MoFo Security Announcement git repo can become unstable


3 years ago
3 years ago


(Reporter: pmac, Assigned: pmac)



Firefox Tracking Flags

(Not tracked)


Let's figure out why and make sure it doesn't happen again.
It looks like maybe someone rebased and force-pushed to master in the foundation-security-advisories repo. Do you know if that's the case Al? Doing a rebase or amending a commit that already exists in master will mess up anyone else that has the repo cloned, including the production server. Assuming this was the issue, we should be able to just not do that again. There's not much I can do about this. Doing a force-push to master will break everything. If things are broken, you just need to fix it in a new commit and push that.

If that didn't happen, then we need to do some more research.
Flags: needinfo?(abillings)
While looking at things locally, I saved (but did not commit) a change to -91. I discarded the change and rolled back to the previous commit from the repo. This was *after* -90 and -91 were not showing up on the live site. 

I did fix -90 not showing by removing a linefeed from the metadata for the title (before I did any other changes) and pushed it, causing -90 to appear. 

After that I edited -91, realized I'd saved a bad change locally, and rolled my repo back to discard the change in -91. None of those changes were ever committed to github and only occurred after -91 wasn't appearing in the first place, so that would not explain why -91 never appeared on Monday morning.

I don't know if a local discard by rolling the local repo back to discard changes would somehow rebase things. I didn't do do any commits except the one that fixed -90 after my initial advisory checkin. 

My log only shows two commits:

commit c7aa17d119319e3f5e554c6581357d00475aa860
Author: Al Billings <albill@AlRetina.local>
Date:   Mon Dec 1 09:16:33 2014 -0800

    Fixing line wrap in title in -90

commit 20c30fd00714dc46ec87e7a53a093479c260e611
Author: Al Billings <albill@AlRetina.local>
Date:   Mon Dec 1 08:40:57 2014 -0800

    Firefox 34.0.5 security advisories

So I don't think I'm the one that rebased and force-pushed to master.
Flags: needinfo?(abillings)
I'm not sure either. I don't have the repo as it existed before and after the change, and I don't think there's any push log I can inspect from github. Some kind of a thing that changed SHAs and a force push was my only guess, but it could be something else. I'll keep looking. Thanks for the info.
I'm not really able to further diagnose this until/unless it happens again. Closing this for now, but we should reopen if/when we see this again.
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
Happened again, but I think we've figured it out. Hopefully this new PR[0] will fix it.

Assignee: nobody → pmac
Resolution: WORKSFORME → ---

Comment 6

3 years ago
Commits pushed to master at
Fix bug 1106845: Move security advisories repo outside of bedrock repo.
Merge pull request #2649 from pmclanahan/move-security-advisories-repo-deployment

Fix bug 1106845: Move security advisories repo outside of bedrock repo.


3 years ago
Last Resolved: 3 years ago3 years ago
Resolution: --- → FIXED
I believe this is fixed, and we should see the new advisories on the site in the next ~15 min.
Hey! It worked!
You need to log in before you can comment on or make changes to this bug.