Patcher does not validate that patches are in proper format
Instead of validating the patch we should probably invest time to source the patch directly from a ref, something that @rspeicher suggested on the incident call.
Modify the process to:
- Have developers drop an MR number into the
patches/<sha of what is running in prod>/
dir - Patcher first looks at what is running in the environment, we can do this based on the omnibus-version set in chef so we don't actually need to use the api
- Extracts the sha from the version
- If there is a directory with the same sha, generate a patch from the MR on dev (maybe we can confirm that the MR targets the same sha?)
- Apply the patch
original description
Patcher doesn't have any sort of feature that allows us to validate that a patch is in an appropriate format. Due to this, it was discovered multiple hours later that a portion of a patch did not properly apply. This was discovered very late during manual verification of the patch. We do not enforce one file per patch, which is how this validation that was performed manually was missed.
Utilize this issue to determine how we can validate that a patch is correctly formatted prior to attempting to merge.
Edited by John Jarvis