-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Move release logic to a new workflow #382
Move release logic to a new workflow #382
Conversation
194cd3e
to
bcfda51
Compare
7310a69
to
95c6b69
Compare
@komish This is ready for another round of review. I've tested in this repo: https://github.com/mgoerens/my-chart-verifier. It's an almost one to one copy of the chart-verifier repo, in particular in terms of GitHub workflows. If there is any scenario you want to check we can do so there. I've tested in particular:
A few notes:
|
Here's an example release PR in The associated Workflow runs:
And the release it created: https://github.com/mgoerens/my-chart-verifier/releases/tag/1.13.0 |
5b4de7f
to
123fd36
Compare
@komish The pipeline is failing though I only pushed some comments since last Friday. There are errors such as:
I suspect this is because I pushed two times to the branch within a few seconds, triggering two pipeline to run in parallel and conflict (trying to deploy similar charts in similar namespaces for instance). Could that be ? Does our workflow allow parallel run ? |
@mgoerens it likely is a conflict if the same chart happened to be installed at the same time. Multiple pipeline runs can occur because things happen in namespaced contexts. I'll take a look at the underlying cluster here shortly. |
.github/workflows/build.yaml
Outdated
files: ${{ steps.check_version_in_PR.outputs.PR_tarball_name }} | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
github_token: ${{ secrets.PAT_MGOERENS }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
github_token: ${{ secrets.PAT_MGOERENS }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I'm a bit too verbose sometimes, I mentioned in a previous comment:
In the build.yaml workflow, the steps which tags the main branch is run using a Personal Access Token (currently set to PTA_MGOERENS, but that secret doesn't exist in this repo). This is because by default, a GitHub Workflow cannot trigger another GitHub Workflow. See https://docs.github.com/en/actions/using-workflows/triggering-a-workflow#triggering-a-workflow-from-a-workflow
So I believe we must use a Personal Access Token. We'll have to create the secret in this repo before merging (before we cut a new release). I'm happy to rename it to something else than PAT_MGOERENS
though.
.github/workflows/release.yaml
Outdated
# Tagging should be automatic after each merged PR release (see the build.yaml workflow). It can | ||
# also be manually triggered if needed. Note that the tests are not run by this workflow, so | ||
# release manually at your own risk. If manually tagging the main branch, the tag must match the | ||
# version set in ./pkg/chartverifier/version/version_info.json. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just so I'm clear, when you say this can be manually triggered, you mean by creating a tag?
In other words, there's no workflow_dispatch
event that this triggers on, and that's normally what I see when a workflow can be manually triggered.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's correct, it can be triggered manually by manually creating a tag on the main branch with the right format (x.x.x without leading v).
It's not intended to be triggered manually via the GitHub GUI / CLI.
I'll reword the comment.
Looking good overall. I want to do a few more tests and look over your repo before I mark this approved. |
27389ad
to
dc0e25a
Compare
- remove steps creating the GitHub release from "build.yaml" workflow. - add steps to tag the main branch with the version tag after an automerge in the "build.yaml" workflow. - create a new GitHub workdlow for handling GitHub release on new tags on main. - modify the python script handling the release to be able to get the release body directly. fixes redhat-certification#380
dc0e25a
to
ccd5940
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Looks great. We'll need to review the next "release" that includes changes to chart-verifier itself to make sure everything looks as we expect. |
automerge in the "build.yaml" workflow.
main.
release body directly.
fixes #380