Cancel Pulumi Lock #6

Workflow file for this run

.github/workflows/cancel-pulumi-lock.yml at ffceed6

	name: Cancel Pulumi Lock

	on:
	workflow_dispatch:
	inputs:
	environment:
	description: 'Environment to cancel lock for'
	required: true
	type: choice
	options:
	- staging
	- production
	action:
	description: 'Action to perform'
	required: true
	type: choice
	options:
	- cancel-pulumi-lock
	- check-migrations

	permissions:
	contents: read

	env:
	PULUMI_VERSION: "3.188.0"

	jobs:
	cancel-lock:
	name: Cancel Pulumi Lock
	runs-on: ubuntu-latest
	environment: ${{ inputs.environment }}
	steps:
	- name: Checkout code
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8

	- name: Setup Pulumi
	uses: pulumi/actions@d7ceb0215da5a14ec84f50b703365ddf0194a9c8
	with:
	pulumi-version: ${{ env.PULUMI_VERSION }}

	- name: Authenticate to Google Cloud (Staging)
	if: inputs.environment == 'staging'
	uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
	with:
	credentials_json: ${{ secrets.GCP_STAGING_SERVICE_ACCOUNT_KEY }}

	- name: Authenticate to Google Cloud (Production)
	if: inputs.environment == 'production'
	uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093
	with:
	credentials_json: ${{ secrets.GCP_PROD_SERVICE_ACCOUNT_KEY }}

	- name: Setup Google Cloud SDK (Staging)
	if: inputs.environment == 'staging'
	uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db
	with:
	project_id: mcp-registry-staging

	- name: Setup Google Cloud SDK (Production)
	if: inputs.environment == 'production'
	uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db
	with:
	project_id: mcp-registry-prod

	- name: Cancel Pulumi Lock (Staging)
	if: inputs.environment == 'staging' && inputs.action == 'cancel-pulumi-lock'
	working-directory: ./deploy
	env:
	PULUMI_STAGING_PASSPHRASE: ${{ secrets.PULUMI_STAGING_PASSPHRASE }}
	run: \|
	echo "$PULUMI_STAGING_PASSPHRASE" > passphrase.staging.txt
	pulumi login gs://mcp-registry-staging-pulumi-state
	PULUMI_CONFIG_PASSPHRASE_FILE=passphrase.staging.txt pulumi cancel --stack gcpStaging --yes

	- name: Cancel Pulumi Lock (Production)
	if: inputs.environment == 'production' && inputs.action == 'cancel-pulumi-lock'
	working-directory: ./deploy
	env:
	PULUMI_PROD_PASSPHRASE: ${{ secrets.PULUMI_PROD_PASSPHRASE }}
	run: \|
	echo "$PULUMI_PROD_PASSPHRASE" > passphrase.prod.txt
	pulumi login gs://mcp-registry-prod-pulumi-state
	PULUMI_CONFIG_PASSPHRASE_FILE=passphrase.prod.txt pulumi cancel --stack gcpProd --yes

	- name: Configure kubectl (Staging)
	if: inputs.environment == 'staging' && inputs.action == 'check-migrations'
	run: \|
	gcloud container clusters get-credentials mcp-registry-staging \
	--zone=us-central1-b \
	--project=mcp-registry-staging
	gcloud components install gke-gcloud-auth-plugin

	- name: Configure kubectl (Production)
	if: inputs.environment == 'production' && inputs.action == 'check-migrations'
	run: \|
	gcloud container clusters get-credentials mcp-registry-prod \
	--zone=us-central1-b \
	--project=mcp-registry-prod
	gcloud components install gke-gcloud-auth-plugin

	- name: Check Migrations
	if: inputs.action == 'check-migrations'
	run: \|
	echo "=== Listing all postgres secrets in default namespace ==="
	kubectl get secrets -n default \| grep registry-pg

	echo ""
	echo "=== Creating temporary postgres client pod ==="
	# Use the app user credentials from registry-pg-app secret
	DB_USER=$(kubectl get secret registry-pg-app -n default -o jsonpath='{.data.username}' \| base64 -d)
	DB_PASS=$(kubectl get secret registry-pg-app -n default -o jsonpath='{.data.password}' \| base64 -d)

	echo "Using database user: $DB_USER"

	kubectl run -n default pg-check-$(date +%s) \
	--image=postgres:15 \
	--rm -i --restart=Never \
	--env="PGPASSWORD=$DB_PASS" \
	-- bash -c "
	echo '=== Waiting for database to accept connections ==='
	for i in {1..30}; do
	if pg_isready -h registry-pg-rw -U $DB_USER 2>/dev/null; then
	echo 'Database is ready!'
	break
	fi
	echo \"Waiting... (\$i/30)\"
	sleep 2
	done

	echo ''
	echo '=== ALL Applied Migrations in ${{ inputs.environment }} ==='
	psql -h registry-pg-rw -U $DB_USER -d app -c 'SELECT version, name, applied_at FROM schema_migrations ORDER BY version;'

	echo ''
	echo '=== Checking for migration 009 specifically ==='
	MIGRATION_009_COUNT=\$(psql -h registry-pg-rw -U $DB_USER -d app -tAc 'SELECT COUNT(*) FROM schema_migrations WHERE version = 9;' 2>/dev/null \| tr -d '[:space:]')

	echo "Migration 009 count: '$MIGRATION_009_COUNT'"
	if [ -z "$MIGRATION_009_COUNT" ] \|\| [ "$MIGRATION_009_COUNT" = "0" ]; then
	echo "❌ Migration 009 NOT FOUND - this explains why packages still have old format"
	else
	echo "✅ Migration 009 IS APPLIED"
	fi

	echo ''
	echo '=== Sample Package Data (first 3 servers with packages) ==='
	psql -h registry-pg-rw -U $DB_USER -d app -c \"
	SELECT
	server_name,
	jsonb_pretty(value->'packages') as packages
	FROM servers
	WHERE value ? 'packages'
	AND jsonb_array_length(value->'packages') > 0
	LIMIT 3;
	\"

	echo ''
	echo '=== Database Schema/Layout ==='
	psql -h registry-pg-rw -U $DB_USER -d app -c '\dt+'

	echo ''
	echo '=== Schema for servers table ==='
	psql -h registry-pg-rw -U $DB_USER -d app -c '\d+ servers'

	echo ''
	echo '=== Schema for schema_migrations table ==='
	psql -h registry-pg-rw -U $DB_USER -d app -c '\d+ schema_migrations'
	"

	echo ""
	echo "=== Registry Server Logs (first 100 lines) ==="
	REGISTRY_POD=$(kubectl get pods -l app=mcp-registry -n default -o jsonpath='{.items[0].metadata.name}')
	if [ -n "$REGISTRY_POD" ]; then
	echo "Found registry pod: $REGISTRY_POD"
	kubectl logs -n default $REGISTRY_POD --tail=100
	else
	echo "⚠️ No registry pod found"
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cancel Pulumi Lock #6

Workflow file

Cancel Pulumi Lock #6

Uh oh!

Workflow file for this run