Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add reusable workflows for release #63

Merged

Conversation

friedrichwilken
Copy link
Contributor

@friedrichwilken friedrichwilken commented Jan 30, 2024

Description

Changes proposed in this pull request:

  • add reusable workflow that gets version from branch
  • add reusable workflow that renders and uploads manifests
  • add reusable workflow that creates a draft release
  • add reusable workflow that publishes a draft release
  • add reusable workflow that triggers and awaits prow jobs
  • improve the bump-sec-scanners-config-reusable.yml workflow

Related issue(s)
kyma-project/eventing-manager#361

@friedrichwilken friedrichwilken requested a review from a team as a code owner January 30, 2024 16:03
@kyma-bot kyma-bot added area/ci Issues or PRs related to CI related topics cla: yes Indicates the PR's author has signed the CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Jan 30, 2024
@friedrichwilken friedrichwilken linked an issue Jan 31, 2024 that may be closed by this pull request
3 tasks
@@ -157,11 +156,11 @@ jobs:
run: |
echo "please review ${PR_URL}"

- name: Wait for PR to be Merged
if: ${{ env.CREATE_PR == 'true' }}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you tested this line if it worked as before? I think, it doesn't work as if is outside the job.

Copy link
Contributor Author

@friedrichwilken friedrichwilken Jan 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not touch this line in this PR.

But yes, in the PR that created this, I mention:

tested by creating a carbon copy of it here and using it here. The workflow was triggered here, resulting in this PR. After merging the PR, the started workflow finished successfully.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

echo "PR_URL=${PR_URL}" >> $GITHUB_ENV
is like defining a env var in the job; it will become available in all the steps.

git config user.name "${ghusername}"
# set git mail address
ghmailaddress=$(curl -H "Authorization: token ${GH_TOKEN}" https://api.github.com/email)
ghmailaddress="${ghusername}@users.noreply.github.com"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why do you want no reply email thing?

Copy link
Contributor Author

@friedrichwilken friedrichwilken Jan 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

because the kyma-eventing-bot will not answer emails.

GH_TOKEN: ${{ secrets.BOT_PAT }}
shell: bash
run: |
gh release edit "${VERSION}" --draft=false --latest
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you have --latest flag because if set the latest release is edited. We want to edit the VERSION. Should we delete the latest flag?

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have set the --latest flag because it will mark the release -identified as VERSION- as latest.

--latest                       Explicitly mark the release as "Latest"

In this step we edit the draft release and turn it into a real release. We also set it to be the latest release.
I think we should leave this flag.

required: true
type: string
description: The semantic version number.
TIMEOUT:
Copy link

@muralov muralov Jan 31, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see TIMEOUT is not used anywhere.

TIMEOUT:
type: number
default: 60000 # 10 minutes in miliseconds
INTERVAL:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see INTERVAL is not used anywhere.

Comment on lines 28 to 29
# version_tag: 2.3.4
# timeout: 3600 # 1 hour
# TIMEOUT: 3600 # 1 hour
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lowercase or Uppercase version_tag and TIMEOUT, please keep this consistent.

@@ -87,29 +84,30 @@ jobs:
echo "CREATE_PR=true" >> $GITHUB_ENV
fi

- name: Print Content of sec-scanners-config.yaml
if: ${{ always() }}
Copy link
Contributor

@marcobebway marcobebway Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need if always? Can we remove it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

always() will make sure this will get executed even if an earlier step fails. This is particularly useful for debugging say in case you want to know if at least rendering the file went all right.

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

always() will ensure this will get executed even if an earlier step fails. This is particularly useful for debugging say in case you want to know if at least rendering the file went all right.

shell: bash
run: |
# set git username
ghusername=$(curl -H "Authorization: token ${GH_TOKEN}" https://api.github.com/user)
ghusername=$(curl -s -H "Authorization: token ${GH_TOKEN}" https://api.github.com/user | jq '.login')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a step to install jq or is it available out of the box?

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jq is available on the ubuntu-latest image used by GitHub.

type: string
description: The semantic version number.
secrets:
BOT_PAT:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(nit) for readability, does it make sense to rename BOT_PAT to BOT_TOKEN?

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mhh, I am indifferent to the wording. My argument for PAT is that the personal access token is a special kind of token. But BOT_TOKEN would be fine for me too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you say?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is a nitpick, let's keep the pat!

uses: actions/checkout@v4

- name: Render sec-scanners-config.yaml
env:
VERSION_TAG: ${{ inputs.version_tag }}
shell: bash
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why shell: bash is removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that was a mishap and I will revert it.

GH_TOKEN: ${{ secrets.GH_TOKEN }}
shell: bash
run: |
# Note: your repository needs to have this script.
Copy link
Contributor

@marcobebway marcobebway Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this script does not exist, will there be an error message indicating that?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

./hack/scripts/create_changelog.sh "${VERSION}"

- name: Print out changelog
run: cat CHANGELOG.md
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there are no changes, what will be printed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That depends on the script. With what we have it will be only headlines and a link to the full changelogs.

Copy link
Contributor

@marcobebway marcobebway Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it make sense here to print a message before and after the cat indicating the beginning and end of the change log?

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's the reason why I placed this in its own step. I makes it easy to find and easy to read. It will look like this

|> Run cat CHANGELOG.md
Changelog blah blah blah
Changelog blah 
Changelog blah-blah

So to answer the question, no, I think it is good already.

outputs:
VERSION:
description: "The semantic version x.y.z, e.g.: 1.7.4"
value: ${{ jobs.create-version.outputs.VERSION }}
Copy link
Contributor

@marcobebway marcobebway Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the name create-version under our control? If yes, please rename it to create_version to be consistent with similar names in other places like ${{ github.repository_owner }}.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In github actions it is customary practice to name jobs and step IDs with a dash.

my-job:
  steps: 
     - name: "my step"
        id: my-step

while env vars and secrets spelled most of the time with an underscore e.g. MY_VAR and MY_SECRET

run: |
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
[[ $CURRENT_BRANCH =~ ^release-([0-9]+)\.([0-9]+)$ ]] || exit 1
echo "MAJOR=${BASH_REMATCH[1]}" >> $GITHUB_ENV
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the value of BASH_REMATCH? Which part sets that value?

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

$BASH_REMATCH is an array and contains the matches of a regular expression.
doc
A very handy little tool.

@@ -0,0 +1,60 @@
name: Render and upload manifests (reusable)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The filename is misspelled:
render-and-upload-manifests-reusbale.yml -> render-and-upload-manifests-reusable.yml

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks! Resolved.

Comment on lines 46 to 47
# set git mail address
ghmailaddress="${ghusername}@users.noreply.github.com"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(nit) mail -> email

Copy link
Contributor Author

@friedrichwilken friedrichwilken Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reasonable. I changed it.

@friedrichwilken friedrichwilken changed the title Add resuable workflows for release Add reusable workflows for release Feb 1, 2024
@kyma-bot kyma-bot added the lgtm Looks good to me! label Feb 1, 2024
@kyma-bot kyma-bot merged commit d491378 into kyma-project:main Feb 1, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/ci Issues or PRs related to CI related topics cla: yes Indicates the PR's author has signed the CLA. lgtm Looks good to me! size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants