Cancel Pulumi Lock #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Cancel Pulumi Lock | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| environment: | |
| description: 'Environment to cancel lock for' | |
| required: true | |
| type: choice | |
| options: | |
| - staging | |
| - production | |
| action: | |
| description: 'Action to perform' | |
| required: true | |
| type: choice | |
| options: | |
| - cancel-pulumi-lock | |
| - check-migrations | |
| permissions: | |
| contents: read | |
| env: | |
| PULUMI_VERSION: "3.188.0" | |
| jobs: | |
| cancel-lock: | |
| name: Cancel Pulumi Lock | |
| runs-on: ubuntu-latest | |
| environment: ${{ inputs.environment }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| - name: Setup Pulumi | |
| uses: pulumi/actions@d7ceb0215da5a14ec84f50b703365ddf0194a9c8 | |
| with: | |
| pulumi-version: ${{ env.PULUMI_VERSION }} | |
| - name: Authenticate to Google Cloud (Staging) | |
| if: inputs.environment == 'staging' | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 | |
| with: | |
| credentials_json: ${{ secrets.GCP_STAGING_SERVICE_ACCOUNT_KEY }} | |
| - name: Authenticate to Google Cloud (Production) | |
| if: inputs.environment == 'production' | |
| uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 | |
| with: | |
| credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }} | |
| - name: Setup Google Cloud SDK (Staging) | |
| if: inputs.environment == 'staging' | |
| uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db | |
| with: | |
| project_id: mcp-registry-staging | |
| - name: Setup Google Cloud SDK (Production) | |
| if: inputs.environment == 'production' | |
| uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db | |
| with: | |
| project_id: mcp-registry-prod | |
| - name: Cancel Pulumi Lock (Staging) | |
| if: inputs.environment == 'staging' && inputs.action == 'cancel-pulumi-lock' | |
| working-directory: ./deploy | |
| env: | |
| PULUMI_STAGING_PASSPHRASE: ${{ secrets.PULUMI_STAGING_PASSPHRASE }} | |
| run: | | |
| echo "$PULUMI_STAGING_PASSPHRASE" > passphrase.staging.txt | |
| pulumi login gs://mcp-registry-staging-pulumi-state | |
| PULUMI_CONFIG_PASSPHRASE_FILE=passphrase.staging.txt pulumi cancel --stack gcpStaging --yes | |
| - name: Cancel Pulumi Lock (Production) | |
| if: inputs.environment == 'production' && inputs.action == 'cancel-pulumi-lock' | |
| working-directory: ./deploy | |
| env: | |
| PULUMI_PROD_PASSPHRASE: ${{ secrets.PULUMI_PROD_PASSPHRASE }} | |
| run: | | |
| echo "$PULUMI_PROD_PASSPHRASE" > passphrase.prod.txt | |
| pulumi login gs://mcp-registry-prod-pulumi-state | |
| PULUMI_CONFIG_PASSPHRASE_FILE=passphrase.prod.txt pulumi cancel --stack gcpProd --yes | |
| - name: Configure kubectl (Staging) | |
| if: inputs.environment == 'staging' && inputs.action == 'check-migrations' | |
| run: | | |
| gcloud container clusters get-credentials mcp-registry-staging \ | |
| --zone=us-central1-b \ | |
| --project=mcp-registry-staging | |
| gcloud components install gke-gcloud-auth-plugin | |
| - name: Configure kubectl (Production) | |
| if: inputs.environment == 'production' && inputs.action == 'check-migrations' | |
| run: | | |
| gcloud container clusters get-credentials mcp-registry-prod \ | |
| --zone=us-central1-b \ | |
| --project=mcp-registry-prod | |
| gcloud components install gke-gcloud-auth-plugin | |
| - name: Check Migrations | |
| if: inputs.action == 'check-migrations' | |
| run: | | |
| echo "=== Getting postgres pod name ===" | |
| POD_NAME=$(kubectl get pods -l cnpg.io/cluster=registry-pg -n default -o jsonpath='{.items[0].metadata.name}') | |
| echo "Found postgres pod: $POD_NAME" | |
| echo "" | |
| echo "=== ALL Applied Migrations in ${{ inputs.environment }} ===" | |
| kubectl exec -n default $POD_NAME -- \ | |
| psql -U app -d app -c "SELECT version, name, applied_at FROM schema_migrations ORDER BY version;" | |
| echo "" | |
| echo "=== Checking for migration 009 specifically ===" | |
| MIGRATION_009_COUNT=$(kubectl exec -n default $POD_NAME -- \ | |
| psql -U app -d app -tAc "SELECT COUNT(*) FROM schema_migrations WHERE version = 9;" | tr -d '[:space:]') | |
| if [ "$MIGRATION_009_COUNT" = "0" ]; then | |
| echo "❌ Migration 009 NOT FOUND - this explains why packages still have old format" | |
| else | |
| echo "✅ Migration 009 IS APPLIED" | |
| fi | |
| echo "" | |
| echo "=== Sample Package Data (first 3 servers with packages) ===" | |
| kubectl exec -n default $POD_NAME -- \ | |
| psql -U app -d app -c " | |
| SELECT | |
| server_name, | |
| jsonb_pretty(value->'packages') as packages | |
| FROM servers | |
| WHERE value ? 'packages' | |
| AND jsonb_array_length(value->'packages') > 0 | |
| LIMIT 3; | |
| " | |
| echo "" | |
| echo "=== Database Schema/Layout ===" | |
| kubectl exec -n default $POD_NAME -- \ | |
| psql -U app -d app -c "\dt+" | |
| echo "" | |
| echo "=== Schema for 'servers' table ===" | |
| kubectl exec -n default $POD_NAME -- \ | |
| psql -U app -d app -c "\d+ servers" | |
| echo "" | |
| echo "=== Schema for 'schema_migrations' table ===" | |
| kubectl exec -n default $POD_NAME -- \ | |
| psql -U app -d app -c "\d+ schema_migrations" | |
| echo "" | |
| echo "=== Registry Server Logs (first 100 lines) ===" | |
| REGISTRY_POD=$(kubectl get pods -l app=mcp-registry -n default -o jsonpath='{.items[0].metadata.name}') | |
| if [ -n "$REGISTRY_POD" ]; then | |
| echo "Found registry pod: $REGISTRY_POD" | |
| kubectl logs -n default $REGISTRY_POD --tail=100 | |
| else | |
| echo "⚠️ No registry pod found" | |
| fi |