Add bin/update-observe.js to automate post-release Observe updates#7407
Merged
Conversation
0525313 to
335e62c
Compare
335e62c to
c41ca49
Compare
gonzaloriestra
approved these changes
Apr 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

WHY are these changes introduced?
The CLI minor release runbook includes three manual post-release steps to point Observe at the just-released CLI version:
Spike in Errors (vX.Y.Z))Today these are 3 manual checkbox steps in the runbook. They're easy to forget and easy to fat-finger. This PR collapses them to one command.
WHAT is this pull request doing?
Adds
bin/update-observe.js(no new deps) and apnpm update-observescript:--versionis required and must be concreteX.Y.Z.--resourceis optional; valid keys live inbin/observe-cli-resources.json(slo-correctness-app-deploy,slo-correctness,slo-p50-latency,slo-p75-latency,alert-spike-errors,error-project-cli).How it works (live-first, no templates)
For each managed resource the script:
shopify-monitoring.shopifycloud.com/query(sloDefinition,ruleConfig,errorProject).X.Y.Zliteral it finds in the version-touching fields:namesli.expression(andweightExpressionif present)cli_version=filter valuename,expression, and theapp.versionfilter insidecustomErrorFiltersnameand theapp.versionfilter insideerrorFiltersobjective,alertType,vaultTeamId,notificationPolicyId,useRecordingRules,severityThresholds, etc.) are preserved verbatim from what's currently live.Because patching is done against the live values (not against templates in JSON), any manual edits made directly in Observe — wording tweaks, extra labels in the name, etc. — round-trip untouched.
Wildcard preservation
If a live resource pins a partial version like
3.*.*or4.90.*, the script preserves the wildcard components and only rewrites the numeric ones. Given--version=4.95.3:3.94.24.95.33.*.*4.*.*4.90.*4.95.**.*.**.*.*Wildcards are intentionally not allowed in the
--versionargument — the input is always concrete; only Observe owns the wildcards.Auth
No external tooling required. On first run the script opens
https://shopify-monitoring.shopifycloud.com/gqlin your browser, prompts you to paste theMINERVA_TOKENcookie value, and caches it at~/Library/Caches/shopify-cli/observe-cookie(mode 0600) only after verifying the cookie works against the API. Subsequent runs reuse the cache; if the cookie expires, the script detects the SSO redirect and re-prompts.Where to find the
MINERVA_TOKENcookiehttps://shopify-monitoring.shopifycloud.com/gql, sign in via Okta if prompted. You'll land on either a GraphQL playground page or a JSON404/405— both are fine; the cookie has been set.Applicationtab →Storage→Cookies→https://shopify-monitoring.shopifycloud.comStoragetab →Cookies→https://shopify-monitoring.shopifycloud.comStoragetab →Cookies→shopify-monitoring.shopifycloud.comName=MINERVA_TOKEN.Value(long opaque string).Make sure you're looking at cookies for
shopify-monitoring.shopifycloud.com, notobserve.shopify.io— those are different.Non-interactive use
For CI or scripted runs, set
$MINERVA_TOKENdirectly to skip the prompt:Files
bin/update-observe.js— the script (no new deps)bin/observe-cli-resources.json— declarative list of managed resources (key,kind,id, optionalversionFilterColumn); no templatespnpm update-observeentry in rootpackage.jsonHow to test your changes?
node bin/update-observe.js --version=3.94.2 --dry-run— payloads look correct for all 6 resourcesnode bin/update-observe.js --dry-run— fails with "--version is required"node bin/update-observe.js --version=garbage --dry-run— rejects non-semvernode bin/update-observe.js --version=3.*.* --dry-run— rejects wildcards in--versionnode bin/update-observe.js --version=3.94.2 --resource=slo-p50-latency --dry-run— updates only the selected resourcenode bin/update-observe.js --version=3.94.2 --resource=nope --dry-run— fails and lists valid keysMINERVA_TOKEN=bogus pnpm update-observe -- --version=3.94.2— fails with "refresh it from your browser"; cache is not written3.*.*+--version=4.95.3→4.*.*; live4.90.*→4.95.*Post-release steps
pnpm update-observestep.pnpm update-observeintobin/post-releaseso it runs alongside the homebrew/docs/notification PR creation. Skipped for now because it requires CI auth setup; the runbook step can run locally with the developer's own monitoring token.Checklist
chmod 0600is best-effort on Windows