From cf53dda418892d745eeafcd0c46682cad7289d73 Mon Sep 17 00:00:00 2001 From: Weimin Yu Date: Tue, 21 Jan 2020 15:20:37 -0500 Subject: [PATCH] Check for post-deployment Flyway script changes (#448) * Check for post-deployment Flyway script changes Add a script that checks for changes to scripts that have been deployed to sandbox. This is test in to be invoked in presubmit and ci. Extracted common shell functions to an 'rc' file. Also renamed existing script to be consistent with other shell scripts. --- ...ityTests.sh => run_compatibility_tests.sh} | 33 +-------- integration/run_schema_check.sh | 74 +++++++++++++++++++ integration/testutils_bashrc | 42 +++++++++++ 3 files changed, 120 insertions(+), 29 deletions(-) rename integration/{runCompatibilityTests.sh => run_compatibility_tests.sh} (83%) create mode 100755 integration/run_schema_check.sh create mode 100644 integration/testutils_bashrc diff --git a/integration/runCompatibilityTests.sh b/integration/run_compatibility_tests.sh similarity index 83% rename from integration/runCompatibilityTests.sh rename to integration/run_compatibility_tests.sh index 1940a04de..c9404386d 100755 --- a/integration/runCompatibilityTests.sh +++ b/integration/run_compatibility_tests.sh @@ -50,32 +50,7 @@ Options: SCRIPT_DIR="$(realpath $(dirname $0))" -# Fetch the tag of the currently deployed release of Nomulus server -# or SQL schema. -function fetchVersion() { - local deployed_system=${1} - local env=${2} - local dev_project=${3} - echo $(gsutil cat\ - gs://${dev_project}-deployed-tags/${deployed_system}.${env}.tag) -} - -function getChangeCountSinceVersion() { - local deployed_system=${1} - local version=${2} - local changes - - if [[ ${deployed_system} == "sql " ]]; then - changes=$(git diff --name-only ${version} \ - db/src/main/resources/sql/flyway | wc -l) - else - changes=$(git diff --name-only ${version} \ - core/src/main/resources/META-INF \ - core/src/main/java/google/registry/persistence \ - db/src/main/resources/sql/schema/db-schema.sql.generated | wc -l) - fi - echo ${changes} -} +. "${SCRIPT_DIR}/testutils_bashrc" function runTest() { local deployed_system=${1} @@ -109,7 +84,7 @@ function runTest() { -PdevProject=${dev_project} \ -Pnomulus_version=${nomulus_version} \ -Pschema_version=${schema_version} \ - -Ppublish_repo=gcs://${dev_project}-deployed-tags/maven) + -Ppublish_repo=https://storage.googleapis.com/${dev_project}-deployed-tags/maven) } set -e @@ -120,7 +95,7 @@ while true; do -p | --project) DEV_PROJECT="$2"; shift 2 ;; -s | --sut) SUT="$2"; shift 2 ;; -e | --env) ENV="$2"; shift 2 ;; - -h | --help) echo "${USAGE}"; shift ;; + -h | --help) echo "${USAGE}"; exit 0 ;; --) shift; break ;; *) echo "${USAGE}"; exit 1 ;; esac @@ -164,6 +139,6 @@ else echo "- ${ENV} at ${TARGET_VERSION}" fi -for v in ${VERSIONS[@]}; do +for v in "${VERSIONS[@]}"; do runTest ${DEPLOYED_SYSTEM} ${v} ${DEV_PROJECT} done diff --git a/integration/run_schema_check.sh b/integration/run_schema_check.sh new file mode 100755 index 000000000..ce37eaab8 --- /dev/null +++ b/integration/run_schema_check.sh @@ -0,0 +1,74 @@ +#!/bin/bash +# Copyright 2020 The Nomulus Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This script runs the sqlIntegrationTestSuite in a given server release +# against a specific Cloud SQL schema release. When invoked during presubmit +# tests, it detects code or schema changes that are incompatible with current +# deployments in production. + +USAGE=" +$(basename "$0") [--help] +or +$(basename "$0") OPTIONS +Checks for post-deployment change to Flyway scripts. + +With Flyway, once an incremental change script is deployed, it must not be +changed. Even changes to comments or whitespaces would cause validation +failures during future deployment. This script checks for changes to scripts +that have already been deployed to Sandbox. The assumption is that the schema +in Sandbox is always newer than that in production. + +Options: + -h, --help show this help text + -p, --project + the GCP project with deployment infrastructure. It should + take the devProject property defined in the Gradle root + project." + +SCRIPT_DIR="$(realpath $(dirname $0))" + +. "${SCRIPT_DIR}/testutils_bashrc" + +set -e + +eval set -- $(getopt -o p:s:e:h -l project:,sut:,env:,help -- "$@") +while true; do + case "$1" in + -p | --project) DEV_PROJECT="$2"; shift 2 ;; + -h | --help) echo "${USAGE}"; exit 0 ;; + --) shift; break ;; + *) echo "${USAGE}"; exit 1 ;; + esac +done + +if [[ -z "${DEV_PROJECT}" ]]; then + echo "${USAGE}" + exit 1 +fi + +sandbox_tag=$(fetchVersion sql sandbox ${DEV_PROJECT}) +echo "Checking Flyway scripts against schema in Sandbox (${sandbox_tag})." +modified_sqls=$(git diff --name-status ${sandbox_tag} \ + db/src/main/resources/sql/flyway | grep ^M | grep \.sql$ | wc -l) + +if [[ ${modified_sqls} = 0 ]]; then + echo "No illegal change to deployed schema scripts." + exit 0 +else + echo "Changes to the following files are not allowed:" + echo $(git diff --name-status ${sandbox_tag} \ + db/src/main/resources/sql/flyway | grep ^M | grep \.sql$) + exit 1 +fi diff --git a/integration/testutils_bashrc b/integration/testutils_bashrc new file mode 100644 index 000000000..8fd92370c --- /dev/null +++ b/integration/testutils_bashrc @@ -0,0 +1,42 @@ +# Copyright 2020 The Nomulus Authors. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file declares shell functions used by other scripts in this folder. + +# Fetch the tag of the currently deployed release of Nomulus server +# or SQL schema. +function fetchVersion() { + local deployed_system=${1} + local env=${2} + local dev_project=${3} + echo $(gsutil cat \ + gs://${dev_project}-deployed-tags/${deployed_system}.${env}.tag) +} + +function getChangeCountSinceVersion() { + local deployed_system=${1} + local version=${2} + local changes + + if [[ ${deployed_system} == "sql " ]]; then + changes=$(git diff --name-only ${version} \ + db/src/main/resources/sql/flyway | wc -l) + else + changes=$(git diff --name-only ${version} \ + core/src/main/resources/META-INF \ + core/src/main/java/google/registry/persistence \ + db/src/main/resources/sql/schema/db-schema.sql.generated | wc -l) + fi + echo ${changes} +}