aaronrene / knowtation public
post-merge-hub-canister-release.sh bash
110 lines 4.3 KB
Raw
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor ⚠ breaking 1 day ago
1 #!/usr/bin/env bash
2 #
3 # Post-merge hub canister release (mainnet) when Netlify + 4Everland auto-deploy on push to main.
4 #
5 # Problem: merging to main may deploy the new gateway/UI before the canister is upgraded. Run this
6 # script immediately after merge (same machine as dfx + mainnet identity) to:
7 # 1) Sync to latest main (optional)
8 # 2) Run full preflight: migration checks, npm test, dfx build, optional JSON export backup
9 # 3) Optionally run dfx deploy (opt-in)
10 # 4) Optionally run read-only hosted API snapshot verify
11 #
12 # Usage (repo root):
13 # npm run release:post-merge-canister
14 # npm run release:post-merge-canister -- --sync-main
15 #
16 # Recommended .env (repo root; never commit secrets):
17 # KNOWTATION_CANISTER_BACKUP_USER_ID=google:… # or github:… — required for backup step
18 # KNOWTATION_CANISTER_URL=https://<id>.icp0.io # optional; defaults from hub/icp/canister_ids.json
19 # KNOWTATION_CANISTER_BACKUP_VAULT_ID=default # optional
20 #
21 # Optional:
22 # RUN_DFX_DEPLOY=1 — after preflight succeeds, run: dfx deploy hub --network ic (hub/icp)
23 # DFX_DEPLOY_IDENTITY=name — if set, runs: dfx identity use "$DFX_DEPLOY_IDENTITY" before deploy
24 # RUN_POST_VERIFY_SNAPSHOT=1 — after deploy block, run npm run verify:hosted-api; set in same shell:
25 # KNOWTATION_HUB_SNAPSHOT_ONLY=1 (and KNOWTATION_HUB_API if not default)
26 # SKIP_NPM_TEST=1 SKIP_DFX_BUILD=1 — passed through to canister-predeploy (escape hatches)
27 #
28 set -euo pipefail
29
30 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
31 REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
32 cd "$REPO_ROOT"
33
34 export NO_COLOR="${NO_COLOR:-}"
35 export CI="${CI:-}"
36 export TERM="${TERM:-}"
37
38 SYNC_MAIN=0
39 for arg in "$@"; do
40 case "$arg" in
41 --sync-main) SYNC_MAIN=1 ;;
42 -h | --help)
43 sed -n '2,45p' "$0" | sed 's/^# \{0,1\}//'
44 exit 0
45 ;;
46 *)
47 echo "Unknown option: $arg (use --sync-main or --help)"
48 exit 1
49 ;;
50 esac
51 done
52
53 if [[ "$SYNC_MAIN" == 1 ]]; then
54 echo "==> [0] Git: checkout main and pull (requires clean working tree)"
55 if [[ -n "$(git status --porcelain 2>/dev/null)" ]]; then
56 echo "ERROR: Working tree is not clean. Commit, stash, or discard changes, then retry."
57 exit 1
58 fi
59 git fetch origin main
60 git checkout main
61 git pull origin main
62 echo " Branch: $(git branch --show-current) @ $(git rev-parse --short HEAD)"
63 fi
64
65 echo "==> [1] Preflight + backup (canister-predeploy.sh)"
66 bash "$REPO_ROOT/scripts/canister-predeploy.sh"
67
68 echo ""
69 echo "==> [2] Mainnet deploy (manual unless RUN_DFX_DEPLOY=1)"
70 ICP_DIR="$REPO_ROOT/hub/icp"
71 if [[ "${RUN_DFX_DEPLOY:-}" == "1" ]]; then
72 if ! command -v dfx >/dev/null 2>&1; then
73 echo "ERROR: dfx not on PATH."
74 exit 1
75 fi
76 cd "$ICP_DIR"
77 if [[ -n "${DFX_DEPLOY_IDENTITY:-}" ]]; then
78 echo " dfx identity use ${DFX_DEPLOY_IDENTITY}"
79 dfx identity use "$DFX_DEPLOY_IDENTITY"
80 fi
81 echo " dfx deploy hub --network ic"
82 dfx deploy hub --network ic
83 cd "$REPO_ROOT"
84 echo " Canister deploy finished."
85 else
86 echo " Next (you run):"
87 echo " cd hub/icp && dfx identity use <your-deploy-identity> && dfx deploy hub --network ic"
88 echo " Or re-run with: RUN_DFX_DEPLOY=1 DFX_DEPLOY_IDENTITY=<name> npm run release:post-merge-canister"
89 fi
90
91 echo ""
92 echo "==> [3] After Netlify + 4Everland finish: smoke / test flight"
93 echo " - Wait for production Netlify + 4Everland deploys to complete (dashboards)."
94 echo " - Do NOT set KNOWTATION_HUB_PROPOSAL_ENRICH=1 on the gateway until the canister above is upgraded."
95 echo " - Read-only snapshot (no JWT):"
96 echo " KNOWTATION_HUB_SNAPSHOT_ONLY=1 KNOWTATION_HUB_API=https://<your-gateway-origin> npm run verify:hosted-api"
97 echo " - Optional multi-vault smoke (writes test notes — avoid production unless intended):"
98 echo " See docs/DEPLOY-HOSTED.md §5.1 and: npm run smoke:hosted-multi-vault"
99 echo " - Manual: Hub login → open a proposal → Enrich (AI) with enrich env ON."
100 echo ""
101 if [[ "${RUN_POST_VERIFY_SNAPSHOT:-}" == "1" ]]; then
102 echo "==> [3b] RUN_POST_VERIFY_SNAPSHOT=1 — npm run verify:hosted-api"
103 if [[ "${KNOWTATION_HUB_SNAPSHOT_ONLY:-}" != "1" ]]; then
104 echo "WARN: Set KNOWTATION_HUB_SNAPSHOT_ONLY=1 for read-only snapshot. Running anyway if script honors .env."
105 fi
106 npm run verify:hosted-api
107 fi
108
109 echo ""
110 echo "post-merge-hub-canister-release: done."
File History 2 commits
sha256:65ccb454656ea5acdea0a10e559b78bcde1eb6ff753ecc2911bc99d1c3d7cadd feat(calendar): enforce agent context tiers in retrieval AP… Human minor 1 day ago
sha256:9103f98c89257ed2b01c237cea895dabb3e85ea337dccb1161c175e4422355b6 docs: accept Calendar Events v0 spec with Phase 0 security … Human 1 day ago