// SPDX-FileCopyrightText: 2020 Serokell
// SPDX-FileCopyrightText: 2020 Andreas Fuchs
//
// SPDX-License-Identifier: MPL-2.0
use clap::Clap;
use tokio::fs;
use tokio::process::Command;
use tokio::sync::mpsc;
use tokio::time::timeout;
use std::time::Duration;
use std::path::Path;
use notify::{RecommendedWatcher, RecursiveMode, Watcher};
use thiserror::Error;
#[macro_use]
extern crate log;
#[macro_use]
extern crate serde_derive;
#[macro_use]
mod utils;
/// Activation portion of the simple Rust Nix deploy tool
#[derive(Clap, Debug)]
#[clap(version = "1.0", author = "Serokell ")]
struct Opts {
profile_path: String,
closure: String,
/// Print debug logs to output
#[clap(short, long)]
debug_logs: bool,
/// File to print logs to (including the background activation process)
#[clap(long)]
log_dir: Option,
/// Temp path for any temporary files that may be needed during activation
#[clap(long)]
temp_path: String,
/// Maximum time to wait for confirmation after activation
#[clap(long)]
confirm_timeout: u16,
/// Wait for confirmation after deployment and rollback if not confirmed
#[clap(long)]
magic_rollback: bool,
/// Auto rollback if failure
#[clap(long)]
auto_rollback: bool,
}
#[derive(Error, Debug)]
pub enum DeactivateError {
#[error("Failed to execute the rollback command: {0}")]
RollbackError(std::io::Error),
#[error("The rollback resulted in a bad exit code: {0:?}")]
RollbackExitError(Option),
#[error("Failed to run command for listing generations: {0}")]
ListGenError(std::io::Error),
#[error("Command for listing generations resulted in a bad exit code: {0:?}")]
ListGenExitError(Option),
#[error("Error converting generation list output to utf8: {0}")]
DecodeListGenUtf8Error(#[from] std::string::FromUtf8Error),
#[error("Failed to run command for deleting generation: {0}")]
DeleteGenError(std::io::Error),
#[error("Command for deleting generations resulted in a bad exit code: {0:?}")]
DeleteGenExitError(Option),
#[error("Failed to run command for re-activating the last generation: {0}")]
ReactivateError(std::io::Error),
#[error("Command for re-activating the last generation resulted in a bad exit code: {0:?}")]
ReactivateExitError(Option),
}
pub async fn deactivate(profile_path: &str) -> Result<(), DeactivateError> {
warn!("De-activating due to error");
let nix_env_rollback_exit_status = Command::new("nix-env")
.arg("-p")
.arg(&profile_path)
.arg("--rollback")
.status()
.await
.map_err(DeactivateError::RollbackError)?;
match nix_env_rollback_exit_status.code() {
Some(0) => (),
a => return Err(DeactivateError::RollbackExitError(a)),
};
debug!("Listing generations");
let nix_env_list_generations_out = Command::new("nix-env")
.arg("-p")
.arg(&profile_path)
.arg("--list-generations")
.output()
.await
.map_err(DeactivateError::ListGenError)?;
match nix_env_list_generations_out.status.code() {
Some(0) => (),
a => return Err(DeactivateError::ListGenExitError(a)),
};
let generations_list = String::from_utf8(nix_env_list_generations_out.stdout)?;
let last_generation_line = generations_list
.lines()
.last()
.expect("Expected to find a generation in list");
let last_generation_id = last_generation_line
.split_whitespace()
.next()
.expect("Expected to get ID from generation entry");
debug!("Removing generation entry {}", last_generation_line);
warn!("Removing generation by ID {}", last_generation_id);
let nix_env_delete_generation_exit_status = Command::new("nix-env")
.arg("-p")
.arg(&profile_path)
.arg("--delete-generations")
.arg(last_generation_id)
.status()
.await
.map_err(DeactivateError::DeleteGenError)?;
match nix_env_delete_generation_exit_status.code() {
Some(0) => (),
a => return Err(DeactivateError::DeleteGenExitError(a)),
};
info!("Attempting to re-activate the last generation");
let re_activate_exit_status = Command::new(format!("{}/deploy-rs-activate", profile_path))
.env("PROFILE", &profile_path)
.current_dir(&profile_path)
.status()
.await
.map_err(DeactivateError::ReactivateError)?;
match re_activate_exit_status.code() {
Some(0) => (),
a => return Err(DeactivateError::ReactivateExitError(a)),
};
Ok(())
}
#[derive(Error, Debug)]
pub enum ActivationConfirmationError {
#[error("Failed to create activation confirmation directory: {0}")]
CreateConfirmDirError(std::io::Error),
#[error("Failed to create activation confirmation file: {0}")]
CreateConfirmFileError(std::io::Error),
#[error("Failed to create file system watcher instance: {0}")]
CreateWatcherError(notify::Error),
#[error("Error forking process: {0}")]
ForkError(i32),
#[error("Could not watch for activation sentinel: {0}")]
WatcherError(#[from] notify::Error),
}
#[derive(Error, Debug)]
pub enum DangerZoneError {
#[error("Timeout elapsed for confirmation")]
TimesUp,
#[error("inotify stream ended without activation confirmation")]
NoConfirmation,
#[error("inotify encountered an error: {0}")]
WatchError(notify::Error),
}
async fn danger_zone(
mut events: mpsc::Receiver>,
confirm_timeout: u16,
) -> Result<(), DangerZoneError> {
info!("Waiting for confirmation event...");
match timeout(Duration::from_secs(confirm_timeout as u64), events.recv()).await {
Ok(Some(Ok(()))) => Ok(()),
Ok(Some(Err(e))) => Err(DangerZoneError::WatchError(e)),
Ok(None) => Err(DangerZoneError::NoConfirmation),
Err(_) => Err(DangerZoneError::TimesUp),
}
}
pub async fn activation_confirmation(
profile_path: String,
temp_path: String,
confirm_timeout: u16,
closure: String,
) -> Result<(), ActivationConfirmationError> {
let lock_hash = &closure["/nix/store/".len()..];
let lock_path = format!("{}/deploy-rs-canary-{}", temp_path, lock_hash);
if let Some(parent) = Path::new(&lock_path).parent() {
fs::create_dir_all(parent)
.await
.map_err(ActivationConfirmationError::CreateConfirmDirError)?;
}
fs::File::create(&lock_path)
.await
.map_err(ActivationConfirmationError::CreateConfirmDirError)?;
let (deleted, done) = mpsc::channel(1);
let mut watcher: RecommendedWatcher =
Watcher::new_immediate(move |res: Result| {
let send_result = match res {
Ok(e) if e.kind == notify::EventKind::Remove(notify::event::RemoveKind::File) => {
deleted.blocking_send(Ok(()))
}
Ok(_) => Ok(()), // ignore non-removal events
Err(e) => deleted.blocking_send(Err(e)),
};
if let Err(e) = send_result {
// We can't communicate our error, but panic-ing would
// be bad; let's write an error and trust that the
// activate function will realize we aren't sending
// data.
eprintln!("Could not send file system event to watcher: {}", e);
}
})?;
watcher.watch(lock_path, RecursiveMode::Recursive)?;
if let fork::Fork::Child =
fork::daemon(false, false).map_err(ActivationConfirmationError::ForkError)?
{
std::thread::spawn(move || {
let rt = tokio::runtime::Runtime::new().unwrap();
rt.block_on(async move {
if let Err(err) = danger_zone(done, confirm_timeout).await {
if let Err(err) = deactivate(&profile_path).await {
good_panic!("Error de-activating due to another error in confirmation thread, oh no...: {}", err);
}
good_panic!("Error in confirmation thread: {}", err);
}
});
})
.join()
.unwrap();
info!("Confirmation successful!");
}
std::process::exit(0);
}
#[derive(Error, Debug)]
pub enum ActivateError {
#[error("Failed to execute the command for setting profile: {0}")]
SetProfileError(std::io::Error),
#[error("The command for setting profile resulted in a bad exit code: {0:?}")]
SetProfileExitError(Option),
#[error("Failed to execute the activation script: {0}")]
RunActivateError(std::io::Error),
#[error("The activation script resulted in a bad exit code: {0:?}")]
RunActivateExitError(Option),
#[error("There was an error de-activating after an error was encountered: {0}")]
DeactivateError(#[from] DeactivateError),
#[error("Failed to get activation confirmation: {0}")]
ActivationConfirmationError(#[from] ActivationConfirmationError),
}
pub async fn activate(
profile_path: String,
closure: String,
auto_rollback: bool,
temp_path: String,
confirm_timeout: u16,
magic_rollback: bool,
) -> Result<(), ActivateError> {
info!("Activating profile");
let nix_env_set_exit_status = Command::new("nix-env")
.arg("-p")
.arg(&profile_path)
.arg("--set")
.arg(&closure)
.status()
.await
.map_err(ActivateError::SetProfileError)?;
match nix_env_set_exit_status.code() {
Some(0) => (),
a => {
if auto_rollback {
deactivate(&profile_path).await?;
}
return Err(ActivateError::SetProfileExitError(a));
}
};
let activate_status = match Command::new(format!("{}/deploy-rs-activate", profile_path))
.env("PROFILE", &profile_path)
.current_dir(&profile_path)
.status()
.await
.map_err(ActivateError::RunActivateError)
{
Ok(x) => x,
Err(e) => {
if auto_rollback {
deactivate(&profile_path).await?;
}
return Err(e);
}
};
match activate_status.code() {
Some(0) => (),
a => {
if auto_rollback {
deactivate(&profile_path).await?;
}
return Err(ActivateError::RunActivateExitError(a));
}
};
info!("Activation succeeded!");
if magic_rollback {
info!("Magic rollback is enabled, setting up confirmation hook...");
match activation_confirmation(profile_path.clone(), temp_path, confirm_timeout, closure)
.await
{
Ok(()) => {}
Err(err) => {
deactivate(&profile_path).await?;
return Err(ActivateError::ActivationConfirmationError(err));
}
};
}
Ok(())
}
#[tokio::main]
async fn main() -> Result<(), Box> {
let opts: Opts = Opts::parse();
utils::init_logger(opts.debug_logs, opts.log_dir.as_deref(), true)?;
match activate(
opts.profile_path,
opts.closure,
opts.auto_rollback,
opts.temp_path,
opts.confirm_timeout,
opts.magic_rollback,
)
.await
{
Ok(()) => (),
Err(err) => good_panic!("{}", err),
}
Ok(())
}