Bump the core-scripts group in /scripts with 4 updates #24
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release-Workflow | |
| on: | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, edited, ready_for_review, labeled] | |
| jobs: | |
| check-contributor: | |
| name: Check contributor | |
| uses: ./.github/workflows/check-contributor.yml | |
| with: | |
| user: ${{ github.event.pull_request.user.login }} | |
| determine-workflow-conditions: | |
| name: Determine workflow conditions | |
| needs: [check-contributor] | |
| runs-on: ubuntu-22.04 | |
| if: | | |
| github.event.pull_request.draft == false && | |
| needs.check-contributor.outputs.is-repo-owner == 'true' | |
| outputs: | |
| create-pull-requests: ${{ steps.reflect_on_pr_content.outputs.create_pull_requests }} | |
| pr-includes-release-only: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_includes_release_only }} | |
| charts-repo: ${{ steps.check_only_version_in_PR_and_authorized.outputs.charts_repo }} | |
| stage-repo: ${{ steps.check_only_version_in_PR_and_authorized.outputs.stage_repo }} | |
| sender-not-authorized: ${{ steps.check_only_version_in_PR_and_authorized.outputs.sender_not_authorized }} | |
| pr-version: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_version }} | |
| auto-release-pr-version: ${{ steps.check_created_release_pr.outputs.PR_version }} | |
| pr-body: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_release_body }} | |
| is-dev-release-branch: ${{ steps.check_created_release_pr.outputs.dev_release_branch }} | |
| steps: | |
| - name: Checkout Base Branch | |
| uses: actions/checkout@v4 | |
| - name: Checkout Pull Request | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| token: ${{ secrets.BOT_TOKEN }} | |
| fetch-depth: 0 | |
| path: "pr-branch" | |
| - name: Set up Python 3.x Part 1 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Set up Python scripts in pr-branch | |
| working-directory: ./pr-branch | |
| run: | | |
| # set up python scripts | |
| echo "set up python script in $PWD" | |
| python3 -m venv ve1 | |
| cd scripts | |
| ../ve1/bin/pip3 install -r requirements.txt | |
| ../ve1/bin/pip3 install . | |
| cd .. | |
| - name: Check if dev repo is targetted, only release file is in PR and user is authorized | |
| id: check_only_version_in_PR_and_authorized | |
| working-directory: ./pr-branch | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| # GITHUB_OUTPUTs populated by this task: | |
| # - PR_includes_release_only | |
| # - sender_not_authorized | |
| # - charts_repo | |
| # - stage_repo | |
| # - PR_version | |
| # - PR_release_body | |
| run: | | |
| # if dev repo is targetted check if release file only is included in PR and if so that user is authorized. | |
| ./ve1/bin/release-checker \ | |
| --api-url=${{ github.event.pull_request._links.self.href }} \ | |
| --sender=${{ github.event.sender.login }} \ | |
| --pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' | |
| # This task handles the final step of workflow releases: the merging of | |
| # Auto Release PRs. | |
| # | |
| # Once the submitted release_info.json is merged, automation will create a | |
| # pull request to the development repository that syncs the charts/* | |
| # directory from production to the development repo. This is the "Auto Release". | |
| # | |
| # When this happens, this task will emit the necessary GITHUB_OUTPUT | |
| # components that will allow this workflow to automatically merge it. | |
| - name: Check if PR created as part of release process | |
| id: check_created_release_pr | |
| working-directory: ./pr-branch | |
| if: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_includes_release_only != 'true' }} | |
| env: | |
| BOT_NAME: ${{ secrets.BOT_NAME }} | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| # check if PR was created as part of release processing | |
| ./ve1/bin/release-checker \ | |
| --api-url=${{ github.event.pull_request._links.self.href }} \ | |
| --sender='${{ github.event.sender.login }}' \ | |
| --pr_branch='${{ github.event.pull_request.head.ref }}' \ | |
| --pr_body="${{ github.event.pull_request.body }}" \ | |
| --pr_base_repo='${{ github.event.pull_request.base.repo.full_name }}' \ | |
| --pr_head_repo='${{ github.event.pull_request.head.repo.full_name }}' | |
| - name: Reflect on PR Content | |
| id: reflect_on_pr_content | |
| env: | |
| RELEASE_INFO_ONLY: ${{ steps.check_only_version_in_PR_and_authorized.outputs.PR_includes_release_only }} | |
| NOT_AUTHORIZED: ${{ steps.check_only_version_in_PR_and_authorized.outputs.sender_not_authorized }} | |
| DEV_PR_FOR_RELEASE: ${{ steps.check_created_release_pr.outputs.dev_release_branch }} | |
| run: | | |
| # Determine if and how processing should continue' | |
| if [ "${NOT_AUTHORIZED}" == 'true' ]; then | |
| echo "Unauthorized Request" | |
| exit 1 | |
| elif [ "${RELEASE_INFO_ONLY}" == 'true' ]; then | |
| echo "PR contains only release_info file" | |
| echo "create_pull_requests=true" | tee -a $GITHUB_OUTPUT | |
| elif [ "${DEV_PR_FOR_RELEASE}" != 'true' ]; then | |
| echo "No release work to do" | |
| exit | |
| fi | |
| test-e2e: | |
| name: Run All Tests | |
| # check-contributor not necessary because determine-workflow-conditions | |
| # already asserts this. | |
| needs: | |
| - determine-workflow-conditions | |
| if: needs.determine-workflow-conditions.outputs.create-pull-requests == 'true' | |
| uses: ./.github/workflows/behave.yml | |
| with: | |
| tags: full | |
| behave-logging-level: WARNING | |
| pr-body: "Test triggered by release PR ${{ github.event.pull_request.html_url }}." | |
| # checkout parameters passed to ensure we're testing the release content | |
| checkout-fetch-depth: 0 | |
| checkout-repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| checkout-ref: ${{ github.event.pull_request.head.ref }} | |
| secrets: | |
| bot-name: ${{ secrets.BOT_NAME }} | |
| bot-token: ${{ secrets.BOT_TOKEN }} | |
| sync-repos: | |
| name: Sync Repositories | |
| outputs: | |
| release-was-updated: ${{ steps.check_version_updated.outputs.release_updated }} | |
| chart-pr-threw-error: ${{ steps.sync_repositories.outputs.charts_pr_error }} | |
| dev-pr-threw-error: ${{ steps.sync_repositories.outputs.dev_pr_error }} | |
| stage-pr-threw-error: ${{ steps.sync_repositories.outputs.stage_pr_error }} | |
| dev-pr-not-need: ${{ steps.sync_repositories.outputs.dev_pr_not_needed }} | |
| needs: | |
| - determine-workflow-conditions | |
| - test-e2e | |
| if: needs.determine-workflow-conditions.outputs.create-pull-requests == 'true' | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout base repo | |
| uses: actions/checkout@v4 | |
| - name: Checkout charts repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.base.ref }} | |
| repository: ${{ needs.determine-workflow-conditions.outputs.charts-repo }} | |
| token: ${{ secrets.BOT_TOKEN }} | |
| path: "charts-repo" | |
| - name: Checkout development repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.base.ref }} | |
| repository: ${{ github.event.pull_request.base.repo.full_name }} | |
| token: ${{ secrets.BOT_TOKEN }} | |
| path: "dev-repo" | |
| - name: Checkout stage repo | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.pull_request.base.ref }} | |
| repository: ${{ needs.determine-workflow-conditions.outputs.stage-repo }} | |
| token: ${{ secrets.BOT_TOKEN }} | |
| path: "stage-repo" | |
| - name: Set up Python 3.x Part 1 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Set up CI scripts | |
| run: | | |
| # set up python scripts | |
| echo "set up python script in $PWD" | |
| python3 -m venv ve1 | |
| cd scripts | |
| ../ve1/bin/pip3 install -r requirements.txt | |
| ../ve1/bin/pip3 install . | |
| cd .. | |
| - name: Check if version updated | |
| id: check_version_updated | |
| # if: needs.determine-workflow-conditions.outputs.create-pull-requests == 'true' | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| # outputs: | |
| # - release_updated | |
| run: | | |
| # check if version file was changed | |
| ./ve1/bin/release-checker \ | |
| --version=${{ needs.determine-workflow-conditions.outputs.pr-version }} | |
| - name: Sync the repositories | |
| id: sync_repositories | |
| if: steps.check_version_updated.outputs.release_updated == 'true' | |
| env: | |
| BOT_NAME: ${{ secrets.BOT_NAME }} | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| # outputs: | |
| # - charts_pr_error | |
| # - dev_pr_error | |
| # - dev_pr_not_needed | |
| # - stage_pr_error | |
| run: | | |
| ./ve1/bin/releaser \ | |
| --version=${{ needs.determine-workflow-conditions.outputs.pr-version }}\ | |
| --pr_dir="./pr-branch" \ | |
| --development_dir="./dev-repo" \ | |
| --charts_dir="./charts-repo" \ | |
| --stage_dir="./stage-repo" \ | |
| --dev_pr_body="${{ needs.determine-workflow-conditions.outputs.pr-body }}" \ | |
| --target_branch="${{ github.event.pull_request.base.ref }}" \ | |
| --target_repository="${{ github.event.pull_request.base.repo.full_name }}" | |
| determine-merge-and-release-conditions: | |
| name: Determine merge and release conditions | |
| needs: | |
| - determine-workflow-conditions | |
| - sync-repos | |
| outputs: | |
| should-merge: ${{ steps.check_merge_and_release.outputs.merge }} | |
| release-tag: ${{ steps.check_merge_and_release.outputs.release_tag }} | |
| release-body: ${{ steps.check_merge_and_release.outputs.release_body }} | |
| runs-on: ubuntu-22.04 | |
| # The below 'if:' condition is a overly specific to avoid having to specify | |
| # an always() condition which can have some adverse effects. The goal is to | |
| # have this job run regardless of whether sync-repos is skipped. Empty | |
| # inputs that we'll get from sync-repos being skipped are handled in the | |
| # script. | |
| # | |
| # TODO: This is written to handle both release PRs submitted by maintainers, | |
| # and Auto Release PRs executed by CI. It makes sense to separate the | |
| # handling of those two things, but requires a heavier lift, as several jobs | |
| # in this workflow account for both cases. It's worth separating that at a | |
| # later date. | |
| if: | | |
| needs.determine-workflow-conditions.result == 'success' && | |
| ( needs.sync-repos.result == 'success' || needs.sync-repos.result == 'skipped' ) | |
| steps: | |
| - name: Determine if merge and release are needed | |
| id: check_merge_and_release | |
| env: | |
| REPOSITORIES_SYNCED: ${{ needs.sync-repos.outputs.release-was-updated }} | |
| CHART_PR_ERROR: ${{ needs.sync-repos.outputs.chart-pr-threw-error }} | |
| DEV_PR_ERROR: ${{ needs.sync-repos.outputs.dev-pr-threw-error }} | |
| STAGE_PR_ERROR: ${{ needs.sync-repos.outputs.stage-pr-threw-error }} | |
| DEV_PR_NOT_NEEDED: ${{ needs.sync-repos.outputs.dev-pr-not-need }} | |
| DEV_PR_FOR_RELEASE: ${{ needs.determine-workflow-conditions.outputs.is-dev-release-branch }} | |
| run: | | |
| # determine what should be done next | |
| # mitigate unmatched quote error in bash | |
| if [ "${REPOSITORIES_SYNCED}" == 'true' ]; then | |
| if [ "${CHART_PR_ERROR}" == 'true' ]; then | |
| echo "Error creating charts pull request" | |
| exit 1 | |
| elif [ "${DEV_PR_ERROR}" == 'true' ]; then | |
| echo "Error creating development pull request" | |
| exit 1 | |
| elif [ "${STAGE_PR_ERROR}" == 'true' ]; then | |
| echo "Error creating stage pull request" | |
| exit 1 | |
| else | |
| echo "At least one PR was created - merge this one" | |
| echo "merge=true" | tee -a $GITHUB_OUTPUT | |
| fi | |
| if [ "${DEV_PR_NOT_NEEDED}" == 'true' ]; then | |
| echo "No dev PR so create release" | |
| echo "release_body=${{ needs.determine-workflow-conditions.outputs.pr-body }}" | tee -a $GITHUB_OUTPUT | |
| echo "release_tag=${{ needs.determine-workflow-conditions.outputs.pr-version }}" | tee -a $GITHUB_OUTPUT | |
| fi | |
| elif [ "${DEV_PR_FOR_RELEASE}" == 'true' ]; then | |
| echo "Dev PR so create release" | |
| echo "merge=true" | tee -a $GITHUB_OUTPUT | |
| echo "release_body=${{ github.event.pull_request.body }}" | tee -a $GITHUB_OUTPUT | |
| echo "release_tag=${{ needs.determine-workflow-conditions.outputs.auto-release-pr-version }}" |tee -a $GITHUB_OUTPUT | |
| fi | |
| approve-merge-release: | |
| name: Approve, merge, release | |
| needs: [determine-merge-and-release-conditions] | |
| runs-on: ubuntu-22.04 | |
| if: | | |
| needs.determine-merge-and-release-conditions.outputs.should-merge == 'true' || | |
| needs.determine-merge-and-release-conditions.outputs.release-tag != '' | |
| steps: | |
| - name: Checkout base repo | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Set up CI scripts | |
| run: | | |
| # set up python scripts | |
| echo "set up python script in $PWD" | |
| python3 -m venv ve1 | |
| cd scripts | |
| ../ve1/bin/pip3 install -r requirements.txt | |
| ../ve1/bin/pip3 install . | |
| cd .. | |
| - name: Approve PR | |
| id: approve_pr | |
| if: needs.determine-merge-and-release-conditions.outputs.should-merge == 'true' | |
| uses: hmarr/auto-approve-action@v4 | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Merge PR | |
| id: merge_pr | |
| if: needs.determine-merge-and-release-conditions.outputs.should-merge == 'true' | |
| uses: pascalgn/automerge-action@v0.16.2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| MERGE_METHOD: squash | |
| MERGE_LABELS: "" | |
| - name: Check for PR merge | |
| if: needs.determine-merge-and-release-conditions.outputs.should-merge == 'true' | |
| env: | |
| BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| ./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }} | |
| - name: Create the the release | |
| id: create_release | |
| if: needs.determine-merge-and-release-conditions.outputs.release-tag != '' | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| tag_name: ${{ needs.determine-merge-and-release-conditions.outputs.release-tag }} | |
| body: ${{ needs.determine-merge-and-release-conditions.outputs.release-body }} | |