From cafae53a4a7b5900c4201e473e5f8609a5eea149 Mon Sep 17 00:00:00 2001 From: siosonel Date: Sat, 21 Oct 2023 21:55:04 -0500 Subject: [PATCH] clean up the workflows --- .../workflows/CD-create-container-release.yml | 102 ------------------ ...se-images.yml => CD-publish-app-image.yml} | 2 +- .github/workflows/CD-publish-docker-image.yml | 23 ---- ...e-packages.yml => CD-publish-packages.yml} | 24 ++--- .../workflows/CD-publish-updated-image.yml | 57 ---------- .github/workflows/CD-release-chain.yml | 41 +++++++ .github/workflows/CI-unit.yml | 2 +- 7 files changed, 51 insertions(+), 200 deletions(-) delete mode 100644 .github/workflows/CD-create-container-release.yml rename .github/workflows/{CD-release-images.yml => CD-publish-app-image.yml} (98%) delete mode 100644 .github/workflows/CD-publish-docker-image.yml rename .github/workflows/{CD-release-packages.yml => CD-publish-packages.yml} (84%) delete mode 100644 .github/workflows/CD-publish-updated-image.yml create mode 100644 .github/workflows/CD-release-chain.yml diff --git a/.github/workflows/CD-create-container-release.yml b/.github/workflows/CD-create-container-release.yml deleted file mode 100644 index 4e6d5de75b..0000000000 --- a/.github/workflows/CD-create-container-release.yml +++ /dev/null @@ -1,102 +0,0 @@ -name: "Create Container Release" - -on: - workflow_dispatch: - inputs: - build_secret: - type: string - description: Build secret - release_type: - type: choice - description: Release type - options: - - prerelease - - prepatch - - preminor - - premajor - - major - - minor - - patch - pp_version: - type: choice - description: Latest or specific PP version - options: - - latest - - specific - specific_pp_version: - type: string - description: Specific PP version to use for container - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - timeout-minutes: 20 - steps: - - name: Check secret - run: | - if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then - echo "Wrong build secret." - exit 1 - fi - - - name: Check user permission - id: check - uses: scherermichael-oss/action-has-permission@master - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Exit if user doesn't have write permission - run: | - if [ "${{ steps.check.outputs.has-permission }}" = "false" ] - then - echo "Only users with write permission are allowed to execute this workflow manually." - exit 1 - fi - - - uses: actions/checkout@v3 - with: - token: ${{ secrets.PAT }} - - - name: Set up node - uses: actions/setup-node@v3 - with: - cache: 'npm' - node-version: '16' - registry-url: 'https://registry.npmjs.org' - scope: '@sjcrh' - - - run: | - npm ci - git fetch --all --tags - if [ $PP_VERSION == "latest" ]; - then - PP_VERSION=$(git describe --tags `git rev-list --tags --max-count=1`) - else - PP_VERSION=$SPECIFIC_PP_VERSION - fi - git checkout $PP_VERSION - FRONT_VERSION=$(node -p "require('./front/package.json').version") - SERVER_VERSION=$(node -p "require('./server/package.json').version") - git checkout master - cd container - npm pkg set containerDeps.front=$FRONT_VERSION - npm pkg set containerDeps.server=$SERVER_VERSION - npm version ${{ github.event.inputs.release_type }} - cd .. - COMMITMSG="Update container version to $(node -p "require('./package.json').version")" - echo "$COMMITMSG" - echo "committing version change ..." - git config --global user.email "PPTeam@STJUDE.ORG" - git config --global user.name "PPTeam CI" - git add --all - git commit -m "$COMMITMSG" - git push origin master - cd container - npm publish --access public - env: - NODE_AUTH_TOKEN: ${{ secrets.NPMJS_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/CD-release-images.yml b/.github/workflows/CD-publish-app-image.yml similarity index 98% rename from .github/workflows/CD-release-images.yml rename to .github/workflows/CD-publish-app-image.yml index 2d95f31607..c49455e5d5 100644 --- a/.github/workflows/CD-release-images.yml +++ b/.github/workflows/CD-publish-app-image.yml @@ -1,4 +1,4 @@ -name: "Release Images" +name: "Publish Application Image" on: push: diff --git a/.github/workflows/CD-publish-docker-image.yml b/.github/workflows/CD-publish-docker-image.yml deleted file mode 100644 index ab6299af58..0000000000 --- a/.github/workflows/CD-publish-docker-image.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Publish Docker Image - -on: - workflow_dispatch: - inputs: - build_secret: - type: string - description: Build secret - -jobs: - build: - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - steps: - - name: Check secret - run: | - if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then - echo "Wrong build secret." - exit 1 - fi - - - name: Check user permission - run: echo "Publish Docker Image" diff --git a/.github/workflows/CD-release-packages.yml b/.github/workflows/CD-publish-packages.yml similarity index 84% rename from .github/workflows/CD-release-packages.yml rename to .github/workflows/CD-publish-packages.yml index e46115d6eb..2108d6afc0 100644 --- a/.github/workflows/CD-release-packages.yml +++ b/.github/workflows/CD-publish-packages.yml @@ -1,9 +1,9 @@ -name: "Release Packages" +name: "Publish Packages" on: push: branches: - - pkg-release + - publish-package - fake-release paths-ignore: - '**.md' @@ -20,17 +20,10 @@ on: type: string description: Build secret -jobs: - unit_test: - uses: ./.github/workflows/CI-unit.yml - secrets: inherit # pragma: allowlist secret - - integration_test: - uses: ./.github/workflows/CI-integration.yml - secrets: inherit # pragma: allowlist secret + workflow_call: {} - build: - needs: [unit_test, integration_test] +jobs: + publish: runs-on: ubuntu-latest permissions: contents: read @@ -78,7 +71,7 @@ jobs: scope: '@sjcrh' - name: ⚡ Cache - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.npm key: ${{ runner.OS }}-npm-cache-${{ hashFiles('**/package-lock.json') }} @@ -96,7 +89,9 @@ jobs: elif [[ "$NOTES" == *"Fixes:"* ]]; then VERTYPE=patch fi + # initial dot makes the variables of the call script in-scope . ./build/ci-version-update.sh $VERTYPE -w -x=container + echo "UPDATED=$UPDATED" >> $GITHUB_ENV - name: Publish packages run: | @@ -104,9 +99,6 @@ jobs: if [[ "$BRANCH" != "pkg-release" && "$BRANCH" != "master" ]]; then echo "skipping publishing" else - # ./build/bump.js is called from within `ci-version-update.sh`, - # get the same updated workspaces but don't edit the package.json's (no -w option) - UPDATED=$(./build/bump.js prerelease) ./build/ci-npm-publish.sh "$UPDATED" if [[ "$BRANCH" != "master" ]]; then diff --git a/.github/workflows/CD-publish-updated-image.yml b/.github/workflows/CD-publish-updated-image.yml deleted file mode 100644 index 6c795c9280..0000000000 --- a/.github/workflows/CD-publish-updated-image.yml +++ /dev/null @@ -1,57 +0,0 @@ -name: Publish Updated Image - -on: - workflow_dispatch: - inputs: - build_secret: - type: string - description: Build secret - -jobs: - build: - if: github.event.pull_request.draft == false - runs-on: ubuntu-latest - steps: - - name: Check secret - run: | - if [ "${{ github.event.inputs.build_secret }}" != "${{ secrets.BUILD_SECRET }}" ]; then - echo "Wrong build secret." - exit 1 - fi - - - name: Check user permission - id: check - uses: scherermichael-oss/action-has-permission@master - with: - required-permission: write - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - uses: actions/checkout@v3 - - - name: Login to GitHub Container Registry - run: | - echo $CR_PAT | docker login ghcr.io -u stjude --password-stdin - env: - CR_PAT: ${{ secrets.PAT }} - - # Setup .npmrc file to publish to GitHub Packages - - uses: actions/setup-node@v3 - with: - cache: 'npm' - node-version: '16' - registry-url: 'https://registry.npmjs.org' - scope: '@sjcrh' - - # TODO: option to build only the server container? so skip the full container - - run: | - npm ci - cd container - ./build2.sh -r "ghcr.io/stjude/" server - TAG="$(node -p "require('./server/package.json').version")" - HASH=$(git rev-parse --short HEAD) - docker push ghcr.io/stjude/ppserver:$TAG-$HASH - - ./build2.sh -r "ghcr.io/stjude/" full - TAG="$(node -p "require('./full/package.json').version")" - docker push ghcr.io/stjude/ppfull:$TAG-$HASH diff --git a/.github/workflows/CD-release-chain.yml b/.github/workflows/CD-release-chain.yml new file mode 100644 index 0000000000..27886c81e2 --- /dev/null +++ b/.github/workflows/CD-release-chain.yml @@ -0,0 +1,41 @@ +name: "Release Packages, Optional Image" + +on: + push: + branches: + - release-chain + - fake-release + paths-ignore: + - '**.md' + - '**.txt' + - '.**ignore' + - 'docs/**' + # TODO: what if package.dependencies, files were updated? + # this is meant to avoid triggering the on.push event for the version bump + - '**package*.json' + + workflow_dispatch: + inputs: + build_secret: + type: string + description: Build secret + +jobs: + unit_test: + uses: ./.github/workflows/CI-unit.yml + secrets: inherit # pragma: allowlist secret + + integration_test: + uses: ./.github/workflows/CI-integration.yml + secrets: inherit # pragma: allowlist secret + + publish_packages: + needs: [unit_test, integration_test] + uses: ./.github/workflows/CD-publish-packages.yml + secrets: inherit # pragma: allowlist secret + + publish_app_image: + if: ${{ github.ref_name }} == 'publish-app-image' + needs: [ publish_packages ] + uses: ./.github/workflows/CD-publish-app-image.yml + secrets: inherit # pragma: allowlist secret \ No newline at end of file diff --git a/.github/workflows/CI-unit.yml b/.github/workflows/CI-unit.yml index 692d52675d..d4b74bd706 100644 --- a/.github/workflows/CI-unit.yml +++ b/.github/workflows/CI-unit.yml @@ -79,7 +79,7 @@ jobs: - name: ⚡ Cache if: contains(env.WS_TO_TEST, 'rust') - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: | ~/.cargo/registry