build: rollback workflow (#13437)

* build: rollback workflow

* add validation step

* rollback github

* add npm rollback

* add script

* that

codebuild_specs/install_and_cache_dependencies.yml

@@ -0,0 +1,11 @@
+version: 0.2
+env:
+  shell: bash
+phases:
+  build:
+    commands:
+      - source ./shared-scripts.sh && _installAndCacheDependencies
+
+artifacts:
+  files:
+    - 'shared-scripts.sh'

codebuild_specs/release_workflows/github_rollback.yml

@@ -0,0 +1,11 @@
+version: 0.2
+env:
+  shell: bash
+phases:
+  build:
+    commands:
+      - source ./shared-scripts.sh && _githubRollback
+
+artifacts:
+  files:
+    - 'shared-scripts.sh'

codebuild_specs/release_workflows/rollback_workflow.yml

@@ -0,0 +1,34 @@
+version: 0.2
+env:
+  shell: bash
+  compute-type: BUILD_GENERAL1_MEDIUM
+  git-credential-helper: yes
+  variables:
+    AWS_DEFAULT_REGION: us-east-1
+    AWS_REGION: us-east-1
+    CDK_DEFAULT_REGION: us-east-1
+    CLI_REGION: us-east-1
+
+batch:
+  fast-fail: false
+  build-graph:
+    - identifier: install_dependencies
+      buildspec: codebuild_specs/install_and_cache_dependencies.yml
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+    - identifier: validate_rollback_target_version
+      buildspec: codebuild_specs/validate_rollback_target_version.yml
+      depend-on:
+        - install_dependencies
+    - identifier: github_rollback
+      buildspec: codebuild_specs/release_workflows/github_rollback.yml
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+      depend-on:
+        - validate_rollback_target_version
+    - identifier: rollback_npm
+      buildspec: codebuild_specs/rollback_npm.yml
+      env:
+        compute-type: BUILD_GENERAL1_LARGE
+      depend-on:
+        - validate_rollback_target_version

codebuild_specs/rollback_npm.yml

@@ -0,0 +1,11 @@
+version: 0.2
+env:
+  shell: bash
+  git-credential-helper: yes
+phases:
+  build:
+    commands:
+      - source ./shared-scripts.sh && _rollbackNpm
+artifacts:
+  files:
+    - 'shared-scripts.sh'

codebuild_specs/validate_rollback_target_version.yml

@@ -0,0 +1,11 @@
+version: 0.2
+env:
+  shell: bash
+phases:
+  build:
+    commands:
+      - source ./shared-scripts.sh && _validateRollbackTargetVersion
+
+artifacts:
+  files:
+    - 'shared-scripts.sh'

package.json

@@ -47,6 +47,7 @@
     "release-rc-local": "bash -c 'source ./scripts/cloud-release.sh && RCLocal'",
     "release-rc-beta": "bash -c 'source ./scripts/cloud-release.sh && RCBeta'",
     "release-rc": "bash -c 'source ./scripts/cloud-release.sh && RCProd'",
+    "rollback": "./scripts/cloud-rollback.sh",
     "tagged-release-without-e2e-local": "bash -c 'source ./scripts/cloud-release.sh && TaggedRCLocal'",
     "tagged-release-without-e2e-beta": "bash -c 'source ./scripts/cloud-release.sh && TaggedRCBeta'",
     "tagged-release-without-e2e-prod": "bash -c 'source ./scripts/cloud-release.sh && TaggedRCProd'",

scripts/cloud-rollback.sh

@@ -0,0 +1,22 @@
+#!/bin/bash -e
+
+scriptDir=$(dirname -- "$(readlink -f -- "$BASH_SOURCE")")
+source $scriptDir/.env set
+
+printf 'What version should I rollback to ? '
+read ROLLBACK_TARGET_VERSION
+
+mwinit
+ada cred update --profile=AmplifyCLIReleaseProd --account=$RELEASE_ACCOUNT_PROD --role=CodebuildRelease --provider=isengard --once
+RESULT=$(aws codebuild start-build-batch \
+--profile=AmplifyCLIReleaseProd \
+--region us-east-1 \
+--project-name Rollback \
+--build-timeout-in-minutes-override 60 \
+--source-version "dev" \
+--debug-session-enabled \
+--git-clone-depth-override=1000 \
+--environment-variables-override name=ROLLBACK_TARGET_VERSION,value=$ROLLBACK_TARGET_VERSION,type=PLAINTEXT \
+--query 'buildBatch.id' --output text)
+
+echo "https://us-east-1.console.aws.amazon.com/codesuite/codebuild/$RELEASE_ACCOUNT_PROD/projects/Rollback/batch/$RESULT?region=us-east-1"

scripts/github-common.ts

@@ -5,7 +5,7 @@ import * as path from 'path';
 /**
  * Some constants and utils shared by github-prerelease and github-release
  */
-const owner = 'aws-amplify';
+const owner = process.env.GITHUB_REPO_OWNER ?? 'aws-amplify';
 const repo = 'amplify-cli';
 const apiTemplate = (subdomain: string) => `${subdomain}.github.com/repos/${owner}/${repo}/releases`;
 const API_URL = apiTemplate('api');

scripts/github-rollback.ts

@@ -0,0 +1,26 @@
+import { releasesRequest, semverToGithubTag } from './github-common';
+import { join } from 'path';
+
+/**
+ * This function expects a 'version' to already exist.
+ * The release with proved version is marked as latest.
+ */
+const markReleaseAsLatest = async (version: string) => {
+  const { id: releaseId } = await releasesRequest(join('tags', semverToGithubTag(version)));
+  const releaseIdStr = (releaseId as number).toString();
+  console.log(`Marking release ${version} as latest`);
+  await releasesRequest(releaseIdStr, {
+    method: 'PATCH',
+    body: JSON.stringify({
+      prerelease: false,
+      make_latest: 'true',
+    }),
+  });
+};
+
+const main = async () => {
+  const version = process.argv[2].trim();
+  await markReleaseAsLatest(version);
+};
+
+main();

shared-scripts.sh

@@ -82,9 +82,14 @@ function _loadTestAccountCredentials {
     export AWS_SESSION_TOKEN=$(echo $creds | jq -c -r ".Credentials.SessionToken")
 }
 
-
-
-
+# Installs and caches dependencies
+# Use this in workflows that do not require building from CLI sources
+function _installAndCacheDependencies {
+    echo Install Dependencies
+    yarn --immutable
+    storeCache $CODEBUILD_SRC_DIR repo
+    storeCache $HOME/.cache .cache
+}
 function _buildLinux {
     echo Linux Build
     yarn --immutable
@@ -104,6 +109,17 @@ function _testLinux {
     # echo collecting coverage
     # yarn coverage
 }
+function _validateRollbackTargetVersion {
+    echo Validate Rollback Target Version
+    # download [repo, .cache from s3]
+    loadCache repo $CODEBUILD_SRC_DIR
+    loadCache .cache $HOME/.cache
+    if [ -z "$ROLLBACK_TARGET_VERSION" ]; then
+      echo "Rollback target version is missing. Make sure CodeBuild workflow was started with ROLLBACK_TARGET_VERSION environment variable"
+      exit 1
+    fi
+    yarn ts-node scripts/verify-deployment.ts -v $ROLLBACK_TARGET_VERSION
+}
 function _validateCDKVersion {
     echo Validate CDK Version
     # download [repo, .cache from s3]
@@ -699,6 +715,19 @@ function _publishToNpm {
 
     source ./.circleci/cb-publish-step-3-npm.sh
 }
+function _rollbackNpm {
+    loadCache repo $CODEBUILD_SRC_DIR
+
+    if [ -z "$ROLLBACK_TARGET_VERSION" ]; then
+      echo "Rollback target version is missing. Make sure CodeBuild workflow was started with ROLLBACK_TARGET_VERSION environment variable"
+      exit 1
+    fi
+
+    echo Authenticate with npm
+    echo "//registry.npmjs.org/:_authToken=$NPM_PUBLISH_TOKEN" > ~/.npmrc
+
+    npm dist-tag add @aws-amplify/cli@$ROLLBACK_TARGET_VERSION "latest"
+}
 function _postPublishPushToGit {
     loadCache repo $CODEBUILD_SRC_DIR
     loadCache all-binaries $CODEBUILD_SRC_DIR/out
@@ -714,6 +743,15 @@ function _githubRelease {
     version=$(cat .amplify-pkg-version)
     yarn ts-node scripts/github-release.ts $version $commit
 }
+function _githubRollback {
+    loadCache repo $CODEBUILD_SRC_DIR
+    echo Rollback Amplify CLI GitHub release
+    if [ -z "$ROLLBACK_TARGET_VERSION" ]; then
+      echo "Rollback target version is missing. Make sure CodeBuild workflow was started with ROLLBACK_TARGET_VERSION environment variable"
+      exit 1
+    fi
+    yarn ts-node scripts/github-rollback.ts $ROLLBACK_TARGET_VERSION
+}
 function _amplifyGeneralConfigTests {
     _loadE2ECache
     _install_packaged_cli_linux