terminus-github-actions icon indicating copy to clipboard operation
terminus-github-actions copied to clipboard

Published 20 hours ago verified publisher icon pantheon-systems

Enhance Terminus Installation Reliability

Open lcatlett opened this issue 7 months ago • 2 comments
trafficstars

Problem

The current Terminus installation process has several reliability issues:

  1. It lacks validation of the download's success.
  2. It fails to verify the integrity of the downloaded file.
  3. Utilizing the latest version without validation results in non-deterministic builds.
  4. Error reporting is inadequate, hindering troubleshooting efforts.

These issues have affected a few Pantheon customers, one of which recently encountered hard-to-diagnose failures in their CI pipelines. Errors such as /usr/local/bin/terminus: line 1: Not: command not found were observed, indicating a download failure while the workflow proceeded, causing significant workflow disruptions and troubleshooting challenges.

Solution

This pull request addresses these issues by:

  1. Enhancing version selection with rigorous validation.
  2. Implementing download validation using curl --fail.
  3. Verifying the SHA256 checksum of the downloaded file.
  4. Adding basic file type verification.
  5. Enhancing error reporting for improved troubleshooting.
  6. Verifying the installation with terminus --version.

Implementation Details

1. Improved Version Selection

  • The existing approach of fetching the latest version is retained but enhanced with strict validation.
  • If the GitHub API request fails or returns an invalid version string, the workflow terminates with a clear error message.
  • The input parameter description now recommends specifying a version for deterministic builds.
  • There is no fallback to hardcoded versions; either the version is accurately detected or the user must specify one.

These modifications enhance the reliability of the action and mitigate common installation failures while preserving compatibility with existing workflows that explicitly specify a version.

Code Changes

The pull request updates the "Set Terminus version" and "Install Terminus" steps in action.yml to incorporate these enhancements:

  1. Implemented robust validation for the version retrieval process.
  2. Enhanced download validation with improved error reporting capabilities.
  3. Introduced checksum verification to ensure the integrity of the downloaded files.
  4. Added file type validation to ensure compatibility with the intended file formats.
  5. Implemented installation verification to confirm the successful completion of the installation process.

Users who explicitly specify a version using the terminus-version parameter will continue to experience the same behavior, but the reliability of the action has been significantly improved. Users who rely on automatic version detection will benefit from enhanced error handling and clear failure messages, providing more timely feedback in the event of installation issues.

These modifications directly address the challenges faced by Pantheon customers running into CI failures with errors like line 1: Not: command not found by promptly identifying and resolving installation problems as the root cause, rather than allowing them to recur later with cryptic error messages that can hinder development velocity and consume troubleshooting time for both customers and support teams trying to diagnose issues originating in the CI configuration.

lcatlett avatar Apr 02 '25 00:04 lcatlett

Download of both phar and checksum failing, flipping to draft until ready for re-review.

pwtyler avatar Apr 02 '25 01:04 pwtyler

@lcatlett what would you think of moving the GitHub Action that installs Terminus to the Terminus repo?

Here's an example of from Deno where the repo containing the command line tool also contains the Action to install that version: https://github.com/denoland/deployctl

stevector avatar Apr 11 '25 20:04 stevector