From e4764e76616d4da6ebb3875cedf790a0f08337bd Mon Sep 17 00:00:00 2001
From: Mukilan Thiyagarajan <mukilanthiagarajan@gmail.com>
Date: Thu, 26 Jan 2023 11:43:39 +0530
Subject: Invalidate latest nightly files in CloudFront.

After a new nightly build is uploaded to S3,
bust the cache in CloudFront Edge servers with
the CreateInvalidation AWS API.

For each platform we use the
`/nightly/<platform>/servo-latest.<ext>*`
pattern to invalidate both package and sha256
files. As part of this change, a new policy
has been attached to the
"download.servo.org-uploads-from-travis" IAM user
to allow the "cloudfront:CreateInvalidation" action.

Since CloudFront [invalidates every version][1]
of the cached file, regardless of the headers used
for that version, this change should invalidate the
different caches for 'Accept-Encoding' header.

[1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html#invalidation-specifying-objects

Closes #29034

Signed-off-by: Mukilan Thiyagarajan <mukilanthiagarajan@gmail.com>
---
 python/servo/package_commands.py | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 'python/servo/package_commands.py')

diff --git a/python/servo/package_commands.py b/python/servo/package_commands.py
index 9564e793b8c..2d7efcd13c3 100644
--- a/python/servo/package_commands.py
+++ b/python/servo/package_commands.py
@@ -633,7 +633,15 @@ class PackageCommands(CommandBase):
                 aws_access_key_id=aws_access_key,
                 aws_secret_access_key=aws_secret_access_key
             )
+
+            cloudfront = boto3.client(
+                'cloudfront',
+                aws_access_key_id=aws_access_key,
+                aws_secret_access_key=aws_secret_access_key
+            )
+
             BUCKET = 'servo-builds2'
+            DISTRIBUTION_ID = 'EJ8ZWSJKFCJS2'
 
             nightly_dir = 'nightly/{}'.format(platform)
             filename = nightly_filename(package, timestamp)
@@ -652,7 +660,7 @@ class PackageCommands(CommandBase):
                     sha256_digest.update(data)
             package_hash = sha256_digest.hexdigest()
             package_hash_fileobj = io.BytesIO(package_hash.encode('utf-8'))
-            latest_hash_upload_key = '{}/servo-latest.{}.sha256'.format(nightly_dir, extension)
+            latest_hash_upload_key = f'{latest_upload_key}.sha256'
 
             s3.upload_file(package, BUCKET, package_upload_key)
 
@@ -665,6 +673,21 @@ class PackageCommands(CommandBase):
                 package_hash_fileobj, BUCKET, latest_hash_upload_key, ExtraArgs={'ContentType': 'text/plain'}
             )
 
+            # Invalidate previous "latest" nightly files from
+            # CloudFront edge caches
+            cloudfront.create_invalidation(
+                DistributionId=DISTRIBUTION_ID,
+                InvalidationBatch={
+                    'CallerReference': f'{latest_upload_key}-{timestamp}',
+                    'Paths': {
+                        'Quantity': 1,
+                        'Items': [
+                            f'/{latest_upload_key}*'
+                        ]
+                    }
+                }
+            )
+
         def update_maven(directory):
             (aws_access_key, aws_secret_access_key) = get_s3_secret()
             s3 = boto3.client(
-- 
cgit v1.2.3