Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a helper script for testing GitHub Actions on forked repositories #2235

Merged
merged 7 commits into from
Jul 29, 2024
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions .github/workflows/delivery-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,9 @@ on:
default: false

env:
REPO_NAME: 'index.docker.io'
hhiroshell marked this conversation as resolved.
Show resolved Hide resolved
USER_NAME: 'buildpacksio'
IMG_NAME: 'pack'
USERNAME: 'buildpacksio'

jobs:
deliver-docker:
Expand Down Expand Up @@ -52,7 +53,7 @@ jobs:
with:
ref: v${{ steps.version.outputs.result }}
- name: Determine App Name
run: 'echo "IMG_NAME=${{ env.USERNAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
run: 'echo "IMG_NAME=${{ env.REPO_NAME }}/${{ env.USER_NAME }}/${{ env.IMG_NAME }}" >> $GITHUB_ENV'
hhiroshell marked this conversation as resolved.
Show resolved Hide resolved
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
Expand Down
23 changes: 23 additions & 0 deletions DEVELOPMENT.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,29 @@ Alternatively, you can use Gitpod to run pre-configured dev environment in the c

* Symlinks - Some of our tests attempt to create symlinks. On Windows, this requires the [permission to be provided](https://stackoverflow.com/a/24353758).

### Testing GitHub actions on forks

The pack release process involves chaining a series of GitHub actions together, such as:
* The "build" workflow, which creates:
* .tgz files containing the pack binaries and shasums for the .tgz files
* a draft release with the above artifacts
* The "delivery-docker" workflow, which builds and pushes OCI images containing the pack binary
* The "benchmark" workflow, which runs performance checks for each commit and uploads reports to GitHub Pages

It can be rather cumbersome to test changes to these workflows, as they are heavily intertwined. Thus, we recommend forking the buildpacks/pack repository on GitHub and running through the entire release process end-to-end.

For the fork, it is necessary to complete the following preparations:

* Add the following secrets:
* `DOCKER_PASSWORD` for the delivery-docker workflow, if not using ghcr.io
* `DOCKER_USERNAME` for the delivery-docker workflow, if not using ghcr.io
* `DEPLOY_KEY` for the release-merge workflow, as a SSH private key for repository access
* Enable the issues feature on the repository and create `status/triage` and `type/bug` labels for the check-latest-release workflow
* Create a branch named `gh-pages` for uploading benchmark reports for the benchmark workflow

The `tools/test-fork.sh` script can be used to update the source code to reflect the state of the fork and disable workflows that should not run on the fork repository.
It can be invoked like so: `./tools/test-fork.sh <registry repo name>`

## Tasks

### Building
Expand Down
77 changes: 77 additions & 0 deletions tools/test-fork.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
#!/usr/bin/env bash

readonly wfdir=".github/workflows"

# $1 - registry repo name

echo "Parse registry: $1"
firstPart=$(echo "$1" | cut -d/ -f1)
secondPart=$(echo "$1" | cut -d/ -f2)
thirdPart=$(echo "$1" | cut -d/ -f3)

registry=""
username=""
reponame=""
if [[ -z $thirdPart ]]; then # assume Docker Hub
registry="index.docker.io"
username=$firstPart
reponame=$secondPart
else
registry=$firstPart
username=$secondPart
reponame=$thirdPart
fi

echo "Using registry $registry and username $username"
if [[ $reponame != "pack" ]]; then
echo "Repo name must be 'pack'"
exit 1
fi

echo "Disabling workflows that should not run on the forked repository"
disable=(
delivery-archlinux-git.yml
delivery-archlinux.yml
delivery-chocolatey.yml
delivery-homebrew.yml
delivery-release-dispatch.yml
delivery-ubuntu.yml
privileged-pr-process.yml
)
for d in "${disable[@]}"; do
if [ -e "$wfdir/$d" ]; then
mv "$wfdir/$d" "$wfdir/$d.disabled"
fi
done

echo "Removing upstream maintainers from the benchmark alert CC"
sed -i '' "/alert-comment-cc-users:/d" $wfdir/benchmark.yml

echo "Removing the architectures that require self-hosted runner from the build strategies."
sed -i '' "/config: \[.*\]/ s/windows-lcow, //g" $wfdir/build.yml
sed -i '' "/- config: windows-lcow/,+4d" $wfdir/build.yml

echo "Replacing the registry account with owned one (assumes DOCKER_PASSWORD and DOCKER_USERNAME have been added to GitHub secrets, if not using ghcr.io)"
sed -i '' "s/buildpacksio\/pack/$registry\/$username\/$reponame/g" $wfdir/check-latest-release.yml
sed -i '' "/REPO_NAME: 'index.docker.io'/ s/index.docker.io/$registry/g" $wfdir/delivery-docker.yml
sed -i '' "/USER_NAME: 'buildpacksio'/ s/buildpacksio/$username/g" $wfdir/delivery-docker.yml

if [[ $registry != "index.docker.io" ]]; then
echo "Updating login action to specify the registry"
sed -i '' "s/username: \${{ secrets.DOCKER_USERNAME }}/registry: $registry\n username: $username/g" $wfdir/delivery-docker.yml
fi

if [[ $registry == *"ghcr.io"* ]]; then
echo "Updating login action to use GitHub token for ghcr.io"
sed -i '' "s/secrets.DOCKER_PASSWORD/secrets.GITHUB_TOKEN/g" $wfdir/delivery-docker.yml

echo "Adding workflow permissions to push images to ghcr.io"
LF=$'\n'
sed -i '' "/runs-on: ubuntu-latest/ a\\
permissions:\\
contents: read\\
packages: write\\
attestations: write\\
id-token: write${LF}" $wfdir/delivery-docker.yml
LF=""
fi
Loading