First to Site
Release 3.10

Deploy script persists DA tokens across releases

release-prod-safe.ts auto-syncs token_da.json + credentials_da.json across releases via a new Step 3a, stopping the every-deploy DA token wipeout

Overview

The proactive Google token refresh cron from sister-page Google Token Self-Healing only stays effective if the on-disk token files survive a deploy. Before this change, release-prod-safe.ts knew about token.json (Permit Ready) but not token_da.json (DA Ready) - every release nuked the DA token file from the new release dir and forced a manual /api/da-google/auth browser flow.

Fix

Two changes to scripts/release-prod-safe.ts:

  1. configFileMap extended. The map of files copied from ~/config/<env>/ into each new release now includes credentials_da.json and token_da.json for both prod and dev Google API setups. Same applies to the fallbackFiles list used when ~/config/<env>/ does not exist.
  2. New Step 3a: persist freshly-refreshed tokens back. Before the existing copy step (Step 3b), the script now walks each google-api-*/token*.json entry in configFileMap, compares the file in the current live release against the ~/config/<env>/ copy, and copies the newer one back if it exists. This means an in-prod refresh by the cron is captured into the persistent config dir and survives the next deploy.

Bootstrapping note

The day this change first shipped, the deploy that introduced it ran with the previous version of the release script (which did not have Step 3a yet). The token_da.json from the live release at deploy time was therefore manually copied into ~/config/production/google-api-prod/ so the next release would pick it up via the new Step 3b. From the next deploy onward, Step 3a auto-seeds the persistence dir on its own. This bootstrap pattern is documented in Memory: deploy script lag.

Verification

After the change shipped, a forced refresh of the DA token via bin/console app:google:refresh-tokens --threshold=2000 --only=da returned [OK] da_ready: refreshed (expires_in=3599s), with the refreshed file present in both the active release dir and ~/config/production/google-api-prod/. Subsequent deploys preserve the refresh state without manual intervention.

Out of scope

This release does not move tokens entirely outside the release directory tree. The audit on Trello 1782 recommended that as a cleaner long-term option (path under app/var/google/ symlinked from per-host runtime), but Step 3a's auto-sync handles the immediate persistence problem and is non-disruptive.

  • Trello 1782 - audit report (root cause analysis recommended exactly this fix).
  • Trello 1783 - parent implementation card.
  • Git tag v3.12.0.

Google Token Self-Healing (Permit Ready + DA Ready)

Proactive token refresh cron + kernel.exception auto-recovery + 6h-deduped ops alert closes the Trello 1759 incident loop

SPEAR Milestone Whitespace Report

New reporting-tool report showing working-day spans across SPEAR milestones with sortable column ordering

On this page

OverviewFixBootstrapping noteVerificationOut of scopeRelated