Updated Cloudflare cache purge to use API Tokens (#5250)

* Updated cypress/scripts/binary/util/upload.coffee to use curl and API Tokens as the cfcli command currently *ONLY* supports API Keys. * Update purge cache to use request-promise * Cleanup & remove sync method * Remove unused cloudflare-cli dep * update appveyor encrypted secrets for cloudflare * add missing deps Co-authored-by: Zach Bloomquist <github@chary.us> Co-authored-by: Brian Mann <brian.mann86@gmail.com>
2026-02-27 03:19:22 -06:00 · 2019-10-11 21:30:32 -04:00
parent 89ceb7ac45
commit 1ce9575315
4 changed files with 58 additions and 50 deletions
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -19,11 +19,10 @@ environment:
  aws_credentials_json:
    secure: ttGzd2/rW+i8H+pozcFxzZKU07B5INL8+LjD4vCOKes+tI6EaKhrLvAQ9xT7r+e1p8My8f4LrqvT+i37kbRCUPY4DHmUgagj3aj0OghsT0eX/Vr/6T4v1yndB7SX7FnG07eVcGb63r9f5kT7xu7ElJ9WXh1Ok5K69W0zDPsa1RGCCYqsTi4tH2h5EAZwjY1b
  # CDN control
-  CF_DOMAIN: "cypress.io"
-  CF_EMAIL:
-    secure: +kZOcImCZVZJv/e/hQc3gvJ6xXSH88qg46cMwKn8mRo=
  CF_TOKEN:
-    secure: d8SQfJ2r6qrKDjYWoFg3AzgY7aL6hTuE5OIlRr0TXkcXkZzdmYCujfzIYcCQfpZg
+    secure: nVGxcWxXGvrT621HmgMf9Mwm84dqo+cKHZj94OvyyWEGIZOJJkbWHsD/l2/r4a6Y
+  CF_ZONEID:
+    secure: SrZnd4BYW9PILEEi7y9VyXuC16C+qMEDT3QuV1PZZJa47TRkjcaYpAXhAHz0j0jT
  # authenticate as Cypress bot when posting commit status checks
  GH_APP_ID:
    secure: oR0RVDbv6GKej4wwjkz7Zw==
--- a/package.json
+++ b/package.json
@@ -99,7 +99,6 @@
    "chalk": "2.4.2",
    "check-dependencies": "1.1.0",
    "check-more-types": "2.24.0",
-    "cloudflare-cli": "3.2.2",
    "coffeelint": "1.16.2",
    "common-tags": "1.8.0",
    "debug": "4.1.1",
@@ -148,6 +147,8 @@
    "print-arch": "1.0.0",
    "proxyquire": "2.1.0",
    "ramda": "0.24.1",
+    "request": "2.88.0",
+    "request-promise": "4.2.4",
    "shelljs": "0.8.3",
    "shx": "0.3.2",
    "sinon": "7.3.2",
--- a/scripts/binary/util/purge-cloudflare-cache.ts
+++ b/scripts/binary/util/purge-cloudflare-cache.ts
@@ -0,0 +1,43 @@
+import _ from 'lodash'
+import check from 'check-more-types'
+import la from 'lazy-ass'
+import rp from 'request-promise'
+
+function hasCloudflareEnvironmentVars () {
+  return _.chain([process.env.CF_TOKEN, process.env.CF_ZONEID])
+  .map(check.unemptyString)
+  .every()
+  .value()
+}
+
+export function purgeCloudflareCache (url) {
+  la(
+    hasCloudflareEnvironmentVars(),
+    'Cannot purge Cloudflare cache without credentials. Ensure that the CF_TOKEN and CF_ZONEID environment variables are set.'
+  )
+
+  la(check.webUrl(url), 'Missing url to purge from Cloudflare.')
+
+  console.log(`Found CF_TOKEN and CF_ZONEID, purging Cloudflare cache for ${url}`)
+
+  const { CF_TOKEN, CF_ZONEID } = process.env
+
+  return rp({
+    body: {
+      files: [url],
+    },
+    headers: {
+      'Authorization': `Bearer ${CF_TOKEN}`,
+    },
+    json: true,
+    method: 'POST',
+    url: `https://api.cloudflare.com/client/v4/zones/${CF_ZONEID}/purge_cache`,
+  })
+  .promise()
+  .tap(() => {
+    console.log('Cloudflare cache successfully purged.')
+  })
+  .tapCatch((e) => {
+    console.error(`Could not purge ${url}. Error: ${e.message}`)
+  })
+}
--- a/scripts/binary/util/upload.coffee
+++ b/scripts/binary/util/upload.coffee
@@ -5,11 +5,12 @@ human = require("human-interval")
 la = require("lazy-ass")
 check = require("check-more-types")
 cp = require("child_process")
-fs = require("fs")
+fse = require("fs-extra")
 os = require("os")
 Promise = require("bluebird")
 {configFromEnvOrJsonFile, filenameToShellVariable} = require('@cypress/env-or-json-file')
 konfig = require('../../binary/get-config')()
+{ purgeCloudflareCache } = require('./purge-cloudflare-cache')

 formHashFromEnvironment = () ->
  env = process.env
@@ -57,44 +58,8 @@ getPublisher = (getAwsObj = getS3Credentials) ->
    secretAccessKey: aws.secret
  }

-hasCloudflareEnvironmentVars = () ->
-  check.unemptyString(process.env.CF_TOKEN) &&
-  check.unemptyString(process.env.CF_EMAIL) &&
-  check.unemptyString(process.env.CF_DOMAIN)
-
-# depends on the credentials file or environment variables
-makeCloudflarePurgeCommand = (url) ->
-  configFile = path.resolve(__dirname, "..", "support", ".cfcli.yml")
-  if fs.existsSync(configFile)
-    console.log("using CF credentials file")
-    return "cfcli purgefile -c #{configFile} #{url}"
-  else if hasCloudflareEnvironmentVars()
-    console.log("using CF environment variables")
-    token = process.env.CF_TOKEN
-    email = process.env.CF_EMAIL
-    domain = process.env.CF_DOMAIN
-    return "cfcli purgefile -e #{email} -k #{token} -d #{domain} #{url}"
-  else
-    throw new Error("Cannot form Cloudflare purge command without credentials")
-
-# purges a given url from Cloudflare
-purgeCache = (url) ->
-  la(check.url(url), "missing url to purge", url)
-
-  new Promise (resolve, reject) =>
-    console.log("purging url", url)
-    purgeCommand = makeCloudflarePurgeCommand(url)
-    cp.exec purgeCommand, (err, stdout, stderr) ->
-      if err
-        console.error("Could not purge #{url}")
-        console.error(err.message)
-        return reject(err)
-      console.log("#purgeCache: #{url}")
-      resolve()
-
-getDestktopUrl = (version, osName, zipName) ->
-  url = [konfig("cdn_url"), "desktop", version, osName, zipName].join("/")
-  url
+getDesktopUrl = (version, osName, zipName) ->
+  [konfig("cdn_url"), "desktop", version, osName, zipName].join("/")

 # purges desktop application url from Cloudflare cache
 purgeDesktopAppFromCache = ({version, platform, zipName}) ->
@@ -106,8 +71,9 @@ purgeDesktopAppFromCache = ({version, platform, zipName}) ->

  osName = getUploadNameByOsAndArch(platform)
  la(check.unemptyString(osName), "missing osName", osName)
-  url = getDestktopUrl(version, osName, zipName)
-  purgeCache(url)
+  url = getDesktopUrl(version, osName, zipName)
+
+  purgeCloudflareCache(url)

 # purges links to desktop app for all platforms
 # for a given version
@@ -155,14 +121,13 @@ saveUrl = (filename) -> (url) ->
  la(check.unemptyString(filename), "missing filename", filename)
  la(check.url(url), "invalid url to save", url)
  s = JSON.stringify({url})
-  fs.writeFileSync(filename, s)
-  console.log("saved url", url)
-  console.log("into file", filename)
+  fse.writeFile(filename, s)
+  .then =>
+    console.log("saved url", url, "into file", filename)

 module.exports = {
  getS3Credentials,
  getPublisher,
-  purgeCache,
  purgeDesktopAppFromCache,
  purgeDesktopAppAllPlatforms,
  getUploadNameByOsAndArch,