up

scripts/enable-openssl11-shim.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Ensures OpenSSL 1.1 shim is discoverable for Mongo2Go by exporting LD_LIBRARY_PATH.
+# Safe for repeated invocation; respects STELLAOPS_OPENSSL11_SHIM override.
+
+ROOT=${STELLAOPS_REPO_ROOT:-$(git rev-parse --show-toplevel 2>/dev/null || pwd)}
+SHIM_DIR=${STELLAOPS_OPENSSL11_SHIM:-"${ROOT}/tests/native/openssl-1.1/linux-x64"}
+
+if [[ ! -d "${SHIM_DIR}" ]]; then
+  echo "::warning ::OpenSSL 1.1 shim directory not found at ${SHIM_DIR}; Mongo2Go tests may fail" >&2
+  exit 0
+fi
+
+export LD_LIBRARY_PATH="${SHIM_DIR}:${LD_LIBRARY_PATH:-}"
+export STELLAOPS_OPENSSL11_SHIM="${SHIM_DIR}"
+
+# Persist for subsequent CI steps when available
+if [[ -n "${GITHUB_ENV:-}" ]]; then
+  {
+    echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}"
+    echo "STELLAOPS_OPENSSL11_SHIM=${STELLAOPS_OPENSSL11_SHIM}"
+  } >> "${GITHUB_ENV}"
+fi
+
+echo "OpenSSL 1.1 shim enabled (LD_LIBRARY_PATH=${LD_LIBRARY_PATH})"

scripts/observability/slo-evaluator.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# DEVOPS-OBS-51-001: simple SLO burn-rate evaluator
+
+PROM_URL=${PROM_URL:-"http://localhost:9090"}
+OUT="out/obs-slo"
+mkdir -p "$OUT"
+
+query() {
+  local q="$1"
+  curl -sG "${PROM_URL}/api/v1/query" --data-urlencode "query=${q}"
+}
+
+echo "[slo] querying error rate (5m)"
+query "(rate(service_request_errors_total[5m]) / rate(service_requests_total[5m]))" > "${OUT}/error-rate-5m.json"
+
+echo "[slo] querying error rate (1h)"
+query "(rate(service_request_errors_total[1h]) / rate(service_requests_total[1h]))" > "${OUT}/error-rate-1h.json"
+
+echo "[slo] done; results in ${OUT}"

scripts/observability/streaming-validate.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# DEVOPS-OBS-52-001: validate streaming pipeline knobs
+
+OUT="out/obs-stream"
+mkdir -p "$OUT"
+
+echo "[obs-stream] checking NATS connectivity"
+if command -v nats >/dev/null 2>&1; then
+  nats --server "${NATS_URL:-nats://localhost:4222}" req health.ping ping || true
+else
+  echo "nats CLI not installed; skipping connectivity check" > "${OUT}/nats.txt"
+fi
+
+echo "[obs-stream] dumping retention/partitions (Kafka-like env variables)"
+env | grep -E 'KAFKA_|REDIS_|NATS_' | sort > "${OUT}/env.txt"
+
+echo "[obs-stream] done; outputs in $OUT"

scripts/scanner/determinism-run.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# DEVOPS-SCAN-90-004: run determinism harness/tests and collect report
+
+ROOT="$(git rev-parse --show-toplevel)"
+OUT="${ROOT}/out/scanner-determinism"
+mkdir -p "$OUT"
+
+PROJECT="src/Scanner/__Tests/StellaOps.Scanner.Analyzers.Lang.Tests/StellaOps.Scanner.Analyzers.Lang.Tests.csproj"
+
+echo "[determinism] running dotnet test (filter=Determinism)"
+dotnet test "$PROJECT" --no-build --logger "trx;LogFileName=determinism.trx" --filter Determinism
+
+find "$(dirname "$PROJECT")" -name "*.trx" -print -exec cp {} "$OUT/" \;
+
+echo "[determinism] summarizing"
+printf "project=%s\n" "$PROJECT" > "$OUT/summary.txt"
+printf "timestamp=%s\n" "$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >> "$OUT/summary.txt"
+
+tar -C "$OUT" -czf "$OUT/determinism-artifacts.tgz" .
+echo "[determinism] artifacts at $OUT"

scripts/symbols/deploy-syms.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# DEVOPS-SYMS-90-005: Deploy Symbols.Server (Helm) with MinIO/Mongo dependencies.
+
+SYMS_CHART=${SYMS_CHART:-"charts/symbols-server"}
+NAMESPACE=${NAMESPACE:-"symbols"}
+VALUES=${VALUES:-"ops/devops/symbols/values.yaml"}
+
+echo "[symbols] creating namespace $NAMESPACE"
+kubectl create namespace "$NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
+
+echo "[symbols] installing chart $SYMS_CHART"
+helm upgrade --install symbols-server "$SYMS_CHART" -n "$NAMESPACE" -f "$VALUES"
+
+echo "[symbols] deployment triggered"

scripts/symbols/smoke.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+ROOT=$(cd "$SCRIPT_DIR/../.." && pwd)
+COMPOSE_FILE="$ROOT/ops/devops/symbols/docker-compose.symbols.yaml"
+PROJECT_NAME=${PROJECT_NAME:-symbolsci}
+ARTIFACT_DIR=${ARTIFACT_DIR:-"$ROOT/out/symbols-ci"}
+STAMP=$(date -u +"%Y%m%dT%H%M%SZ")
+RUN_DIR="$ARTIFACT_DIR/$STAMP"
+mkdir -p "$RUN_DIR"
+
+log() { printf '[%s] %s\n' "$(date -u +%H:%M:%S)" "$*"; }
+
+cleanup() {
+  local code=$?
+  log "Collecting compose logs"
+  docker compose -f "$COMPOSE_FILE" -p "$PROJECT_NAME" logs >"$RUN_DIR/compose.log" 2>&1 || true
+  log "Tearing down stack"
+  docker compose -f "$COMPOSE_FILE" -p "$PROJECT_NAME" down -v >/dev/null 2>&1 || true
+  log "Artifacts in $RUN_DIR"
+  exit $code
+}
+trap cleanup EXIT
+
+log "Pulling images"
+docker compose -f "$COMPOSE_FILE" -p "$PROJECT_NAME" pull --ignore-pull-failures >/dev/null 2>&1 || true
+
+log "Starting services"
+docker compose -f "$COMPOSE_FILE" -p "$PROJECT_NAME" up -d --remove-orphans
+
+wait_http() {
+  local url=$1; local name=$2; local tries=${3:-30}
+  for i in $(seq 1 "$tries"); do
+    if curl -fsS --max-time 5 "$url" >/dev/null 2>&1; then
+      log "$name ready"
+      return 0
+    fi
+    sleep 2
+  done
+  log "$name not ready"
+  return 1
+}
+
+wait_http "http://localhost:9000/minio/health/ready" "MinIO" 25
+wait_http "http://localhost:8080/healthz" "Symbols.Server" 25
+
+log "Seeding bucket"
+docker run --rm --network symbols-ci minio/mc:RELEASE.2024-08-17T00-00-00Z \
+  alias set symbols http://minio:9000 minio minio123 >/dev/null
+
+docker run --rm --network symbols-ci minio/mc:RELEASE.2024-08-17T00-00-00Z \
+  mb -p symbols/symbols >/dev/null
+
+log "Capture readiness endpoint"
+curl -fsS http://localhost:8080/healthz -o "$RUN_DIR/healthz.json"
+
+log "Smoke list request"
+curl -fsS http://localhost:8080/ -o "$RUN_DIR/root.html" || true
+
+echo "status=pass" > "$RUN_DIR/summary.txt"