Skip to content

fix(release): purge mise.en.dev CDN zone after each S3 publish#9416

Merged
jdx merged 1 commit intomainfrom
claude/purge-en-dev-cdn
Apr 26, 2026
Merged

fix(release): purge mise.en.dev CDN zone after each S3 publish#9416
jdx merged 1 commit intomainfrom
claude/purge-en-dev-cdn

Conversation

@jdx
Copy link
Copy Markdown
Owner

@jdx jdx commented Apr 26, 2026
edited by cursor Bot
Loading

Summary

Add mise.en.dev to the list of Cloudflare zones purged at the end of scripts/publish-s3.sh. Previously only jdx.dev and mise.run were being purged.

Why

install.sh and install.sh.minisig are uploaded to S3 with cache-control: max-age=86400,s-maxage=86400,public,immutable. Without an explicit purge per CDN zone, each zone keeps serving the previous release's bytes for up to 24 hours — even after S3 has the new bytes.

Since #9411 made mise.en.dev the canonical bootstrap host (used by mise generate tool-stub --bootstrap and mise generate bootstrap), this manifested as: mise.en.dev/install.sh serving the v(N-1) script next to a v(N) install.sh.minisig, causing minisign verification to fail. Caught today as recurring CI failures on jdx/mise#9414 (e2e-0 / e2e-1).

The other half — that scripts/update-redirect.sh was deleted in #9411 — turned out not to be related; that script only updated a mise-latest-* redirect rule, not the install.sh path. The real issue is just the missing purge.

Test plan

  • Bash syntax check (bash -n scripts/publish-s3.sh)
  • Verified the en.dev zone ID 531d003297f1f4ae2415b41f7f5da8fa matches the value previously used in the now-deleted scripts/update-redirect.sh (commit 68075d866)
  • On the next release, confirm in the workflow logs that all three purges run, and that curl https://mise.en.dev/install.sh returns the new version's content within seconds of the deploy completing

🤖 Generated with Claude Code

Note

Low Risk
Low risk: only adjusts post-publish CDN cache purging logic to include an additional zone and reduce duplication; no changes to artifact generation or upload behavior.

Overview
After publishing release artifacts to S3, scripts/publish-s3.sh now purges Cloudflare cache for all relevant CDN zones via a looped ZONES list, adding the missing en.dev/mise.en.dev zone.

This replaces the two hardcoded purge calls with a single per-zone purge step to prevent mixed-version install.sh/signature artifacts being served from different zones under immutable caching.

Reviewed by Cursor Bugbot for commit e083358. Bugbot is set up for automated code reviews on this repo. Configure here.

@jdx @claude
fix(release): purge mise.en.dev CDN zone after each S3 publish
e083358 
install.sh and install.sh.minisig are uploaded to S3 with
`max-age=86400,immutable` cache-control, so each Cloudflare zone fronting
the bucket serves the previous release's bytes for up to 24 hours unless
explicitly purged. The publish step was already purging jdx.dev and
mise.run, but never en.dev — so after a release, mise.en.dev would serve
v(N-1)/install.sh next to a v(N) install.sh.minisig until the cache aged
out, breaking minisign verification for anything pulling the bootstrap
script via the canonical en.dev URL (#9414 e2e-0/e2e-1).

Loop over all three zones instead of duplicating the curl block.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@gemini-code-assist
Copy link
Copy Markdown
Contributor

gemini-code-assist Bot commented Apr 26, 2026

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps Bot commented Apr 26, 2026

Greptile Summary

This PR fixes a CDN cache staleness bug introduced by #9411 by adding the en.dev Cloudflare zone to the purge list in scripts/publish-s3.sh. The refactor is clean: three copy-pasted curl blocks are replaced with a compact loop over a ZONES array, making it easy to add or remove zones in the future.

Confidence Score: 5/5

Safe to merge — single-file, targeted fix with no logic changes beyond adding one zone ID.

The change is minimal and correct: it adds one verified zone ID and refactors repetition into a loop. Zone ID was cross-verified against a deleted script in the PR description. The IFS-based parsing is idiomatic bash, all three purges remain sequential (consistent with pre-PR behavior), and set -euxo pipefail ensures failures are surfaced. No regressions possible.

No files require special attention.

Important Files Changed

Filename Overview
scripts/publish-s3.sh Refactors three sequential Cloudflare purge calls into a loop over a ZONES array and adds the missing en.dev zone (531d003297f1f4ae2415b41f7f5da8fa) that serves mise.en.dev

Sequence Diagram

sequenceDiagram
    participant GH as GitHub Actions
    participant S3 as AWS S3
    participant CF as Cloudflare API

    GH->>S3: Upload install.sh / install.sh.minisig (cache-control: immutable, max-age=86400)
    GH->>S3: Upload tarballs, debs, rpms

    loop For each CDN zone
        GH->>CF: POST /zones/jdx.dev/purge_cache { purge_everything }
        CF-->>GH: 200 OK
        GH->>CF: POST /zones/en.dev/purge_cache { purge_everything }
        CF-->>GH: 200 OK
        GH->>CF: POST /zones/mise.run/purge_cache { purge_everything }
        CF-->>GH: 200 OK
    end

    Note over CF: All three zones now serve the new install.sh + minisig atomically
Loading

Reviews (1): Last reviewed commit: "fix(release): purge mise.en.dev CDN zone..." | Re-trigger Greptile

@jdx jdx enabled auto-merge (squash) April 26, 2026 23:38
@jdx jdx merged commit 87e7d12 into main Apr 26, 2026
38 checks passed
@jdx jdx deleted the claude/purge-en-dev-cdn branch April 26, 2026 23:50
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 26, 2026

Hyperfine Performance

mise x -- echo

Command Mean [ms] Min [ms] Max [ms] Relative
mise-2026.4.23 x -- echo 18.7 ± 0.3 18.1 19.8 1.00
mise x -- echo 19.3 ± 0.7 18.5 30.6 1.03 ± 0.04

mise env

Command Mean [ms] Min [ms] Max [ms] Relative
mise-2026.4.23 env 18.5 ± 0.5 17.7 20.8 1.00
mise env 18.7 ± 0.3 18.0 20.2 1.01 ± 0.03

mise hook-env

Command Mean [ms] Min [ms] Max [ms] Relative
mise-2026.4.23 hook-env 19.0 ± 0.5 18.3 21.2 1.00
mise hook-env 19.3 ± 0.4 18.6 21.6 1.02 ± 0.03

mise ls

Command Mean [ms] Min [ms] Max [ms] Relative
mise-2026.4.23 ls 19.0 ± 0.6 18.3 25.3 1.00
mise ls 19.5 ± 0.4 18.9 23.5 1.03 ± 0.04

xtasks/test/perf

Command mise-2026.4.23 mise Variance
install (cached) 125ms 129ms -3%
ls (cached) 65ms 67ms -2%
bin-paths (cached) 68ms 68ms +0%
task-ls (cached) 618ms 624ms +0%

@mise-en-dev mise-en-dev mentioned this pull request Apr 27, 2026
Merged
mise-en-dev added a commit that referenced this pull request Apr 27, 2026
@mise-en-dev
chore: release 2026.4.24 (#9413)
40b63b2 
### 🚀 Features

- **(ls-remote)** add `prereleases` setting and `--prerelease` flag by
@jdx in [#9415](#9415)

### 🐛 Bug Fixes

- **(http)** retry transient HTTP failures with backoff and warn on
rescue by @jdx in [#9414](#9414)
- **(release)** purge mise.en.dev CDN zone after each S3 publish by @jdx
in [#9416](#9416)

### 📚 Documentation

- prefix GitHub star count with ★ glyph by @jdx in
[#9417](#9417)
- update intro messaging by @jdx in
[#9418](#9418)
@BrewTestBot BrewTestBot mentioned this pull request Apr 27, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jdx