feat: add release workflow monitoring and validation scripts#47
feat: add release workflow monitoring and validation scripts#47technicalpickles wants to merge 1 commit intomainfrom
Conversation
## New Scripts ### monitor-release-workflow.sh - Monitor GitHub Actions release workflow until completion - Wait for new workflows to start or monitor in-progress runs - Configurable timeout and polling intervals - Detailed job status reporting - Robust error handling and colored output ### monitor-and-validate-release.sh - End-to-end monitoring and validation workflow - Automatically runs signature validation after release completes - Provides clear next steps for aqua registry submission - Comprehensive error reporting and debugging guidance ## Features - ✅ **Smart Detection**: Detects in-progress runs vs waiting for new ones - ✅ **Real-time Status**: Shows job-level progress during execution - ✅ **Automatic Validation**: Runs signature validation immediately after completion - ✅ **Error Handling**: Comprehensive error messages and debugging steps - ✅ **Configurable**: Customizable timeouts and polling intervals - ✅ **User-Friendly**: Colored output and clear progress indicators ## Usage \`\`\`bash # Monitor and validate automatically (recommended) ./scripts/monitor-and-validate-release.sh # Monitor workflow only ./scripts/monitor-release-workflow.sh # Custom configuration ./scripts/monitor-release-workflow.sh myorg/myrepo Release main 60 10 \`\`\` These scripts will be essential for validating the improved bundle-based signing process once PR #46 merges and triggers a new release.
There was a problem hiding this comment.
Pull Request Overview
This PR introduces comprehensive monitoring and validation scripts to track GitHub Actions release workflows and automatically validate the new bundle-based signing process implemented in PR #46.
- Adds real-time workflow monitoring with timeout handling and progress tracking
- Implements automatic signature validation after release completion
- Provides user-friendly progress indicators and clear next steps for aqua registry submission
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| scripts/monitor-release-workflow.sh | Core workflow monitoring script with smart detection, real-time job status reporting, and configurable timeouts |
| scripts/monitor-and-validate-release.sh | End-to-end automation script that monitors workflows and validates signatures with actionable next steps |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| fi | ||
|
|
||
| # Run main function | ||
| main "$@" |
There was a problem hiding this comment.
The script passes all arguments to main() but main() doesn't accept any parameters. This will cause the script to fail if any arguments are passed since main() is declared without parameters while the global variables are set from positional parameters outside of main().
| main "$@" | |
| main |
| fi | ||
|
|
||
| # Run main function | ||
| main "$@" |
There was a problem hiding this comment.
Similar to the first script, main() doesn't accept parameters but "$@" is being passed to it. The script should either declare main() to accept parameters or not pass arguments to it since configuration is handled via global variables.
| main "$@" | |
| main |
| fi | ||
|
|
||
| local latest_run=$(get_latest_release_run) | ||
| local latest_run_id=$(echo "$latest_run" | jq -r '.databaseId // empty') |
There was a problem hiding this comment.
If get_latest_release_run() returns an empty result or fails, latest_run will be empty and the jq command will fail with an error. This should be handled by checking if latest_run is non-empty before processing with jq.
| local latest_run_id=$(echo "$latest_run" | jq -r '.databaseId // empty') | |
| local latest_run_id="" | |
| if [ -n "$latest_run" ]; then | |
| latest_run_id=$(echo "$latest_run" | jq -r '.databaseId // empty') | |
| fi |
|
|
||
| # Get current latest run as baseline | ||
| local baseline_run=$(get_latest_release_run) | ||
| local baseline_run_id=$(echo "$baseline_run" | jq -r '.databaseId // empty') |
There was a problem hiding this comment.
Similar to the previous issue, if get_latest_release_run() returns empty or fails, the jq command will fail. Add a check to ensure baseline_run is non-empty before processing with jq.
| local baseline_run_id=$(echo "$baseline_run" | jq -r '.databaseId // empty') | |
| local baseline_run_id="" | |
| if [ -n "$baseline_run" ]; then | |
| baseline_run_id=$(echo "$baseline_run" | jq -r '.databaseId // empty') | |
| fi |
| fi | ||
|
|
||
| # Wait for new workflow to start | ||
| local new_run=$(wait_for_new_release "$baseline_run_id") |
There was a problem hiding this comment.
If wait_for_new_release() fails or returns empty, the jq command will fail when trying to extract .databaseId. Add error checking to ensure new_run contains valid JSON before processing.
| local new_run=$(wait_for_new_release "$baseline_run_id") | |
| local new_run=$(wait_for_new_release "$baseline_run_id") | |
| if [ -z "$new_run" ]; then | |
| log_error "No new workflow run detected or wait_for_new_release failed." | |
| exit 1 | |
| fi | |
| # Check if new_run is valid JSON | |
| if ! echo "$new_run" | jq empty >/dev/null 2>&1; then | |
| log_error "wait_for_new_release did not return valid JSON." | |
| exit 1 | |
| fi |
Overview
This PR adds comprehensive monitoring scripts to track GitHub Actions release workflows and automatically validate the new bundle-based signing process.
🔍 New Scripts
scripts/monitor-release-workflow.shscripts/monitor-and-validate-release.sh🎯 Use Cases
Primary Use Case: Validate New Bundle Signing
After PR #46 merged with improved bundle-based signing, we need to validate that:
.bundle) are created correctlyUsage Examples
🔧 Technical Features
Smart Workflow Detection
Real-Time Progress Tracking
Comprehensive Error Handling
Automatic Validation
validate-signing.shimmediately after release completionCargo.toml🚀 Expected Workflow
./scripts/monitor-and-validate-release.sh🧪 Testing
Tested Locally
Will Test in Practice
📋 Dependencies
ghcommand for workflow monitoringvalidate-signing.shfor signature verification🎯 Success Criteria
These scripts will be essential for validating that the improved bundle-based signing from PR #46 works correctly in practice and is ready for aqua registry submission.