gnezim
23f8c82540
ci-deploy / build-deploy-test (push) Failing after 9m54s
Run 544's real cause was deeper than just "WAF rate-limit": the upstream WAF (flights.test.aeroflot.ru) blocks the default curl UA unconditionally, returning its HTML "Доступ временно ограничен" page with HTTP 200. A genuine browser-like User-Agent (tested: Chrome/120 on Linux) passes through and gets the real JSON. Confirmed by direct upstream probe via the corp-VPN tunnel: curl -A '<default>' → 3392b text/html (block page) curl -A 'Mozilla/5.0 ...' → 28KB+ application/json (real data) So every prior pre-warm "warmed" the WAF block page into the nginx cache, and the runner was effectively never reaching the API. The previous commit's body validation would now catch this — but only to fail-fast, not to fix it. Real fix: send a browser UA. Three places updated: * scripts/ci/wait-for-url.sh — passes -A on every retry. * ci-deploy.yml diagnose + pre-warm — UA shared via local var. * release-verify.yml diagnose — same UA on customer-URL probes. Note: the matching nginx config (proxy_no_cache $no_cache_html + proxy_cache_bypass $http_cache_control on /api/dictionary/) was deployed manually to pve-201 and verified — second hits now show x-cache-status: HIT serving 28KB application/json. HTML responses no longer get cached.
42 lines
1.3 KiB
Bash
Executable File
42 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
# wait-for-url.sh — curl with retry until success or attempts exhausted.
|
|
#
|
|
# Usage: wait-for-url.sh <url> [<max-attempts>] [<delay-seconds>]
|
|
# Env (optional): BASIC_AUTH_USER, BASIC_AUTH_PASS — if set, sent as basic auth.
|
|
set -euo pipefail
|
|
|
|
URL="${1:-}"
|
|
MAX_ATTEMPTS="${2:-30}"
|
|
DELAY="${3:-2}"
|
|
|
|
if [ -z "$URL" ]; then
|
|
echo "usage: $0 <url> [<max-attempts>] [<delay-seconds>]" >&2
|
|
exit 2
|
|
fi
|
|
|
|
# bash 3.2-safe: expand array only when non-empty.
|
|
AUTH_ARGS=()
|
|
if [ -n "${BASIC_AUTH_USER:-}" ] && [ -n "${BASIC_AUTH_PASS:-}" ]; then
|
|
AUTH_ARGS=(--user "${BASIC_AUTH_USER}:${BASIC_AUTH_PASS}")
|
|
fi
|
|
|
|
# The upstream WAF (flights.test.aeroflot.ru) blocks the default curl UA
|
|
# and serves an HTML "Доступ временно ограничен" page. Pretend to be a
|
|
# real browser so /api/* probes actually reach the API.
|
|
UA='Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120 Safari/537.36'
|
|
|
|
attempt=1
|
|
while [ "$attempt" -le "$MAX_ATTEMPTS" ]; do
|
|
if curl -fsS -A "$UA" ${AUTH_ARGS[@]+"${AUTH_ARGS[@]}"} -o /dev/null "$URL"; then
|
|
echo "ok: $URL ($attempt attempt(s))"
|
|
exit 0
|
|
fi
|
|
if [ "$attempt" -lt "$MAX_ATTEMPTS" ]; then
|
|
sleep "$DELAY"
|
|
fi
|
|
attempt=$((attempt + 1))
|
|
done
|
|
|
|
echo "fail: $URL did not return 2xx after $MAX_ATTEMPTS attempts" >&2
|
|
exit 1
|