from Railway environment ${RAILWAY_ENV_NAME}."
RAILWAY_ENV_ID="$(railway_wait_for_environment_id "${RAILWAY_PROJECT_ID}" "${RAILWAY_ENV_NAME}" 10 2)"
OUTPUT_SERVICE_ID="$(railway_project_service_id "${RAILWAY_PROJECT_ID}" "${RAILWAY_OUTPUT_SERVICE}")"
OUTPUT_SERVICE_ENV_JSON="$(
railway_variables_json "${RAILWAY_PROJECT_ID}" "${RAILWAY_ENV_ID}" "${OUTPUT_SERVICE_ID}"
)"
if [ -z "${RUN_DB_URL:-}" ]; then
RUN_DB_URL="$(jq -r --arg key "${RAILWAY_RUN_DB_URL_KEY}" '.[$key] // empty' <<< "${OUTPUT_SERVICE_ENV_JSON}")"
fi
if [ -z "${SPICEDB_ENDPOINT:-}" ]; then
SPICEDB_ENDPOINT="$(jq -r --arg key "${RAILWAY_SPICEDB_ENDPOINT_KEY}" '.[$key] // empty' <<< "${OUTPUT_SERVICE_ENV_JSON}")"
fi
mask_env_vars RUN_DB_URL SPICEDB_ENDPOINT
fi
require_env_vars RUN_DB_URL SPICEDB_ENDPOINT
preview_log "Bootstrapping preview auth for tenant ${TENANT_ID:-default} via ${API_URL}."
export INKEEP_AGENTS_API_URL="${API_URL}"
export INKEEP_AGENTS_RUN_DATABASE_URL="${RUN_DB_URL}"
export SPICEDB_ENDPOINT
export TENANT_ID="${TENANT_ID:-default}"
echo "::group::Run preview runtime migrations"
preview_log "Running preview runtime migrations."
pnpm db:run:migrate
echo "::endgroup::"
echo "::group::Wait for SpiceDB readiness"
run_with_transient_spicedb_retry \
"Wait for SpiceDB readiness" \
2 \
pnpm --filter @inkeep/agents-core exec tsx src/auth/wait-for-spicedb.ts
echo "::endgroup::"
echo "::group::Initialize preview auth"
run_with_transient_spicedb_retry "Initialize preview auth" 2 pnpm db:auth:init
echo "::endgroup::"
if [ -n "${GITHUB_STEP_SUMMARY:-}" ]; then
{
echo "## Preview Auth Bootstrap"
echo "- Tenant: \`${TENANT_ID}\`"
echo "- Admin email: \`${INKEEP_AGENTS_MANAGE_UI_USERNAME}\`"
echo "- Runtime migrations: \`pnpm db:run:migrate\`"
echo "- SpiceDB readiness probe: \`tsx src/auth/wait-for-spicedb.ts\`"
echo "- Auth seed: \`pnpm db:auth:init\`"
} >> "${GITHUB_STEP_SUMMARY}"
fi