From 07354f7218c39fb9d0b0b2ce9642deb59abc6196 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gast=C3=B3n=20Fournier?= Date: Fri, 24 May 2024 09:28:39 +0200 Subject: [PATCH] chore: workflows call workflows (#7089) Relying on tags to trigger workflows makes it hard to trace what's happening after a release, currently: 1. We manually trigger a release workflow 2. The release workflow executes and tags the new release in code 3. Several other workflows trigger after matching the tag doing different things: build docker images, tarballs and other things. This creates a loose dependency between the workflows which are actually part of the same "release workflow" which makes it difficult to spot when one or other dependent workflow fails because the dependency is indirect through the tagging mechanism. This PR switches to a more direct approach using [workflow calls](https://docs.github.com/en/actions/using-workflows/reusing-workflows). This will create a graph as shown in the following graph: ![](https://docs.github.com/assets/cb-34427/mw-1440/images/help/actions/reusable-workflows-ci-cd.webp) making it easier to track and identify any problem. The "drawback" of this approach is that previously we could trigger all dependent workflows at once by creating a tag matching the expected pattern without manually triggering a new release. This limitation can be overcome by adding a manual workflow_dispatch to the workflows using the tag trigger. --- .github/workflows/docker_publish.yaml | 23 +++++----- .github/workflows/notify_enterprise.yaml | 6 --- .github/workflows/publish-new-version.yaml | 44 ++++++++++++------- .github/workflows/release.yaml | 14 +++--- .github/workflows/release_changelog.yml | 21 +++++---- .../update_version_for_version_checker.yml | 6 +++ 6 files changed, 64 insertions(+), 50 deletions(-) diff --git a/.github/workflows/docker_publish.yaml b/.github/workflows/docker_publish.yaml index 281598af8f..e889d477cb 100644 --- a/.github/workflows/docker_publish.yaml +++ b/.github/workflows/docker_publish.yaml @@ -6,14 +6,13 @@ on: - main paths-ignore: - website/** - tags: - - 'v*' - workflow_dispatch: + workflow_call: inputs: - ignore-push: - description: 'Ignore push to dockerhub. If not set the image will be pushed with the sha of the commit as tag' - required: false - type: boolean + version: + description: "Which version to release" + type: 'string' + required: true + workflow_dispatch: jobs: build: @@ -35,10 +34,10 @@ jobs: images: | unleashorg/unleash-server tags: | - # only enabled for v* tags: - type=semver,pattern={{ version }},enable=${{ startsWith(github.ref, 'refs/tags/v') }} - type=semver,pattern={{ major.minor }},enable=${{ startsWith(github.ref, 'refs/tags/v') }} - type=semver,pattern={{ major }},enable=${{ startsWith(github.ref, 'refs/tags/v') }} + # only enabled for workflow dispatch except main (assume its a release): + type=semver,pattern={{ version }},enable=${{ github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' }},value=${{ inputs.version }} + type=semver,pattern={{ major }}.{{ minor }},enable=${{ github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' }},value=${{ inputs.version }} + type=semver,pattern={{ major }},enable=${{ github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' }},value=${{ inputs.version }} # only enabled in main: type=edge,prefix=main-,suffix=-${{ matrix.version }},enable=${{ github.ref == 'refs/heads/main' }} # only enabled on workflow_dispatch: @@ -57,7 +56,7 @@ jobs: with: context: . platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.ignore-push != 'true' }} + push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: NODE_VERSION=${{ matrix.version }} diff --git a/.github/workflows/notify_enterprise.yaml b/.github/workflows/notify_enterprise.yaml index a7570c96be..d842e267c2 100644 --- a/.github/workflows/notify_enterprise.yaml +++ b/.github/workflows/notify_enterprise.yaml @@ -7,12 +7,6 @@ on: paths-ignore: - website/** - coverage/** -# not sure if we will have all the payload as the push to main has. -# workflow_run: -# workflows: [ 'Publish to npm' ] -# types: [ completed ] -# branches: -# - 'main' jobs: build: diff --git a/.github/workflows/publish-new-version.yaml b/.github/workflows/publish-new-version.yaml index d608f581db..2c8b543727 100644 --- a/.github/workflows/publish-new-version.yaml +++ b/.github/workflows/publish-new-version.yaml @@ -54,14 +54,18 @@ jobs: echo PREV=$(git describe --tags ${PREV_COMMIT}) >> $GITHUB_ENV - if: ${{ !endsWith(github.event.inputs.version, '0') }} run: echo PREV=$(git describe --abbrev=0) >> $GITHUB_ENV - - name: Generate changelog if not pre-release + - name: Generate changelog from ${{ env.PREV }} continue-on-error: true if: ${{ !contains(github.event.inputs.version, '-') }} env: PREV: ${{ env.PREV }} run: | - git-cliff ${PREV}..HEAD --tag v${{ github.event.inputs.version }} --prepend CHANGELOG.md + git-cliff ${{ env.PREV }}..HEAD --tag v${{ github.event.inputs.version }} --prepend CHANGELOG.md + if [ -n "$(git status --porcelain)" ]; then git commit -am "docs: Update CHANGELOG.md" + else + echo "No changes to CHANGELOG.md" + fi - run: yarn install --frozen-lockfile --ignore-scripts - name: npm version run: | @@ -106,19 +110,27 @@ jobs: git commit -m "chore: bump version to ${{ github.event.inputs.version }}+main" git push origin main - update-version-checker: + publish-docker: needs: build + uses: ./.github/workflows/docker_publish.yaml + with: + version: ${{ github.event.inputs.version }} + + publish-npm: + needs: build + uses: ./.github/workflows/release.yaml + with: + version: ${{ github.event.inputs.version }} + + release-changelog: # TODO this changelog is different than the git-cliff one above + needs: build + uses: ./.github/workflows/release_changelog.yml + with: + version: ${{ github.event.inputs.version }} + + update-version-checker: + needs: publish-docker if: ${{ github.event.inputs.update-version-function == 'true' }} - runs-on: ubuntu-latest - steps: - - name: Authenticate Google IAM - uses: 'google-github-actions/auth@v2' - with: - workload_identity_provider: 'projects/340004706233/locations/global/workloadIdentityPools/gh-actions-pool/providers/github-actions-oidc-unleash' - service_account: 'versionUpdateSa@metrics-304612.iam.gserviceaccount.com' - token_format: 'access_token' - - name: Update version checker - uses: 'Unleash/update-version-action@v0' - with: - version: ${{ github.event.inputs.version }} - distribution: 'oss' + uses: ./.github/workflows/update_version_for_version_checker.yml + with: + version: ${{ github.event.inputs.version }} diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index dce9c7558b..f69c61c7c7 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,8 +1,11 @@ name: 'Publish to npm' on: - push: - tags: - - 'v*' + workflow_call: + inputs: + version: + description: "Which version number should we use for the release" + type: 'string' + required: true jobs: build: @@ -35,9 +38,6 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_DEFAULT_REGION }} - - name: Get the version - id: get_version - run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//} - name: Publish static assets to S3 run: | - aws s3 cp frontend/build s3://getunleash-static/unleash/${{ steps.get_version.outputs.VERSION }} --recursive + aws s3 cp frontend/build s3://getunleash-static/unleash/v${{ inputs.version }} --recursive diff --git a/.github/workflows/release_changelog.yml b/.github/workflows/release_changelog.yml index 5a6c21a9e1..ac4f6a2936 100644 --- a/.github/workflows/release_changelog.yml +++ b/.github/workflows/release_changelog.yml @@ -1,12 +1,14 @@ -name: 'Releases' +name: 'Release changelog' on: - push: - tags: - - 'v*' + workflow_call: + inputs: + version: + description: "Which version number should we use for the release" + type: 'string' + required: true jobs: release: - if: startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: - name: Checkout code @@ -16,12 +18,13 @@ jobs: uses: metcalfc/changelog-generator@v4.3.1 with: myToken: ${{ secrets.GITHUB_TOKEN }} + base-ref: v${{ inputs.version }} - name: Create release - uses: actions/create-release@v1 + uses: softprops/action-gh-release@v2 with: - tag_name: ${{ github.ref }} - release_name: ${{ github.ref }} + tag_name: v${{ inputs.version }} + name: v${{ inputs.version }} body: ${{ steps.github_release.outputs.changelog }} - prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'alpha') }} + prerelease: ${{ contains(inputs.version, 'beta') || contains(inputs.version, 'alpha') }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/update_version_for_version_checker.yml b/.github/workflows/update_version_for_version_checker.yml index 4f1c937aca..bce8842ba4 100644 --- a/.github/workflows/update_version_for_version_checker.yml +++ b/.github/workflows/update_version_for_version_checker.yml @@ -5,6 +5,12 @@ permissions: contents: read on: + workflow_call: + inputs: + version: + description: "Which version should we set OSS to" + type: 'string' + required: true workflow_dispatch: inputs: version: