Updated Cloudflare cache purge to use API Tokens (#5250)

* Updated cypress/scripts/binary/util/upload.coffee to use curl and API Tokens as the cfcli command currently *ONLY* supports API Keys.

* Update purge cache to use request-promise

* Cleanup & remove sync method

* Remove unused cloudflare-cli dep

* update appveyor encrypted secrets for cloudflare

* add missing deps


Co-authored-by: Zach Bloomquist <github@chary.us>
Co-authored-by: Brian Mann <brian.mann86@gmail.com>
This commit is contained in:
Devon
2019-10-11 21:30:32 -04:00
committed by Brian Mann
parent 89ceb7ac45
commit 1ce9575315
4 changed files with 58 additions and 50 deletions

View File

@@ -19,11 +19,10 @@ environment:
aws_credentials_json:
secure: ttGzd2/rW+i8H+pozcFxzZKU07B5INL8+LjD4vCOKes+tI6EaKhrLvAQ9xT7r+e1p8My8f4LrqvT+i37kbRCUPY4DHmUgagj3aj0OghsT0eX/Vr/6T4v1yndB7SX7FnG07eVcGb63r9f5kT7xu7ElJ9WXh1Ok5K69W0zDPsa1RGCCYqsTi4tH2h5EAZwjY1b
# CDN control
CF_DOMAIN: "cypress.io"
CF_EMAIL:
secure: +kZOcImCZVZJv/e/hQc3gvJ6xXSH88qg46cMwKn8mRo=
CF_TOKEN:
secure: d8SQfJ2r6qrKDjYWoFg3AzgY7aL6hTuE5OIlRr0TXkcXkZzdmYCujfzIYcCQfpZg
secure: nVGxcWxXGvrT621HmgMf9Mwm84dqo+cKHZj94OvyyWEGIZOJJkbWHsD/l2/r4a6Y
CF_ZONEID:
secure: SrZnd4BYW9PILEEi7y9VyXuC16C+qMEDT3QuV1PZZJa47TRkjcaYpAXhAHz0j0jT
# authenticate as Cypress bot when posting commit status checks
GH_APP_ID:
secure: oR0RVDbv6GKej4wwjkz7Zw==

View File

@@ -99,7 +99,6 @@
"chalk": "2.4.2",
"check-dependencies": "1.1.0",
"check-more-types": "2.24.0",
"cloudflare-cli": "3.2.2",
"coffeelint": "1.16.2",
"common-tags": "1.8.0",
"debug": "4.1.1",
@@ -148,6 +147,8 @@
"print-arch": "1.0.0",
"proxyquire": "2.1.0",
"ramda": "0.24.1",
"request": "2.88.0",
"request-promise": "4.2.4",
"shelljs": "0.8.3",
"shx": "0.3.2",
"sinon": "7.3.2",

View File

@@ -0,0 +1,43 @@
import _ from 'lodash'
import check from 'check-more-types'
import la from 'lazy-ass'
import rp from 'request-promise'
function hasCloudflareEnvironmentVars () {
return _.chain([process.env.CF_TOKEN, process.env.CF_ZONEID])
.map(check.unemptyString)
.every()
.value()
}
export function purgeCloudflareCache (url) {
la(
hasCloudflareEnvironmentVars(),
'Cannot purge Cloudflare cache without credentials. Ensure that the CF_TOKEN and CF_ZONEID environment variables are set.'
)
la(check.webUrl(url), 'Missing url to purge from Cloudflare.')
console.log(`Found CF_TOKEN and CF_ZONEID, purging Cloudflare cache for ${url}`)
const { CF_TOKEN, CF_ZONEID } = process.env
return rp({
body: {
files: [url],
},
headers: {
'Authorization': `Bearer ${CF_TOKEN}`,
},
json: true,
method: 'POST',
url: `https://api.cloudflare.com/client/v4/zones/${CF_ZONEID}/purge_cache`,
})
.promise()
.tap(() => {
console.log('Cloudflare cache successfully purged.')
})
.tapCatch((e) => {
console.error(`Could not purge ${url}. Error: ${e.message}`)
})
}

View File

@@ -5,11 +5,12 @@ human = require("human-interval")
la = require("lazy-ass")
check = require("check-more-types")
cp = require("child_process")
fs = require("fs")
fse = require("fs-extra")
os = require("os")
Promise = require("bluebird")
{configFromEnvOrJsonFile, filenameToShellVariable} = require('@cypress/env-or-json-file')
konfig = require('../../binary/get-config')()
{ purgeCloudflareCache } = require('./purge-cloudflare-cache')
formHashFromEnvironment = () ->
env = process.env
@@ -57,44 +58,8 @@ getPublisher = (getAwsObj = getS3Credentials) ->
secretAccessKey: aws.secret
}
hasCloudflareEnvironmentVars = () ->
check.unemptyString(process.env.CF_TOKEN) &&
check.unemptyString(process.env.CF_EMAIL) &&
check.unemptyString(process.env.CF_DOMAIN)
# depends on the credentials file or environment variables
makeCloudflarePurgeCommand = (url) ->
configFile = path.resolve(__dirname, "..", "support", ".cfcli.yml")
if fs.existsSync(configFile)
console.log("using CF credentials file")
return "cfcli purgefile -c #{configFile} #{url}"
else if hasCloudflareEnvironmentVars()
console.log("using CF environment variables")
token = process.env.CF_TOKEN
email = process.env.CF_EMAIL
domain = process.env.CF_DOMAIN
return "cfcli purgefile -e #{email} -k #{token} -d #{domain} #{url}"
else
throw new Error("Cannot form Cloudflare purge command without credentials")
# purges a given url from Cloudflare
purgeCache = (url) ->
la(check.url(url), "missing url to purge", url)
new Promise (resolve, reject) =>
console.log("purging url", url)
purgeCommand = makeCloudflarePurgeCommand(url)
cp.exec purgeCommand, (err, stdout, stderr) ->
if err
console.error("Could not purge #{url}")
console.error(err.message)
return reject(err)
console.log("#purgeCache: #{url}")
resolve()
getDestktopUrl = (version, osName, zipName) ->
url = [konfig("cdn_url"), "desktop", version, osName, zipName].join("/")
url
getDesktopUrl = (version, osName, zipName) ->
[konfig("cdn_url"), "desktop", version, osName, zipName].join("/")
# purges desktop application url from Cloudflare cache
purgeDesktopAppFromCache = ({version, platform, zipName}) ->
@@ -106,8 +71,9 @@ purgeDesktopAppFromCache = ({version, platform, zipName}) ->
osName = getUploadNameByOsAndArch(platform)
la(check.unemptyString(osName), "missing osName", osName)
url = getDestktopUrl(version, osName, zipName)
purgeCache(url)
url = getDesktopUrl(version, osName, zipName)
purgeCloudflareCache(url)
# purges links to desktop app for all platforms
# for a given version
@@ -155,14 +121,13 @@ saveUrl = (filename) -> (url) ->
la(check.unemptyString(filename), "missing filename", filename)
la(check.url(url), "invalid url to save", url)
s = JSON.stringify({url})
fs.writeFileSync(filename, s)
console.log("saved url", url)
console.log("into file", filename)
fse.writeFile(filename, s)
.then =>
console.log("saved url", url, "into file", filename)
module.exports = {
getS3Credentials,
getPublisher,
purgeCache,
purgeDesktopAppFromCache,
purgeDesktopAppAllPlatforms,
getUploadNameByOsAndArch,