From 3ff659db3056b27286b7c823e3d85e86636e0ab8 Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 09:23:49 -0500
Subject: [PATCH 1/8] Fix autodeployer slack channel and username

---
 src/scripts/autodeployer/slack-notify.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/scripts/autodeployer/slack-notify.sh b/src/scripts/autodeployer/slack-notify.sh
index fa4e14fad..b7af56df1 100755
--- a/src/scripts/autodeployer/slack-notify.sh
+++ b/src/scripts/autodeployer/slack-notify.sh
@@ -43,13 +43,13 @@ elif [ -z "$SLACK_COLOR" ]; then
 	SLACK_COLOR="good" # assume all is well
 fi
 
-if [ -z "$SLACK_CHANNEL" ]; then
+if [ ! -z "$SLACK_CHANNEL" ]; then
 	SLACK_CHANNEL_WITH_PARAM="channel='$SLACK_CHANNEL'"
 else
 	SLACK_CHANNEL_WITH_PARAM="" # use default for token
 fi
 
-if [ -z "$SLACK_USERNAME" ]; then
+if [ ! -z "$SLACK_USERNAME" ]; then
 	SLACK_USERNAME_WITH_PARAM="username='$SLACK_USERNAME'"
 else
 	SLACK_USERNAME_WITH_PARAM="" # use default for token

From d33d5dcf681c262525c8c04c2260b0230a8e1827 Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 09:30:53 -0500
Subject: [PATCH 2/8] Temporarily make deploy even quicker

---
 src/scripts/autodeployer/check-for-changes.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/scripts/autodeployer/check-for-changes.sh b/src/scripts/autodeployer/check-for-changes.sh
index 9601202cb..acc144232 100755
--- a/src/scripts/autodeployer/check-for-changes.sh
+++ b/src/scripts/autodeployer/check-for-changes.sh
@@ -222,7 +222,7 @@ fi
 #
 echo "Deploying"
 DEPLOY_TYPE="Deploy"
-DEPLOY_ARGS="--tags base --skip-tags mediawiki" # autodeploy deploys everything ... but while testing keep it really light
+DEPLOY_ARGS="--tags base --skip-tags latest,mediawiki" # autodeploy deploys everything ... but while testing keep it really light
 DEPLOY_LOG_PREFIX="deploy-after-config-change-"
 source "$DIR/do-deploy.sh"
 echo "Done"

From 509f7423468d171cfcab914953626d641edd21fb Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 10:35:27 -0500
Subject: [PATCH 3/8] Move config.sh|php into role; make `meza setbaseconfig
 ENV` command

This allows autodeployer to make sure config.sh is up-to-date prior to
any actions.
---
 src/playbooks/setbaseconfig.yml               | 11 ++++++++++
 src/playbooks/site.yml                        |  1 +
 src/roles/base-config-scripts/tasks/main.yml  | 12 ++++++++++
 .../templates/config.php.j2                   |  0
 .../templates/config.sh.j2                    |  0
 src/roles/base/tasks/main.yml                 | 11 ----------
 src/scripts/autodeployer/check-for-changes.sh | 22 ++++++++++++++-----
 src/scripts/meza.py                           | 14 ++++++++++++
 8 files changed, 55 insertions(+), 16 deletions(-)
 create mode 100644 src/playbooks/setbaseconfig.yml
 create mode 100644 src/roles/base-config-scripts/tasks/main.yml
 rename src/roles/{base => base-config-scripts}/templates/config.php.j2 (100%)
 rename src/roles/{base => base-config-scripts}/templates/config.sh.j2 (100%)

diff --git a/src/playbooks/setbaseconfig.yml b/src/playbooks/setbaseconfig.yml
new file mode 100644
index 000000000..449e2e0b4
--- /dev/null
+++ b/src/playbooks/setbaseconfig.yml
@@ -0,0 +1,11 @@
+---
+# Simple playbook to make sure config.sh, config.php, and any other simple
+# config scripts like them can be quickly deployed to servers.
+
+- hosts: all:!exclude-all:!load-balancers-unmanaged
+  become: yes
+  roles:
+    - set-vars
+    - umask-set
+    - base-config-scripts
+    - umask-unset
diff --git a/src/playbooks/site.yml b/src/playbooks/site.yml
index a6a1bbad2..038dce9cd 100644
--- a/src/playbooks/site.yml
+++ b/src/playbooks/site.yml
@@ -88,6 +88,7 @@
     - set-vars
     - umask-set
     - base
+    - base-config-scripts
   tags: base
 
 - hosts: load-balancers
diff --git a/src/roles/base-config-scripts/tasks/main.yml b/src/roles/base-config-scripts/tasks/main.yml
new file mode 100644
index 000000000..14eda89c2
--- /dev/null
+++ b/src/roles/base-config-scripts/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Ensure config variables available in PHP and shell files
+  template:
+    src: "config.{{ item }}.j2"
+    dest: "{{ m_deploy }}/config.{{ item }}"
+    owner: root
+    group: root
+    mode: 0755
+  with_items:
+    - "php"
+    - "sh"
diff --git a/src/roles/base/templates/config.php.j2 b/src/roles/base-config-scripts/templates/config.php.j2
similarity index 100%
rename from src/roles/base/templates/config.php.j2
rename to src/roles/base-config-scripts/templates/config.php.j2
diff --git a/src/roles/base/templates/config.sh.j2 b/src/roles/base-config-scripts/templates/config.sh.j2
similarity index 100%
rename from src/roles/base/templates/config.sh.j2
rename to src/roles/base-config-scripts/templates/config.sh.j2
diff --git a/src/roles/base/tasks/main.yml b/src/roles/base/tasks/main.yml
index b154975cf..27a2443c6 100644
--- a/src/roles/base/tasks/main.yml
+++ b/src/roles/base/tasks/main.yml
@@ -210,17 +210,6 @@
     group: root
     mode: 0755
 
-- name: Ensure config variables available in PHP and shell files
-  template:
-    src: "config.{{ item }}.j2"
-    dest: "{{ m_deploy }}/config.{{ item }}"
-    owner: root
-    group: root
-    mode: 0755
-  with_items:
-    - "php"
-    - "sh"
-
 - name: "Ensure {{ m_tmp }} exists"
   file:
     path: "{{ m_tmp }}"
diff --git a/src/scripts/autodeployer/check-for-changes.sh b/src/scripts/autodeployer/check-for-changes.sh
index acc144232..05539715f 100755
--- a/src/scripts/autodeployer/check-for-changes.sh
+++ b/src/scripts/autodeployer/check-for-changes.sh
@@ -41,16 +41,16 @@ source /opt/.deploy-meza/config.sh
 # FIXME: For now, don't touch secret config. At some point find a way to
 #        configure it's repo and version.
 
+# Make sure config.sh is up-to-date in case there has been a secret config
+# change since the last deploy, which could impact local_config_repo var.
+meza setbaseconfig "$m_environment"
+
+
 if [ -z "$local_config_repo_repo" ]; then
 	>&2 echo "Auto-deploy requires 'local_config_repo' set in secret or public config"
 	exit 1;
 fi
 
-if [ -z "$enforce_meza_version" ]; then
-	>&2 echo "Auto-deploy requires 'enforce_meza_version' var set in public or secret config"
-	exit 1;
-fi
-
 # Set Slack notify variables that are the same for all notifications
 if [ ! -z "$autodeployer_slack_token"    ]; then    SLACK_TOKEN="$autodeployer_slack_token";    fi
 if [ ! -z "$autodeployer_slack_username" ]; then SLACK_USERNAME="$autodeployer_slack_username"; fi
@@ -117,6 +117,18 @@ else
 	PUBLIC_CONFIG_AFTER_HASH=""
 fi
 
+# Make sure config.sh is up-to-date after public config change above, since it
+# impacts what version of
+meza setbaseconfig "$m_environment"
+
+
+# This could change based upon changes to public config, so only check for it at
+# this point, not earlier.
+if [ -z "$enforce_meza_version" ]; then
+	>&2 echo "Auto-deploy requires 'enforce_meza_version' var set in public or secret config"
+	exit 1;
+fi
+
 # Set MEZA version
 MEZA_REPO="https://github.com/enterprisemediawiki/meza"
 MEZA_DEST="/opt/meza"
diff --git a/src/scripts/meza.py b/src/scripts/meza.py
index adcfa20a7..f2cb6ffbe 100755
--- a/src/scripts/meza.py
+++ b/src/scripts/meza.py
@@ -443,6 +443,20 @@ def meza_command_backup (argv):
 	meza_shell_exec_exit(rc)
 
 
+def meza_command_setbaseconfig (argv):
+
+	env = argv[0]
+
+	rc = check_environment(env)
+	if rc != 0:
+		meza_shell_exec_exit(rc)
+
+	shell_cmd = playbook_cmd( 'setbaseconfig', env ) + argv[1:]
+	rc = meza_shell_exec( shell_cmd )
+
+	meza_shell_exec_exit(rc)
+
+
 def meza_command_destroy (argv):
 	print "command not yet built"
 

From 45c93221455b0207596a5ce13820c4409a678f9d Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 11:14:08 -0500
Subject: [PATCH 4/8] [skip ci] Autodeployer slack notifications escape tilde

---
 src/scripts/autodeployer/slack-notify.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/scripts/autodeployer/slack-notify.sh b/src/scripts/autodeployer/slack-notify.sh
index b7af56df1..eca4fb3d0 100755
--- a/src/scripts/autodeployer/slack-notify.sh
+++ b/src/scripts/autodeployer/slack-notify.sh
@@ -60,8 +60,9 @@ if [ -z "$SLACK_ICON_URL" ]; then
 fi
 
 
-# Escape single quotes
+# Escape chars: '`
 SLACK_MESSAGE=$(echo "$SLACK_MESSAGE" | sed "s/'/\\\'/g")
+SLACK_MESSAGE=$(echo "$SLACK_MESSAGE" | sed "s/\`/\\\\\`/g")
 
 # Turn on allowing failures
 set +e

From ad91fb8e4b458a9960959ed911a2077b0cd7f319 Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 11:26:50 -0500
Subject: [PATCH 5/8] [skip ci] Undo escaping backticks

---
 src/scripts/autodeployer/slack-notify.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/scripts/autodeployer/slack-notify.sh b/src/scripts/autodeployer/slack-notify.sh
index eca4fb3d0..9f51b0ea8 100755
--- a/src/scripts/autodeployer/slack-notify.sh
+++ b/src/scripts/autodeployer/slack-notify.sh
@@ -60,9 +60,9 @@ if [ -z "$SLACK_ICON_URL" ]; then
 fi
 
 
-# Escape chars: '`
+# Escape chars: '
 SLACK_MESSAGE=$(echo "$SLACK_MESSAGE" | sed "s/'/\\\'/g")
-SLACK_MESSAGE=$(echo "$SLACK_MESSAGE" | sed "s/\`/\\\\\`/g")
+# FIXME: also handle ``` inside diffs, which are wrapped in ```...so only escape the inner ones.
 
 # Turn on allowing failures
 set +e

From 2fa8a9b5ad03f109ccb6945fc3081b0f342acfd5 Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 11:57:05 -0500
Subject: [PATCH 6/8] Re-source config.sh after deploying changes

---
 src/scripts/autodeployer/check-for-changes.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/scripts/autodeployer/check-for-changes.sh b/src/scripts/autodeployer/check-for-changes.sh
index 05539715f..182025f45 100755
--- a/src/scripts/autodeployer/check-for-changes.sh
+++ b/src/scripts/autodeployer/check-for-changes.sh
@@ -44,6 +44,7 @@ source /opt/.deploy-meza/config.sh
 # Make sure config.sh is up-to-date in case there has been a secret config
 # change since the last deploy, which could impact local_config_repo var.
 meza setbaseconfig "$m_environment"
+source /opt/.deploy-meza/config.sh
 
 
 if [ -z "$local_config_repo_repo" ]; then
@@ -120,6 +121,7 @@ fi
 # Make sure config.sh is up-to-date after public config change above, since it
 # impacts what version of
 meza setbaseconfig "$m_environment"
+source /opt/.deploy-meza/config.sh
 
 
 # This could change based upon changes to public config, so only check for it at

From 78fb2e1a27d7ae61b10b82d2f11fe569833c762d Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sat, 29 Sep 2018 12:29:12 -0500
Subject: [PATCH 7/8] [skip ci] Also show commits in autodeployer notifications

---
 src/scripts/autodeployer/check-for-changes.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/scripts/autodeployer/check-for-changes.sh b/src/scripts/autodeployer/check-for-changes.sh
index 182025f45..6c5defd1d 100755
--- a/src/scripts/autodeployer/check-for-changes.sh
+++ b/src/scripts/autodeployer/check-for-changes.sh
@@ -112,6 +112,7 @@ if [ $? -eq 0 ]; then
 
 	pushd "$PUBLIC_CONFIG_DEST"
 	PUBLIC_CONFIG_DIFF=$(git diff "$PUBLIC_CONFIG_BEFORE_HASH" "$PUBLIC_CONFIG_AFTER_HASH" 2>&1)
+	PUBLIC_CONFIG_COMMITS=$(git log --oneline "$PUBLIC_CONFIG_BEFORE_HASH...$PUBLIC_CONFIG_AFTER_HASH" 2>&1)
 	pushd
 else
 	PUBLIC_CONFIG_DIFF=""
@@ -165,6 +166,11 @@ if [ $? -eq 0 ]; then
 	MEZA_AFTER_HASH=$(echo "$MEZA_CHANGE" | jq '.plays[0].tasks[0].hosts.localhost.after' -r)
 	echo "Before hash: $MEZA_BEFORE_HASH"
 	echo "After hash:  $MEZA_AFTER_HASH"
+
+	pushd "$MEZA_DEST"
+	MEZA_COMMITS=$(git log --oneline "$PUBLIC_CONFIG_BEFORE_HASH...$PUBLIC_CONFIG_AFTER_HASH" 2>&1)
+	pushd
+
 else
 	MEZA_AFTER_HASH=""
 fi
@@ -191,6 +197,9 @@ if [ ! -z "$PUBLIC_CONFIG_AFTER_HASH" ]; then
 
 		Tracking version: \`$PUBLIC_CONFIG_VERSION\`
 
+		Commits:
+		$PUBLIC_CONFIG_COMMITS
+
 		Diff:
 		\`\`\`
 		$PUBLIC_CONFIG_DIFF
@@ -218,6 +227,9 @@ if [ ! -z "$MEZA_AFTER_HASH" ]; then
 		  TO:   \`$MEZA_AFTER_HASH\`
 
 		Tracking version: \`$MEZA_VERSION\`
+
+		Commits:
+		$MEZA_COMMITS
 END
 )
 

From 976a66ffdb7e1bfd0e32511fd794c43af8f63eed Mon Sep 17 00:00:00 2001
From: James Montalvo <edwin.j.montalvo@nasa.gov>
Date: Sun, 30 Sep 2018 11:15:19 -0500
Subject: [PATCH 8/8] Allow specifying do-deploy.sh vars within
 check-for-changes.sh

---
 src/scripts/autodeployer/check-for-changes.sh | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/scripts/autodeployer/check-for-changes.sh b/src/scripts/autodeployer/check-for-changes.sh
index 6c5defd1d..7cafccf94 100755
--- a/src/scripts/autodeployer/check-for-changes.sh
+++ b/src/scripts/autodeployer/check-for-changes.sh
@@ -247,8 +247,9 @@ fi
 # Do deploy
 #
 echo "Deploying"
-DEPLOY_TYPE="Deploy"
-DEPLOY_ARGS="--tags base --skip-tags latest,mediawiki" # autodeploy deploys everything ... but while testing keep it really light
-DEPLOY_LOG_PREFIX="deploy-after-config-change-"
+# Allow overriding variables by only setting them if they're empty
+if [ -z "$DEPLOY_TYPE"       ]; then DEPLOY_TYPE="Deploy";                            fi
+if [ -z "$DEPLOY_ARGS"       ]; then DEPLOY_ARGS="";                                  fi
+if [ -z "$DEPLOY_LOG_PREFIX" ]; then DEPLOY_LOG_PREFIX="deploy-after-config-change-"; fi
 source "$DIR/do-deploy.sh"
 echo "Done"