Invalidate latest nightly files in CloudFront.

After a new nightly build is uploaded to S3, bust the cache in CloudFront Edge servers with the CreateInvalidation AWS API. For each platform we use the `/nightly/<platform>/servo-latest.<ext>*` pattern to invalidate both package and sha256 files. As part of this change, a new policy has been attached to the "download.servo.org-uploads-from-travis" IAM user to allow the "cloudfront:CreateInvalidation" action. Since CloudFront [invalidates every version][1] of the cached file, regardless of the headers used for that version, this change should invalidate the different caches for 'Accept-Encoding' header. [1]: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Invalidation.html#invalidation-specifying-objects Closes #29034 Signed-off-by: Mukilan Thiyagarajan <mukilanthiagarajan@gmail.com>
2025-06-10 09:33:13 +00:00 · 2023-01-26 11:43:39 +05:30 · 2023-01-26 11:43:39 +05:30 · e4764e7661
commit e4764e7661
parent 4f355f5877
1 changed files with 24 additions and 1 deletions
--- a/python/servo/package_commands.py
+++ b/python/servo/package_commands.py
@ -633,7 +633,15 @@ class PackageCommands(CommandBase):
                aws_access_key_id=aws_access_key,
                aws_secret_access_key=aws_secret_access_key
            )
+
+            cloudfront = boto3.client(
+                'cloudfront',
+                aws_access_key_id=aws_access_key,
+                aws_secret_access_key=aws_secret_access_key
+            )
+
            BUCKET = 'servo-builds2'
+            DISTRIBUTION_ID = 'EJ8ZWSJKFCJS2'

            nightly_dir = 'nightly/{}'.format(platform)
            filename = nightly_filename(package, timestamp)
@ -652,7 +660,7 @@ class PackageCommands(CommandBase):
                    sha256_digest.update(data)
            package_hash = sha256_digest.hexdigest()
            package_hash_fileobj = io.BytesIO(package_hash.encode('utf-8'))
-            latest_hash_upload_key = '{}/servo-latest.{}.sha256'.format(nightly_dir, extension)
+            latest_hash_upload_key = f'{latest_upload_key}.sha256'

            s3.upload_file(package, BUCKET, package_upload_key)

@ -665,6 +673,21 @@ class PackageCommands(CommandBase):
                package_hash_fileobj, BUCKET, latest_hash_upload_key, ExtraArgs={'ContentType': 'text/plain'}
            )

+            # Invalidate previous "latest" nightly files from
+            # CloudFront edge caches
+            cloudfront.create_invalidation(
+                DistributionId=DISTRIBUTION_ID,
+                InvalidationBatch={
+                    'CallerReference': f'{latest_upload_key}-{timestamp}',
+                    'Paths': {
+                        'Quantity': 1,
+                        'Items': [
+                            f'/{latest_upload_key}*'
+                        ]
+                    }
+                }
+            )
+
        def update_maven(directory):
            (aws_access_key, aws_secret_access_key) = get_s3_secret()
            s3 = boto3.client(