From 067aa19eae7b4801b58ed6ea6bb9e1388b1e8dd0 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 10:18:28 -0400 Subject: [PATCH 1/7] fix(ci): update logic check in reuseable pipeline so that it is always green for expected cases --- .github/workflows/reusable_dockerfile_pipeline.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index 1a1da6c..4f6b224 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -113,8 +113,9 @@ jobs: # yamllint enable # Log the key inputs to the logic as well a the outputs. We check that - # build_for_pr and build_for_merge are never equal as that would indicate a - # bug. + # build_for_pr and build_for_merge are never equal when they are true as that + # would indicate a bug. If they are both false, this is ok, as this is the + # case on pushing commits to a PR. logic-check: needs: prepare-env runs-on: "ubuntu-latest" @@ -129,7 +130,9 @@ jobs: echo "build_for_merge: ${{ needs.prepare-env.outputs.build_for_merge }}" echo "not_a_fork: ${{ needs.prepare-env.outputs.not_a_fork }}" - name: Check logic - if: ${{ needs.prepare-env.outputs.build_for_pr == needs.prepare-env.outputs.build_for_merge }} + if: | + (needs.prepare-env.outputs.build_for_pr == needs.prepare-env.outputs.build_for_merge) + && needs.prepare-env.outputs.build_for_pr != 'false' run: | echo "Failing step due to build_for_pr == build_for_merge" exit 1 From b41e05028ed3284ae101f7c980867644cd81ed58 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 10:29:24 -0400 Subject: [PATCH 2/7] ci: testing quit early --- .github/workflows/reusable_dockerfile_pipeline.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index 4f6b224..a8fe9ff 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -212,6 +212,10 @@ jobs: # We only want to run when the registry is able to run on PR or if it is a merge event run: echo "run=${{ matrix.registry.run-on-pr == needs.prepare-env.outputs.build_for_pr || needs.prepare-env.outputs.build_for_merge == 'true'}}" >> "$GITHUB_OUTPUT" + - name: Quit Early + if: ${{ steps.run_check.outputs.run == 'false'}} + run: exit 0 + - name: Checkout if: ${{ steps.run_check.outputs.run == 'true'}} uses: "actions/checkout@v4" From e3b88e8b60ad1bb0045e872b216430ef7f8968a6 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 10:39:33 -0400 Subject: [PATCH 3/7] ci: further logic clean up --- .github/workflows/reusable_dockerfile_pipeline.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index a8fe9ff..13ec696 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -179,6 +179,11 @@ jobs: runs-on: "ubuntu-latest" # wait until the jobs are finished. needs: ["prepare-env", "logic-check", "docker-security"] + # Don't run if both logic flags are false. This is the case for push events + # on PR commits. + if: | + needs.prepare-env.outputs.build_for_pr != 'false' + && needs.prepare-env.outputs.build_for_merge != 'false' permissions: contents: write packages: write @@ -217,11 +222,9 @@ jobs: run: exit 0 - name: Checkout - if: ${{ steps.run_check.outputs.run == 'true'}} uses: "actions/checkout@v4" - name: Login to ${{ matrix.registry.name }} - if: ${{ steps.run_check.outputs.run == 'true'}} uses: docker/login-action@v3 with: registry: ${{ matrix.registry.registry-url }} @@ -229,7 +232,6 @@ jobs: password: ${{ secrets[matrix.registry.token-secret] }} - name: Extract Docker Metadata - if: ${{ steps.run_check.outputs.run == 'true'}} id: meta uses: docker/metadata-action@v5 env: @@ -253,11 +255,9 @@ jobs: # yamllint enable - name: Set up QEMU - if: ${{ steps.run_check.outputs.run == 'true'}} uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx - if: ${{ steps.run_check.outputs.run == 'true'}} uses: docker/setup-buildx-action@v3 # Build and Publish images on main, master, and versioned branches. @@ -267,7 +267,7 @@ jobs: # the amd64 image since building the arm64 image takes significantly # longer. - name: "Merge on Main Trigger: Build and Push All Docker Images" - if: ${{ needs.prepare-env.outputs.build_for_merge == 'true' && steps.run_check.outputs.run == 'true'}} + if: ${{ needs.prepare-env.outputs.build_for_merge == 'true' }} uses: docker/build-push-action@v5 env: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} @@ -287,7 +287,7 @@ jobs: # forks can't push, we still want to try and build the image to catch # bugs. For testing purposes we only need an amd64 image. - name: "Pull Request Trigger: Build and Push amd64 Docker Image" - if: ${{ needs.prepare-env.outputs.build_for_pr == 'true' && steps.run_check.outputs.run == 'true'}} + if: ${{ needs.prepare-env.outputs.build_for_pr == 'true' }} uses: docker/build-push-action@v5 env: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} From 9f445d61eacad1b4a3f4c5b4386cf57fc61dc499 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 10:44:25 -0400 Subject: [PATCH 4/7] fix(ci): fix if condition --- .github/workflows/reusable_dockerfile_pipeline.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index 13ec696..5d570ef 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -182,8 +182,8 @@ jobs: # Don't run if both logic flags are false. This is the case for push events # on PR commits. if: | - needs.prepare-env.outputs.build_for_pr != 'false' - && needs.prepare-env.outputs.build_for_merge != 'false' + needs.prepare-env.outputs.build_for_pr == 'false' + && needs.prepare-env.outputs.build_for_merge == 'false' permissions: contents: write packages: write From dfe047e3d3dc163dba6f5d70686555d058433ae6 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 10:55:37 -0400 Subject: [PATCH 5/7] fix(ci): proper if condition fix --- .github/workflows/reusable_dockerfile_pipeline.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index 5d570ef..df2d3cf 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -179,11 +179,13 @@ jobs: runs-on: "ubuntu-latest" # wait until the jobs are finished. needs: ["prepare-env", "logic-check", "docker-security"] - # Don't run if both logic flags are false. This is the case for push events - # on PR commits. + # We only want to run this step if one of the build flags is true. We don't + # run if both logic flags are false. This is the case for push events on PR + # commits. The logic-check job protects us from the case of both build flags + # being equal to true. if: | - needs.prepare-env.outputs.build_for_pr == 'false' - && needs.prepare-env.outputs.build_for_merge == 'false' + needs.prepare-env.outputs.build_for_pr == 'true' + || needs.prepare-env.outputs.build_for_merge == 'true' permissions: contents: write packages: write From f866faf6298cc8fcb37e8bfaa8d4aed90ec12895 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 11:18:56 -0400 Subject: [PATCH 6/7] fix(ci): some logic reverting --- .github/workflows/reusable_dockerfile_pipeline.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index df2d3cf..c310c44 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -220,13 +220,15 @@ jobs: run: echo "run=${{ matrix.registry.run-on-pr == needs.prepare-env.outputs.build_for_pr || needs.prepare-env.outputs.build_for_merge == 'true'}}" >> "$GITHUB_OUTPUT" - name: Quit Early - if: ${{ steps.run_check.outputs.run == 'false'}} + if: ${{ steps.run_check.outputs.run == 'true'}} run: exit 0 - name: Checkout + if: ${{ steps.run_check.outputs.run == 'true'}} uses: "actions/checkout@v4" - name: Login to ${{ matrix.registry.name }} + if: ${{ steps.run_check.outputs.run == 'true'}} uses: docker/login-action@v3 with: registry: ${{ matrix.registry.registry-url }} @@ -234,6 +236,7 @@ jobs: password: ${{ secrets[matrix.registry.token-secret] }} - name: Extract Docker Metadata + if: ${{ steps.run_check.outputs.run == 'true'}} id: meta uses: docker/metadata-action@v5 env: @@ -257,9 +260,11 @@ jobs: # yamllint enable - name: Set up QEMU + if: ${{ steps.run_check.outputs.run == 'true'}} uses: docker/setup-qemu-action@v3 - name: Set up Docker Buildx + if: ${{ steps.run_check.outputs.run == 'true'}} uses: docker/setup-buildx-action@v3 # Build and Publish images on main, master, and versioned branches. @@ -269,7 +274,7 @@ jobs: # the amd64 image since building the arm64 image takes significantly # longer. - name: "Merge on Main Trigger: Build and Push All Docker Images" - if: ${{ needs.prepare-env.outputs.build_for_merge == 'true' }} + if: ${{ needs.prepare-env.outputs.build_for_merge == 'true' && steps.run_check.outputs.run == 'true'}} uses: docker/build-push-action@v5 env: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} @@ -289,7 +294,7 @@ jobs: # forks can't push, we still want to try and build the image to catch # bugs. For testing purposes we only need an amd64 image. - name: "Pull Request Trigger: Build and Push amd64 Docker Image" - if: ${{ needs.prepare-env.outputs.build_for_pr == 'true' }} + if: ${{ needs.prepare-env.outputs.build_for_pr == 'true' && steps.run_check.outputs.run == 'true'}} uses: docker/build-push-action@v5 env: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} From 595df8b3554046a4a450525a2da55349acd1119f Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Mon, 25 Mar 2024 11:22:45 -0400 Subject: [PATCH 7/7] chore: missed deletion on file save --- .github/workflows/reusable_dockerfile_pipeline.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index c310c44..ef8823a 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -219,10 +219,6 @@ jobs: # We only want to run when the registry is able to run on PR or if it is a merge event run: echo "run=${{ matrix.registry.run-on-pr == needs.prepare-env.outputs.build_for_pr || needs.prepare-env.outputs.build_for_merge == 'true'}}" >> "$GITHUB_OUTPUT" - - name: Quit Early - if: ${{ steps.run_check.outputs.run == 'true'}} - run: exit 0 - - name: Checkout if: ${{ steps.run_check.outputs.run == 'true'}} uses: "actions/checkout@v4"