Skip to content

Add fallback for 1Password /latest endpoint outages in setupGitForOSBotify#84

Open
Beamanator wants to merge 1 commit into
mainfrom
beaman-op-cli-version-fallback
Open

Add fallback for 1Password /latest endpoint outages in setupGitForOSBotify#84
Beamanator wants to merge 1 commit into
mainfrom
beaman-op-cli-version-fallback

Conversation

@Beamanator

@Beamanator Beamanator commented Jul 13, 2026

Copy link
Copy Markdown

Details

Any workflow that uses the setupGitForOSBotify composite (createNewVersion, deploy, etc.) currently breaks when 1Password's app-updates.agilebits.com/latest endpoint is degraded, with an opaque Unexpected end of JSON input error. This just happened again today during the 1P CLI 2.35.0 release rollout and blocked an App CP run.

The install-cli-action hits that endpoint internally to resolve latest to a concrete version. This PR resolves the version ourselves in a pre-flight step and adds a fallback to scrape the S3-backed changelog page at releases.1password.com/developers/cli/ when the primary resolver is down. Since releases.1password.com is on separate infrastructure (Amazon S3) from app-updates.agilebits.com (nginx on 1P's own service platform), they are very unlikely to fail simultaneously.

Same failure mode has happened before (#17 on install-cli-action, 2025-08-19) and again today (#42), so it's worth guarding against.

Related Issues

n/a — infra resilience, no linked issue

Manual Tests

  • Confirmed the primary path: curl -sSf https://app-updates.agilebits.com/latest | jq -r '.CLI2.release.version' returns the current version when the endpoint is healthy.
  • Confirmed the fallback: curl -sSf https://releases.1password.com/developers/cli/ | grep -oE '\b2\.[0-9]+\.[0-9]+\b' | sort -V -u | tail -1 returns the latest listed changelog version.
  • Confirmed via the install-cli-action source that passing a concrete version: skips the flaky endpoint and downloads straight from cache.agilebits.com.

Once merged, the next createNewVersion / CP run will exercise the primary path end-to-end.

Linked PRs

n/a

The install-cli-action calls app-updates.agilebits.com/latest to resolve
"latest" to a concrete version. When that endpoint is degraded (as it was
during the 2.35.0 release rollout on 2026-07-13) the install step fails
with an opaque "Unexpected end of JSON input" and every workflow that uses
this composite is blocked. Resolve the version in a pre-flight step and
fall back to scraping the S3-backed changelog page at
releases.1password.com when the primary resolver is down.
@github-actions

github-actions Bot commented Jul 13, 2026

Copy link
Copy Markdown

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0185fd23ea

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

if [ -z "$version" ]; then
echo "::warning title=1Password /latest endpoint degraded::Falling back to changelog scrape at releases.1password.com. See https://github.com/1Password/install-cli-action/issues/42"
version=$(curl -sSf -m 10 https://releases.1password.com/developers/cli/ 2>/dev/null \
| grep -oE '\b2\.[0-9]+\.[0-9]+\b' | sort -V -u | tail -1)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Use a portable version sort in the fallback

When the primary 1Password endpoint is down on macOS runners, this fallback is the only path, but sort -V is GNU-specific; Apple's sort(1) option list has no -V version-sort flag and documents --version only as printing the program version, so the pipeline fails, version remains empty, and the action still exits with Unable to determine 1Password CLI version instead of recovering.

Useful? React with 👍 / 👎.

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

from Alex's Claude agent

This isn't accurate — Apple's BSD sort(1) supports -V. From man sort on macOS:

-V, --version-sort
Sort version numbers. The input lines are treated as file names in form PREFIX VERSION SUFFIX…

Verified it works correctly (macOS 26.5.2, sort reports 2.3-Apple (199)):

$ printf '2.9.0\n2.10.0\n2.35.0\n' | sort -V
2.9.0
2.10.0
2.35.0

$ printf '2.9.0\n2.10.0\n2.35.0\n' | sort
2.10.0
2.35.0
2.9.0

Plain sort puts 2.10.0 before 2.9.0 lexically; -V orders them correctly, so the flag is actually doing version-sort work, not silently being ignored. grep -oE '\b…\b' also works on BSD grep. Nothing in the fallback pipeline is GNU-specific.

BSD sort added -V long before any macOS runner image still in service (the createNewVersion / syncVersions jobs run on blacksmith-*-macos-latest, which is Sonoma+).

@Beamanator

Copy link
Copy Markdown
Author

I have read the CLA Document and I hereby sign the CLA

exfy-clabot Bot added a commit to Expensify/CLA that referenced this pull request Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant