Skip to content

Releases: drevops/vortex-tooling

1.3.0

Choose a tag to compare

@AlexSkrypnyk AlexSkrypnyk released this 01 Jul 02:44

What's new since 1.2.0

Breaking changes

  • Renamed 'VORTEX_LOCALDEV_URL' environment variable to 'LOCALDEV_URL'. @AlexSkrypnyk (drevops/vortex#2748)
    Consumers who set VORTEX_LOCALDEV_URL (typically in .env.local) must rename it to LOCALDEV_URL. The shipped vortex-info and vortex-doctor scripts now read LOCALDEV_URL when printing the site URL and checking webserver health and no longer recognise the old name; the value is shared with the unprefixed LAGOON_ROUTE, so dropping the VORTEX_ prefix aligns it with its sibling.
  • #2715 Prefixed all tooling scripts with 'vortex-' and surfaced user-facing ones as Composer binaries. @AlexSkrypnyk (drevops/vortex#2741)
    All shipped scripts are renamed with a vortex- prefix and the 15 user-facing entrypoints are exposed as vendor/bin/vortex-* Composer binaries. Replace every direct reference to vendor/drevops/vortex-tooling/src/<name> with vendor/bin/vortex-<name> (for example src/provision becomes vendor/bin/vortex-provision and src/fetch-db becomes vendor/bin/vortex-fetch-db); internal sub-scripts keep the prefix but are not exposed as binaries.
  • #2739 Renamed 'upload-db-s3' to 'push-db-s3' and aligned tooling and playground script names. @AlexSkrypnyk (drevops/vortex#2740)
    The upload-db-s3 script is renamed to push-db-s3 and its VORTEX_UPLOAD_DB_S3_* variables to VORTEX_PUSH_DB_S3_*, fitting the fetch-* (in) / push-* (out) verb taxonomy. Rename any VORTEX_UPLOAD_DB_S3_* overrides to VORTEX_PUSH_DB_S3_* and update calls to the new script name.
  • #2733 Renamed the container-image push scripts and variables from 'deploy' to 'push' and dropped the container-registry deploy type. @AlexSkrypnyk (drevops/vortex#2737)
    deploy-container-registry and deploy-db-image are renamed to push-container-registry and push-db-image, the VORTEX_DEPLOY_CONTAINER_REGISTRY* variables to VORTEX_PUSH_CONTAINER_REGISTRY*, and VORTEX_EXPORT_DB_CONTAINER_REGISTRY_DEPLOY_PROCEED to VORTEX_EXPORT_DB_CONTAINER_REGISTRY_PUSH_PROCEED. Rename those variables, update calls to the renamed scripts, and remove any container_registry entry from VORTEX_DEPLOY_TYPES - that deploy type is dropped (the valid types are now artifact, webhook, lagoon), while the generic VORTEX_CONTAINER_REGISTRY* fallbacks are unchanged.
  • #2723 Extracted the container image deployment from 'export-db' into a dedicated script. @AlexSkrypnyk (drevops/vortex#2727)
    export-db is now a pure exporter and no longer pushes the exported database container image to the registry; the push moves to the dedicated push-db-image script, wired as a separate opt-in step gated by VORTEX_EXPORT_DB_CONTAINER_REGISTRY_PUSH_PROCEED. If you invoked export-db directly and relied on it also pushing the image, call the dedicated push script after exporting; the CI fresh-fetch semaphore is also renamed from /tmp/fetch-db-success to /tmp/fetch-db-fresh.
  • #2726 Renamed the 'download-db' command, variables and installer source to 'fetch'. @AlexSkrypnyk (drevops/vortex#2730)
    The download-db script and its six drivers (-acquia, -container-registry, -ftp, -lagoon, -s3, -url) are renamed to fetch-db*, every VORTEX_DOWNLOAD_DB* variable to VORTEX_FETCH_DB*, and the VORTEX_SSH_PREFIX_DOWNLOAD Lagoon variable to VORTEX_SSH_PREFIX_FETCH. Rename those overrides accordingly (the ahoy download-db command name is kept as an alias); for the Lagoon-over-SSH path, also rename the GitHub Actions secret and variable to VORTEX_FETCH_DB_SSH_PRIVATE_KEY / VORTEX_FETCH_DB_SSH_KNOWN_HOSTS in repository settings.
  • #2713 Converted 'ahoy reset hard' to the 'ahoy reset --hard' option flag. @AlexSkrypnyk (drevops/vortex#2717)
    The reset script now recognises a hard reset only via the --hard option flag; the legacy positional reset hard is no longer honoured and falls through to a soft reset. Update any reset hard invocations (including ahoy reset hard) to reset --hard.

Highlights

  • #2715 Prefixed all tooling scripts with 'vortex-' and surfaced user-facing ones as Composer binaries. @AlexSkrypnyk (drevops/vortex#2741)
    The 15 user-facing tooling scripts are now installed as vendor/bin/vortex-* binaries, so you can invoke vendor/bin/vortex-provision, vendor/bin/vortex-fetch-db, vendor/bin/vortex-deploy and the rest directly from PATH instead of reaching into the package's src/ directory.
  • #2720 Extracted a dedicated 'import-db' script reused by provision and ahoy. @AlexSkrypnyk (drevops/vortex#2728)
    ahoy import-db now reliably imports the dump: a dedicated import-db / import-db-file pair (mirroring export-db) replaces the old routing through provision, which silently preserved the database on an existing site with VORTEX_PROVISION_OVERRIDE_DB=0. The import fails fast when the dump is missing or unreadable - so it can never drop the database and leave nothing imported - and prompts for confirmation first.
  • #2718 Used 'export-db' for the Lagoon pre-deployment database backup. @AlexSkrypnyk (drevops/vortex#2724)
    export-db now auto-detects whether it runs on the host or inside a container (honouring a RUN_ON_HOST override, otherwise probing for docker), so it works inside a Lagoon container with no Docker available. The Lagoon pre-deployment backup uses the public export-db router directly, dropping the previous hard Docker dependency.
  • #2719 Added a platform-agnostic 'task' runner for hosting operations. @AlexSkrypnyk (drevops/vortex#2721)
    A new platform-agnostic task runner lets hosting hooks call a single task <operation> entrypoint - copy-db, copy-files, or purge-cache - and dispatches to the implementation for the configured platform (acquia or lagoon), selected via VORTEX_TASK_PLATFORM with a fallback to VORTEX_PLATFORM. Operations and platforms are validated against whitelists before any script runs.
  • #2643 Hardened the host-side database-download tooling scripts. @AlexSkrypnyk (drevops/vortex#2648)
    The host-side database-download scripts are hardened against three latent issues: the Acquia Cloud API token is redacted from VORTEX_DEBUG=1 logs instead of printed verbatim, a failed URL download (curl -fLs) now aborts instead of writing an HTTP error body into a corrupt db.sql, and the S3 SigV4 signing no longer mishandles a % in an object key.

All changes

  • Renamed 'VORTEX_LOCALDEV_URL' environment variable to 'LOCALDEV_URL'. @AlexSkrypnyk (drevops/vortex#2748)
    The local development URL variable read by the shipped vortex-info and vortex-doctor scripts is renamed from VORTEX_LOCALDEV_URL to LOCALDEV_URL, matching the unprefixed LAGOON_ROUTE it shares a value with. Set LOCALDEV_URL in place of VORTEX_LOCALDEV_URL to override the local site URL.
  • #2715 Prefixed all tooling scripts with 'vortex-' and surfaced user-facing ones as Composer binaries. @AlexSkrypnyk (drevops/vortex#2741)
    Every shipped script is renamed with a vortex- prefix, and the 15 user-facing entrypoints (vortex-deploy, vortex-doctor, vortex-export-db, vortex-fetch-db, vortex-import-db, vortex-info, vortex-login, vortex-login-container-registry, vortex-logout, vortex-notify, vortex-provision, vortex-push-db-image, vortex-reset, vortex-task, vortex-update) are declared in composer.json's bin array so Composer installs them as vendor/bin/vortex-*. Internal sub-scripts gain the prefix but are not surfaced as binaries; update callers from vendor/drevops/vortex-tooling/src/<name> to vendor/bin/vortex-<name>.
  • #2739 Renamed 'upload-db-s3' to 'push-db-s3' and aligned tooling and playground script names. @AlexSkrypnyk (drevops/vortex#2740)
    The upload-db-s3 script becomes push-db-s3 and its VORTEX_UPLOAD_DB_S3_* variables become VORTEX_PUSH_DB_S3_*, fitting the fetch-* (in) / push-* (out) verb taxonomy alongside fetch-db-s3 and push-db-image. The script is also hardened with pipefail, curl connect/max timeouts, a URL-encoded S3 object key, and a set -x deferred past request signing so credentials are never traced.
  • #2733 Renamed the container-image push scripts and variables from 'deploy' to 'push' and dropped the container-registry deploy type. @AlexSkrypnyk (drevops/vortex#2737)
    The registry-push scripts deploy-container-registry and deploy-db-image are renamed to push-container-registry and push-db-image, the VORTEX_DEPLOY_CONTAINER_REGISTRY* variables to VORTEX_PUSH_CONTAINER_REGISTRY*, and VORTEX_EXPORT_DB_CONTAINER_REGISTRY_DEPLOY_PROCEED to VORTEX_EXPORT_DB_CONTAINER_REGISTRY_PUSH_PROCEED, because pushing an image to a registry is a push, not a deploy. The vestigial container_registry deploy type - which never dispatched - is removed, leav...
Read more

1.2.0

Choose a tag to compare

@AlexSkrypnyk AlexSkrypnyk released this 16 Jun 07:05

What's new since 1.1.0

Breaking changes

  • Moved custom provision scripts to 'scripts' and deprecated 'scripts/custom'. @AlexSkrypnyk (drevops/vortex#2539)
    The provision script's default VORTEX_PROVISION_SCRIPTS_DIR changed from ./scripts/custom to ./scripts, and scripts/custom/ is no longer scanned - there is no backward-compatible fallback. If you keep custom provision-*.sh hooks in scripts/custom/, move them up into scripts/ before upgrading, or set VORTEX_PROVISION_SCRIPTS_DIR=./scripts/custom explicitly to retain the old location.

Highlights

  • #2613 Fixed 'download-db-acquia' to read backup URL from JSON response. @AlexSkrypnyk (drevops/vortex#2617)
    Restores Acquia as a working database source - every Acquia consumer's ahoy download-db was failing outright before this fix, and it now succeeds again with no configuration change.
  • #2548 Added SSH host key pinning as a secure alternative to disabling strict checking. @AlexSkrypnyk (drevops/vortex#2587)
    Lets CI pin SSH host keys via VORTEX_SSH_KNOWN_HOSTS instead of disabling strict host-key checking, closing the man-in-the-middle exposure on database-download and deployment connections while keeping the old opt-out for anyone not ready to pin.
  • #2571 Added label-driven deployment gate to deploy router. @AlexSkrypnyk (drevops/vortex#2575)
    Gives deployments a per-pull-request authorization switch: set VORTEX_DEPLOY_ALLOW_LABEL and only labelled pull requests deploy - a practical lever for controlling preview-environment spend without touching CI logic.
  • #2549 Hardened fragile site UUID extraction in the provision script. @AlexSkrypnyk (drevops/vortex#2584)
    Makes provisioning resilient to real-world system.site.yml layouts: comments, reordered keys, or preamble no longer corrupt the extracted site UUID, and a missing UUID now fails fast with a clear message instead of a confusing Drush import error.
  • #2551 Guarded VORTEX_NOTIFY_BRANCH under set -u in notify branch filters. @AlexSkrypnyk (drevops/vortex#2573)
    Stops the notify scripts from crashing a deployment with an opaque unbound variable error when a branch filter is configured but no branch is in context; they now skip gracefully and exit cleanly.

All changes

  • #2613 Fixed 'download-db-acquia' to read backup URL from JSON response. @AlexSkrypnyk (drevops/vortex#2617)
    Acquia database downloads were failing for every consumer with Unable to discover backup URL, because the script read the URL from a curl redirect that the Acquia Cloud API v2 no longer issues - the endpoint now returns the pre-signed S3 URL in a JSON body. The script now parses that JSON url field and surfaces the raw API response in any failure message, so ahoy download-db works again on Acquia with no configuration change.
  • #2596 Added installer support for multiple Vortex scaffold versions (1.x and 2.x). @AlexSkrypnyk (drevops/vortex#2605)
    Adds installer and documentation support for serving Vortex 1.x and 2.x from one codebase, driven by the VORTEX_CURRENT_MAJOR variable. The change shipped in this package is in update-vortex: its default VORTEX_INSTALLER_URL is now pinned to the major-specific /v1/install, so running it keeps an existing project on its current major instead of jumping to a newer one.
  • #2548 Added SSH host key pinning as a secure alternative to disabling strict checking. @AlexSkrypnyk (drevops/vortex#2587)
    Adds VORTEX_SSH_KNOWN_HOSTS to setup-ssh: set it to one or more newline-separated known_hosts entries and the script writes them to ~/.ssh/known_hosts with strict host-key checking left enabled, so a mismatched key aborts the connection rather than silently proceeding. Pinning takes precedence when both it and VORTEX_SSH_DISABLE_STRICT_HOST_KEY_CHECKING are set, and the insecure opt-out path and its default are unchanged.
  • #2549 Hardened fragile site UUID extraction in the provision script. @AlexSkrypnyk (drevops/vortex#2584)
    Replaces the fragile grep/byte-slice that read the site UUID from system.site.yml during provisioning with an awk match anchored on the top-level uuid: key, so comments, key reordering, and preamble no longer yield a wrong value. Provisioning now also fails fast with a clear message when no UUID is found instead of seeding an empty value into drush config:import.
  • #2571 Added label-driven deployment gate to deploy router. @AlexSkrypnyk (drevops/vortex#2575)
    Adds an opt-in gate to the deploy router via VORTEX_DEPLOY_ALLOW_LABEL: when set to a label name, a pull request deploys only if it carries that label (matched against the comma-separated VORTEX_DEPLOY_PR_LABELS), otherwise it skips cleanly with a note. The gate is inactive by default and never applies to branch or tag builds, so existing deployments are unaffected.
  • #2551 Guarded VORTEX_NOTIFY_BRANCH under set -u in notify branch filters. @AlexSkrypnyk (drevops/vortex#2573)
    Running any of the six notify scripts (notify-slack, notify-email, notify-webhook, notify-github, notify-jira, notify-newrelic) directly with a *_BRANCHES filter set but VORTEX_NOTIFY_BRANCH unset aborted under set -u with an opaque unbound variable error. Each branch-filter reference now uses the ${VORTEX_NOTIFY_BRANCH-} default form, so the script logs a graceful skip and exits 0; notify-newrelic was the most exposed because its branch filter always runs.
  • Enhanced 'vortex-tooling' package docs and relocated its maintenance guide. @AlexSkrypnyk (drevops/vortex#2541)
    Rewrites the package README.md to lead with installation, document the post-provision hook system under a new "Extending provisioning" section, and reframe patching shipped scripts as a last resort. The internal CLAUDE.md that previously shipped inside the package - leaking maintenance notes onto consumer sites - was removed.
  • Moved custom provision scripts to 'scripts' and deprecated 'scripts/custom'. @AlexSkrypnyk (drevops/vortex#2539)
    Custom provision-*.sh hooks now live directly in scripts/ rather than scripts/custom/: the provision script's default VORTEX_PROVISION_SCRIPTS_DIR changed from ./scripts/custom to ./scripts, with no fallback. See Breaking changes above for the migration step.

Full Changelog: 1.1.0...1.2.0

1.1.0

Choose a tag to compare

@AlexSkrypnyk AlexSkrypnyk released this 01 Jun 04:21
Added optional HTTP basic auth credentials to Diffy visual regression…

1.0.0

Choose a tag to compare

@AlexSkrypnyk AlexSkrypnyk released this 25 May 04:21
Extracted Vortex shell scripts into 'drevops/vortex-tooling' Composer…