Add fallback for 1Password /latest endpoint outages in setupGitForOSBotify#84
Add fallback for 1Password /latest endpoint outages in setupGitForOSBotify#84Beamanator wants to merge 1 commit into
Conversation
The install-cli-action calls app-updates.agilebits.com/latest to resolve "latest" to a concrete version. When that endpoint is degraded (as it was during the 2.35.0 release rollout on 2026-07-13) the install step fails with an opaque "Unexpected end of JSON input" and every workflow that uses this composite is blocked. Resolve the version in a pre-flight step and fall back to scraping the S3-backed changelog page at releases.1password.com when the primary resolver is down.
|
All contributors have signed the CLA ✍️ ✅ |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 0185fd23ea
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| if [ -z "$version" ]; then | ||
| echo "::warning title=1Password /latest endpoint degraded::Falling back to changelog scrape at releases.1password.com. See https://github.com/1Password/install-cli-action/issues/42" | ||
| version=$(curl -sSf -m 10 https://releases.1password.com/developers/cli/ 2>/dev/null \ | ||
| | grep -oE '\b2\.[0-9]+\.[0-9]+\b' | sort -V -u | tail -1) |
There was a problem hiding this comment.
Use a portable version sort in the fallback
When the primary 1Password endpoint is down on macOS runners, this fallback is the only path, but sort -V is GNU-specific; Apple's sort(1) option list has no -V version-sort flag and documents --version only as printing the program version, so the pipeline fails, version remains empty, and the action still exits with Unable to determine 1Password CLI version instead of recovering.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
from Alex's Claude agent
This isn't accurate — Apple's BSD sort(1) supports -V. From man sort on macOS:
-V, --version-sort
Sort version numbers. The input lines are treated as file names in form PREFIX VERSION SUFFIX…
Verified it works correctly (macOS 26.5.2, sort reports 2.3-Apple (199)):
$ printf '2.9.0\n2.10.0\n2.35.0\n' | sort -V
2.9.0
2.10.0
2.35.0
$ printf '2.9.0\n2.10.0\n2.35.0\n' | sort
2.10.0
2.35.0
2.9.0
Plain sort puts 2.10.0 before 2.9.0 lexically; -V orders them correctly, so the flag is actually doing version-sort work, not silently being ignored. grep -oE '\b…\b' also works on BSD grep. Nothing in the fallback pipeline is GNU-specific.
BSD sort added -V long before any macOS runner image still in service (the createNewVersion / syncVersions jobs run on blacksmith-*-macos-latest, which is Sonoma+).
|
I have read the CLA Document and I hereby sign the CLA |
Details
Any workflow that uses the
setupGitForOSBotifycomposite (createNewVersion, deploy, etc.) currently breaks when 1Password'sapp-updates.agilebits.com/latestendpoint is degraded, with an opaqueUnexpected end of JSON inputerror. This just happened again today during the 1P CLI 2.35.0 release rollout and blocked an App CP run.The
install-cli-actionhits that endpoint internally to resolvelatestto a concrete version. This PR resolves the version ourselves in a pre-flight step and adds a fallback to scrape the S3-backed changelog page atreleases.1password.com/developers/cli/when the primary resolver is down. Sincereleases.1password.comis on separate infrastructure (Amazon S3) fromapp-updates.agilebits.com(nginx on 1P's own service platform), they are very unlikely to fail simultaneously.Same failure mode has happened before (#17 on install-cli-action, 2025-08-19) and again today (#42), so it's worth guarding against.
Related Issues
n/a — infra resilience, no linked issue
Manual Tests
curl -sSf https://app-updates.agilebits.com/latest | jq -r '.CLI2.release.version'returns the current version when the endpoint is healthy.curl -sSf https://releases.1password.com/developers/cli/ | grep -oE '\b2\.[0-9]+\.[0-9]+\b' | sort -V -u | tail -1returns the latest listed changelog version.version:skips the flaky endpoint and downloads straight fromcache.agilebits.com.Once merged, the next
createNewVersion/ CP run will exercise the primary path end-to-end.Linked PRs
n/a