-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add reusable workflows for release #63
Add reusable workflows for release #63
Conversation
@@ -157,11 +156,11 @@ jobs: | |||
run: | | |||
echo "please review ${PR_URL}" | |||
|
|||
- name: Wait for PR to be Merged | |||
if: ${{ env.CREATE_PR == 'true' }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you tested this line if it worked as before? I think, it doesn't work as if is outside the job.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
echo "PR_URL=${PR_URL}" >> $GITHUB_ENV
is like defining a env var in the job; it will become available in all the steps.
git config user.name "${ghusername}" | ||
# set git mail address | ||
ghmailaddress=$(curl -H "Authorization: token ${GH_TOKEN}" https://api.github.com/email) | ||
ghmailaddress="${ghusername}@users.noreply.github.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why do you want no reply email thing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because the kyma-eventing-bot
will not answer emails.
GH_TOKEN: ${{ secrets.BOT_PAT }} | ||
shell: bash | ||
run: | | ||
gh release edit "${VERSION}" --draft=false --latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you have --latest
flag because if set the latest release is edited. We want to edit the VERSION. Should we delete the latest flag?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have set the --latest
flag because it will mark the release -identified as VERSION- as latest
.
--latest Explicitly mark the release as "Latest"
In this step we edit the draft release and turn it into a real release. We also set it to be the latest
release.
I think we should leave this flag.
required: true | ||
type: string | ||
description: The semantic version number. | ||
TIMEOUT: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see TIMEOUT
is not used anywhere.
TIMEOUT: | ||
type: number | ||
default: 60000 # 10 minutes in miliseconds | ||
INTERVAL: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see INTERVAL
is not used anywhere.
# version_tag: 2.3.4 | ||
# timeout: 3600 # 1 hour | ||
# TIMEOUT: 3600 # 1 hour |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lowercase or Uppercase version_tag
and TIMEOUT
, please keep this consistent.
@@ -87,29 +84,30 @@ jobs: | |||
echo "CREATE_PR=true" >> $GITHUB_ENV | |||
fi | |||
|
|||
- name: Print Content of sec-scanners-config.yaml | |||
if: ${{ always() }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need if always
? Can we remove it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
always() will make sure this will get executed even if an earlier step fails. This is particularly useful for debugging say in case you want to know if at least rendering the file went all right.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
always() will ensure this will get executed even if an earlier step fails. This is particularly useful for debugging say in case you want to know if at least rendering the file went all right.
shell: bash | ||
run: | | ||
# set git username | ||
ghusername=$(curl -H "Authorization: token ${GH_TOKEN}" https://api.github.com/user) | ||
ghusername=$(curl -s -H "Authorization: token ${GH_TOKEN}" https://api.github.com/user | jq '.login') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a step to install jq
or is it available out of the box?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
jq
is available on the ubuntu-latest
image used by GitHub.
type: string | ||
description: The semantic version number. | ||
secrets: | ||
BOT_PAT: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit) for readability, does it make sense to rename BOT_PAT
to BOT_TOKEN
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mhh, I am indifferent to the wording. My argument for PAT is that the personal access token is a special kind of token. But BOT_TOKEN
would be fine for me too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What do you say?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is a nitpick, let's keep the pat!
uses: actions/checkout@v4 | ||
|
||
- name: Render sec-scanners-config.yaml | ||
env: | ||
VERSION_TAG: ${{ inputs.version_tag }} | ||
shell: bash |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why shell: bash
is removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that was a mishap and I will revert it.
GH_TOKEN: ${{ secrets.GH_TOKEN }} | ||
shell: bash | ||
run: | | ||
# Note: your repository needs to have this script. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If this script does not exist, will there be an error message indicating that?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
./hack/scripts/create_changelog.sh "${VERSION}" | ||
|
||
- name: Print out changelog | ||
run: cat CHANGELOG.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there are no changes, what will be printed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That depends on the script. With what we have it will be only headlines and a link to the full changelogs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does it make sense here to print a message before and after the cat
indicating the beginning and end of the change log?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's the reason why I placed this in its own step. I makes it easy to find and easy to read. It will look like this
|> Run cat CHANGELOG.md
Changelog blah blah blah
Changelog blah
Changelog blah-blah
So to answer the question, no, I think it is good already.
outputs: | ||
VERSION: | ||
description: "The semantic version x.y.z, e.g.: 1.7.4" | ||
value: ${{ jobs.create-version.outputs.VERSION }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the name create-version
under our control? If yes, please rename it to create_version
to be consistent with similar names in other places like ${{ github.repository_owner }}
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In github actions it is customary practice to name jobs and step IDs with a dash.
my-job:
steps:
- name: "my step"
id: my-step
while env vars and secrets spelled most of the time with an underscore e.g. MY_VAR
and MY_SECRET
run: | | ||
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | ||
[[ $CURRENT_BRANCH =~ ^release-([0-9]+)\.([0-9]+)$ ]] || exit 1 | ||
echo "MAJOR=${BASH_REMATCH[1]}" >> $GITHUB_ENV |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the value of BASH_REMATCH
? Which part sets that value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$BASH_REMATCH is an array and contains the matches of a regular expression.
doc
A very handy little tool.
@@ -0,0 +1,60 @@ | |||
name: Render and upload manifests (reusable) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The filename is misspelled:
render-and-upload-manifests-reusbale.yml
-> render-and-upload-manifests-reusable.yml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks! Resolved.
# set git mail address | ||
ghmailaddress="${ghusername}@users.noreply.github.com" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit) mail
-> email
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reasonable. I changed it.
Description
Changes proposed in this pull request:
bump-sec-scanners-config-reusable.yml
workflowRelated issue(s)
kyma-project/eventing-manager#361