Distribute React Native DevTools binaries via GitHub Releases #52930
Conversation
meta-cla
bot
added
the
CLA Signed
motiz88
force-pushed
the
rndt-binaries-to-release-assets
branch
from
daa25bf to
9fbe3bf
Compare
motiz88
force-pushed
the
rndt-binaries-to-release-assets
branch
2 times, most recently
from
9773024 to
c59042a
Compare
motiz88
force-pushed
the
rndt-binaries-to-release-assets
branch
3 times, most recently
from
0f87802 to
a4c2f83
Compare
motiz88
changed the title
facebook-github-bot
added
the
Shared with Meta
cipolleschi
left a comment
cipolleschi
left a comment
There was a problem hiding this comment.
I left some comments.
The PR is quite big, it would be nice to split it in smaller parts.
| token, | ||
| ); | ||
| log(`Created draft release: ${release}`); | ||
| log(`Created draft release: ${release.html_url}`); |
There was a problem hiding this comment.
nit: does it make sense to also log the id, for debugging purposes?
| await uploadReleaseAssetsForDotSlash({ | ||
| version, | ||
| token: '${{secrets.REACT_NATIVE_BOT_GITHUB_TOKEN}}', | ||
| releaseId: process.env.RELEASE_ID, |
There was a problem hiding this comment.
| releaseId: process.env.RELEASE_ID, | |
| releaseId: ${{ steps.create-draft-release.outputs.result }} |
cortinico
left a comment
cortinico
left a comment
There was a problem hiding this comment.
Great stuff! :)
If we could have this PR split in smaller one woudl be ideal
| push: | ||
| branches: | ||
| - main |
There was a problem hiding this comment.
This feels wrong, are you sure about it?
There was a problem hiding this comment.
It turns out it's correct. Still I'm not 100% sure why we would need to run a continous validation of the dotslash artifacts. Specifically, this is a job that will run on main (also, why not on PRs also then) and that is heavily dependent on network, so it could result in a lot of red signals for us
There was a problem hiding this comment.
Running on PRs targeting main is reasonable - it's just largely unnecessary, because we're only going to be touching the DotSlash files in bot commits that will be auto-landed in fbsource and then exported to the main branch.
To reduce the false positive rate, we could narrow this down further to commits that actually touch the DotSlash file(s), though of course that could miss infra changes in the repo that might break the workflow.
The scenario I'm trying to prevent is one where our internal binary publishing pipeline / CDN gets broken and stops being accessible from OSS, but we only find out extremely late, when we try to create a release commit. (As explained in the summary, we can't run the validation continuously in the branch because it would fail - by design - between pushing the release commit and publishing the release).
There was a problem hiding this comment.
(As explained in the summary, we can't run the validation continuously in the branch because it would fail - by design - between pushing the release commit and publishing the release).
Let's let it run only on *-stable branches then?
There was a problem hiding this comment.
Let's let it run only on
*-stablebranches then?
That's not feasible, unless we're OK with letting the job fail on release commits (and in fact tagging the release on a commit that has red CI signals!)
There was a problem hiding this comment.
The scenario I'm trying to prevent is one where our internal binary publishing pipeline / CDN gets broken and stops being accessible from OSS, but we only find out extremely late, when we try to create a release commit.
Hmm, what about on nightlies instead?
There was a problem hiding this comment.
Oh interesting. I don't know that we want to block nightlies on this - doesn't look like we do so when another kind of test is broken - but I'm definitely open to making this a scheduled job for periodic validation, plus running on pushes+PRs that touch the actual DotSlash file and related infra. WDYT?
|
Re: splitting this PR - this is really the smallest version of the PR that allows the overall solution to be reviewed (and tested end-to-end), especially with the lack of support for stacks on GH. I'm happy to work on making the code clearer for ease of review, but splitting it into separate branches would likely result in more bugs IMO. |
You can either create a PR with several commits, or several chained PRs to help with this. |
|
@cortinico I can definitely flatten the commit history in this PR a bit more now that it's functionally complete. There would be 3-4 logical commits (one for each modified workflow and probably one for shared utilities) which should be easier to review one by one. |
motiz88
force-pushed
the
rndt-binaries-to-release-assets
branch
6 times, most recently
from
7db1656 to
e1dc194
Compare
|
@cipolleschi, @cortinico: I've addressed feedback and done a deep refactoring pass for ease of review (smaller and more readable functions, extensive tests, logical commits each with its own summary). |
Summary: Adds some reusable Jest snapshot serializers used later in this PR.
Summary: Adds the `write-dotslash-release-asset-urls` script and hooks it up to the `create-release-commit` script. After this script runs, the branch will reference GitHub release assets that haven't been uploaded yet - this is necessary because we publish the branch to npm before we ever create a draft GitHub release we can upload things to. In a separate commit in this PR, we will augment the `create-draft-release` workflow to actually upload the assets, based on the contents of the release commit. Comes with unit tests.
Summary: Augments the `create-draft-release` workflow to upload GitHub release assets referenced by the first-party DotSlash files in the repo, based on the output of `create-release-commit`. Comes with unit tests.
Summary: Adds a workflow to ensure the following: * Continuously: `main` contains valid DotSlash files that reference valid artifacts. * When a release is published: the release contains valid DotSlash files that reference valid artifacts. This gives us confidence that branch cuts start in a valid state and that releases go out in a valid state. This is particularly important since there is a span of time, between the release commit and the publishing of the GH release, when the job would fail (as the release assets are not hosted at their final URLs yet). This is a fairly trivial script built on top of unit-tested utilities: `processDotSlashFileInPlace`, `getWithCurl`, `validateDotSlashArtifactData`.
motiz88
force-pushed
the
rndt-binaries-to-release-assets
branch
from
a6f8246 to
1c2fbb8
Compare
|
Added types for |
motiz88
force-pushed
the
rndt-binaries-to-release-assets
branch
from
4a4afa8 to
843f561
Compare
| valid URLs that return the described artifacts. This script is intended to run | ||
| in two key scenarios: | ||
| 1. Continuously on main - this verifies the output of the Meta-internal CI pipeline |
| push: | ||
| branches: | ||
| - main |
There was a problem hiding this comment.
The scenario I'm trying to prevent is one where our internal binary publishing pipeline / CDN gets broken and stops being accessible from OSS, but we only find out extremely late, when we try to create a release commit.
Hmm, what about on nightlies instead?
huntie
left a comment
huntie
left a comment
There was a problem hiding this comment.
LGTM, happy in one diff and with the change to nightly runs :)
Summary:
We were using `--write-out %{header_json}` but this feature requires curl 7.83.0. Some of our CI environments have an older version of curl so we need a different approach.
|
This pull request was successfully merged by @motiz88 in 1f57ae5 When will my fix make it into a release? | How to file a pick request? |
…ok#52930) Summary: bypass-github-export-checks OSS release infrastructure for the (experimental) React Native DevTools standalone shell. Currently, binaries are built continuously on Meta infra and served from the Meta CDN using fbcdn.net URLs checked into a DotSlash file in the repo, e.g.: https://github.com/facebook/react-native/blob/15373218ec572c0e43325845b80a849ad5174cc3/packages/debugger-shell/bin/react-native-devtools#L9-L18 For open source releases we want to primarily distribute the binaries as GitHub release assets, while keeping the Meta CDN URLs as a secondary option. This PR makes the necessary changes to the release workflows to support this: * `workflows/create-release.yml` (modified): As part of the release commit, rewrite the DotSlash file to include the release asset URLs. * **NOTE:** After this commit, **the new URLs don't work yet**, because they refer to a release that hasn't been published. Despite this, the DotSlash file remains valid and usable (because DotSlash will happily fall back to the Meta CDN URLs, which are still in the file). * `workflows/create-draft-release.yml` (modified): After creating a draft release, fetch the binaries from the Meta CDN and reupload them to GitHub as release assets. This is based on the contents of the DotSlash file rewritten by `create-release.yml`. * `workflows/validate-dotslash-artifacts.yml` (new): After the release is published, all URLs referenced by the DotSlash (both Meta CDN URL and GH release asset URLs) should be valid and refer to the same artifacts. This workflow checks that this is the case. * If this workflow fails on a published release, the release may need to be burned or a hotfix release may be necessary - as the release will stop working correctly once the Meta CDN stops serving the assets. * This workflow will also be running continuously on `main`. If it fails on a commit in `main`, there might be a connectivity issue between the GHA runner and the Meta CDN, or there might be an issue on the Meta side. NOTE: These changes to the release pipeline are generic and reusable; if we later add another DotSlash-based tool whose binaries need to be mirrored as GitHub release assets, we just need to add it to the `FIRST_PARTY_DOTSLASH_FILES` array. [Internal] Mirror React Native DevTools binaries in GitHub Releases Pull Request resolved: facebook#52930 Test Plan: I've added unit tests for `dotslash-utils`, `curl-utils`, and for the majority of the logic that makes up the new release scripts (`write-dotslash-release-assets-urls`, `upload-release-assets-for-dotslash`, `validate-dotslash-artifacts`). Created a test branch and draft PR: facebook#53147. Locally created a release commit, simulating the create-release GH workflow: ``` node scripts/releases/create-release-commit.js --reactNativeVersion 0.82.0-20250903-0830 --no-dry-run ``` This updated the DotSlash file in the branch: facebook@2deeb7e#diff-205a9ff6005e30be061eaa64b9cb50b15b0e909dd188e0866189e952655a3483 NOTE: I've also ensured that the `create-release-commit` script correctly updates the DotSlash file when running from a branch that already has a release commit - see screenshot: <img width="1483" height="587" alt="image" src="https://github.com/user-attachments/assets/1ffd859b-e02b-483d-8067-9cc9116829a4" /> Enabled testing the create-draft-release GH workflow in the test branch using these temporary hacks: * facebook@81f334e * facebook@6d88516 * facebook@1428a8d Workflow run: https://github.com/facebook/react-native/actions/runs/17426711373/job/49475327346 Draft release: https://github.com/facebook/react-native/releases/tag/untagged-c6a62a58e5baa37936e1 Draft release screenshot for posterity (since we'll likely delete the draft release after landing this): <img width="1024" height="814" alt="image" src="https://github.com/user-attachments/assets/1900da15-48f6-4274-b29c-0ac2019d92c0" /> For obvious reasons, I've avoided actually publishing the above draft release. But I have run the `validate-dotslash-artifacts` workflow on the *current* branch to ensure that the logic is correct: https://github.com/motiz88/react-native/actions/runs/17426885205/job/49475888486 Running `node scripts/releases/validate-dotslash-artifacts.js` in the release branch (without publishing the release first) fails, as expected: <img width="1105" height="748" alt="image" src="https://github.com/user-attachments/assets/ed23a2e2-7a31-42eb-a324-f1d50eafe2fb" /> This PR is all the infra needed ahead of the 0.82 ~~branch cut~~ infra freeze to support the React Native DevTools standalone shell, at least on the GitHub side. ~~Some minor infra work remains on the Meta side, plus some product/logic changes to the React Native DevTools standalone shell that I'm intending to finish in time for 0.82 (for an experimental rollout).~~ EDIT: All the planned work has landed; the feature is code-complete on `main` as well as in `0.82-stable` (apart from this infra change). As a one-off, once we've actually published 0.82.0-rc.1, we'll want to have a human look at the published artifacts and CI workflow logs to ensure everything is in order. (I'll make sure to communicate this to the 0.82 release crew.) Afterwards, the automation added in this PR should be sufficient. Reviewed By: huntie Differential Revision: D81578704 Pulled By: motiz88 fbshipit-source-id: 6a4a48c3713221a89dd5fc88851674c1ddc6bb10
#53604) Summary: bypass-github-export-checks OSS release infrastructure for the (experimental) React Native DevTools standalone shell. Currently, binaries are built continuously on Meta infra and served from the Meta CDN using fbcdn.net URLs checked into a DotSlash file in the repo, e.g.: https://github.com/facebook/react-native/blob/15373218ec572c0e43325845b80a849ad5174cc3/packages/debugger-shell/bin/react-native-devtools#L9-L18 For open source releases we want to primarily distribute the binaries as GitHub release assets, while keeping the Meta CDN URLs as a secondary option. This PR makes the necessary changes to the release workflows to support this: * `workflows/create-release.yml` (modified): As part of the release commit, rewrite the DotSlash file to include the release asset URLs. * **NOTE:** After this commit, **the new URLs don't work yet**, because they refer to a release that hasn't been published. Despite this, the DotSlash file remains valid and usable (because DotSlash will happily fall back to the Meta CDN URLs, which are still in the file). * `workflows/create-draft-release.yml` (modified): After creating a draft release, fetch the binaries from the Meta CDN and reupload them to GitHub as release assets. This is based on the contents of the DotSlash file rewritten by `create-release.yml`. * `workflows/validate-dotslash-artifacts.yml` (new): After the release is published, all URLs referenced by the DotSlash (both Meta CDN URL and GH release asset URLs) should be valid and refer to the same artifacts. This workflow checks that this is the case. * If this workflow fails on a published release, the release may need to be burned or a hotfix release may be necessary - as the release will stop working correctly once the Meta CDN stops serving the assets. * This workflow will also be running continuously on `main`. If it fails on a commit in `main`, there might be a connectivity issue between the GHA runner and the Meta CDN, or there might be an issue on the Meta side. NOTE: These changes to the release pipeline are generic and reusable; if we later add another DotSlash-based tool whose binaries need to be mirrored as GitHub release assets, we just need to add it to the `FIRST_PARTY_DOTSLASH_FILES` array. [Internal] Mirror React Native DevTools binaries in GitHub Releases Pull Request resolved: #52930 Test Plan: I've added unit tests for `dotslash-utils`, `curl-utils`, and for the majority of the logic that makes up the new release scripts (`write-dotslash-release-assets-urls`, `upload-release-assets-for-dotslash`, `validate-dotslash-artifacts`). Created a test branch and draft PR: #53147. Locally created a release commit, simulating the create-release GH workflow: ``` node scripts/releases/create-release-commit.js --reactNativeVersion 0.82.0-20250903-0830 --no-dry-run ``` This updated the DotSlash file in the branch: 2deeb7e#diff-205a9ff6005e30be061eaa64b9cb50b15b0e909dd188e0866189e952655a3483 NOTE: I've also ensured that the `create-release-commit` script correctly updates the DotSlash file when running from a branch that already has a release commit - see screenshot: <img width="1483" height="587" alt="image" src="https://github.com/user-attachments/assets/1ffd859b-e02b-483d-8067-9cc9116829a4" /> Enabled testing the create-draft-release GH workflow in the test branch using these temporary hacks: * 81f334e * 6d88516 * 1428a8d Workflow run: https://github.com/facebook/react-native/actions/runs/17426711373/job/49475327346 Draft release: https://github.com/facebook/react-native/releases/tag/untagged-c6a62a58e5baa37936e1 Draft release screenshot for posterity (since we'll likely delete the draft release after landing this): <img width="1024" height="814" alt="image" src="https://github.com/user-attachments/assets/1900da15-48f6-4274-b29c-0ac2019d92c0" /> For obvious reasons, I've avoided actually publishing the above draft release. But I have run the `validate-dotslash-artifacts` workflow on the *current* branch to ensure that the logic is correct: https://github.com/motiz88/react-native/actions/runs/17426885205/job/49475888486 Running `node scripts/releases/validate-dotslash-artifacts.js` in the release branch (without publishing the release first) fails, as expected: <img width="1105" height="748" alt="image" src="https://github.com/user-attachments/assets/ed23a2e2-7a31-42eb-a324-f1d50eafe2fb" /> This PR is all the infra needed ahead of the 0.82 ~~branch cut~~ infra freeze to support the React Native DevTools standalone shell, at least on the GitHub side. ~~Some minor infra work remains on the Meta side, plus some product/logic changes to the React Native DevTools standalone shell that I'm intending to finish in time for 0.82 (for an experimental rollout).~~ EDIT: All the planned work has landed; the feature is code-complete on `main` as well as in `0.82-stable` (apart from this infra change). As a one-off, once we've actually published 0.82.0-rc.1, we'll want to have a human look at the published artifacts and CI workflow logs to ensure everything is in order. (I'll make sure to communicate this to the 0.82 release crew.) Afterwards, the automation added in this PR should be sufficient. Reviewed By: huntie Differential Revision: D81578704 Pulled By: motiz88 fbshipit-source-id: 6a4a48c3713221a89dd5fc88851674c1ddc6bb10
|
This pull request was successfully merged by @motiz88 in fdc4da9 When will my fix make it into a release? | How to file a pick request? |
7 participants
Summary:
OSS release infrastructure for the (experimental) React Native DevTools standalone shell.
Currently, binaries are built continuously on Meta infra and served from the Meta CDN using fbcdn.net URLs checked into a DotSlash file in the repo, e.g.:
react-native/packages/debugger-shell/bin/react-native-devtools
Lines 9 to 18 in 1537321
For open source releases we want to primarily distribute the binaries as GitHub release assets, while keeping the Meta CDN URLs as a secondary option. This PR makes the necessary changes to the release workflows to support this:
workflows/create-release.yml(modified): As part of the release commit, rewrite the DotSlash file to include the release asset URLs.workflows/create-draft-release.yml(modified): After creating a draft release, fetch the binaries from the Meta CDN and reupload them to GitHub as release assets. This is based on the contents of the DotSlash file rewritten bycreate-release.yml.workflows/validate-dotslash-artifacts.yml(new): After the release is published, all URLs referenced by the DotSlash (both Meta CDN URL and GH release asset URLs) should be valid and refer to the same artifacts. This workflow checks that this is the case.main. If it fails on a commit inmain, there might be a connectivity issue between the GHA runner and the Meta CDN, or there might be an issue on the Meta side.NOTE: These changes to the release pipeline are generic and reusable; if we later add another DotSlash-based tool whose binaries need to be mirrored as GitHub release assets, we just need to add it to the
FIRST_PARTY_DOTSLASH_FILESarray.Changelog:
[Internal] Mirror React Native DevTools binaries in GitHub Releases
Test Plan:
Step 0: Unit tests
I've added unit tests for
dotslash-utils,curl-utils, and for the majority of the logic that makes up the new release scripts (write-dotslash-release-assets-urls,upload-release-assets-for-dotslash,validate-dotslash-artifacts).Step 1: Test release commit
Created a test branch and draft PR: #53147.
Locally created a release commit, simulating the create-release GH workflow:
This updated the DotSlash file in the branch: 2deeb7e#diff-205a9ff6005e30be061eaa64b9cb50b15b0e909dd188e0866189e952655a3483
NOTE: I've also ensured that the
create-release-commitscript correctly updates the DotSlash file when running from a branch that already has a release commit - see screenshot:Step 2: Test draft release
Enabled testing the create-draft-release GH workflow in the test branch using these temporary hacks:
Workflow run: https://github.com/facebook/react-native/actions/runs/17426711373/job/49475327346
Draft release: https://github.com/facebook/react-native/releases/tag/untagged-c6a62a58e5baa37936e1
Draft release screenshot for posterity (since we'll likely delete the draft release after landing this):
Step 3: Test post-release validation script
For obvious reasons, I've avoided actually publishing the above draft release. But I have run the
validate-dotslash-artifactsworkflow on the current branch to ensure that the logic is correct: https://github.com/motiz88/react-native/actions/runs/17426885205/job/49475888486Running
node scripts/releases/validate-dotslash-artifacts.jsin the release branch (without publishing the release first) fails, as expected:Next steps
This PR is all the infra needed ahead of the 0.82
branch cutinfra freeze to support the React Native DevTools standalone shell, at least on the GitHub side.Some minor infra work remains on the Meta side, plus some product/logic changes to the React Native DevTools standalone shell that I'm intending to finish in time for 0.82 (for an experimental rollout).EDIT: All the planned work has landed; the feature is code-complete onmainas well as in0.82-stable(apart from this infra change).As a one-off, once we've actually published 0.82.0-rc.1, we'll want to have a human look at the published artifacts and CI workflow logs to ensure everything is in order. (I'll make sure to communicate this to the 0.82 release crew.) Afterwards, the automation added in this PR should be sufficient.