From 182fc6de53bc692fba15e3d367710efa86139d55 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 11:05:45 +0000 Subject: [PATCH 01/10] ci: Fix release workflow env vars --- .github/workflows/release.yaml | 28 +++++++++++++++++++--------- scripts/release.sh | 4 +++- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 13fb1e9b0743b..6835576d36ccf 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -39,11 +39,20 @@ permissions: # Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage) id-token: write -env: - CODER_RELEASE: ${{ !github.event.inputs.snapshot }} - concurrency: ${{ github.workflow }}-${{ github.ref }} +env: + # Use string semantics for negating the boolean, otherwise it will always + # be false. See https://github.com/actions/runner/issues/1483. + # Note that any time we need to do expressions, more than outputting the + # actual boolean value, it's safest to use `contains` because it casts the + # input to string, meaning we get the same behavior for true and 'true'. + # Boolean behavior differs between workflow_dispatch and workflow_call. + CODER_RELEASE: ${{ contains(github.event.inputs.snapshot, 'false') }} + CODER_RELEASE_INCREMENT: ${{ github.event.inputs.increment }} + CODER_RELEASE_DRAFT: ${{ github.event.inputs.draft }} + CODER_DRY_RUN: ${{ contains(github.event.inputs.dry_run, 'true') || contains(github.event.inputs.snapshot, 'true') }} + jobs: release: name: Create and publish @@ -87,7 +96,7 @@ jobs: fi version_args=() - if [[ "${{ github.event.inputs.dry_run || github.event.inputs.snapshot }}" == *t* ]]; then + if [[ $CODER_DRY_RUN == *t* ]]; then # Allow dry-run of branches to pass. export CODER_IGNORE_MISSING_COMMIT_METADATA=1 version_args+=(--dry-run) @@ -104,7 +113,7 @@ jobs: ./scripts/release/tag_version.sh \ "${version_args[@]}" \ --ref "$ref" \ - --${{ github.event.inputs.increment }} + --"$CODER_RELEASE_INCREMENT" )" # Generate notes. @@ -232,10 +241,10 @@ jobs: set -euo pipefail publish_args=() - if [[ "${{ github.event.inputs.draft }}" == *t* ]]; then + if [[ $CODER_RELEASE_DRAFT == *t* ]]; then publish_args+=(--draft) fi - if [[ "${{ github.event.inputs.dry_run || github.event.inputs.snapshot }}" == *t* ]]; then + if [[ $CODER_DRY_RUN == *t* ]]; then publish_args+=(--dry-run) fi declare -p publish_args @@ -263,7 +272,8 @@ jobs: uses: "google-github-actions/setup-gcloud@v1" - name: Publish Helm Chart - if: ${{ !github.event.inputs.dry_run && !github.event.inputs.snapshot }} + # Do not publish helm charts for either dry run or snapshots. + if: ${{ contains(github.event.inputs.dry_run, 'false') && contains(github.event.inputs.snapshot, 'false') }} run: | set -euo pipefail version="$(./scripts/version.sh)" @@ -275,7 +285,7 @@ jobs: gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2 - name: Upload artifacts to actions (if dry-run or snapshot) - if: ${{ github.event.inputs.dry_run || github.event.inputs.snapshot }} + if: ${{ contains(github.event.inputs.dry_run, 'true') || contains(github.event.inputs.snapshot, 'true') }} uses: actions/upload-artifact@v2 with: name: release-artifacts diff --git a/scripts/release.sh b/scripts/release.sh index 04455f3ab3bb8..51c64accab53a 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -167,9 +167,11 @@ else fi log -gh workflow run release.yaml \ +# Use maybedryrun to echo the command. +maybedryrun 0 gh workflow run release.yaml \ --ref "$branch" \ -F increment="$increment" \ + -F snapshot=false \ "${args[@]}" log From 23f723c0fde8daee46dfe5515aacc2552892ea49 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 12:25:14 +0000 Subject: [PATCH 02/10] s/github.event.inputs/inputs/g --- .github/workflows/release.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6835576d36ccf..04be43b4b8d00 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -48,10 +48,14 @@ env: # actual boolean value, it's safest to use `contains` because it casts the # input to string, meaning we get the same behavior for true and 'true'. # Boolean behavior differs between workflow_dispatch and workflow_call. - CODER_RELEASE: ${{ contains(github.event.inputs.snapshot, 'false') }} - CODER_RELEASE_INCREMENT: ${{ github.event.inputs.increment }} - CODER_RELEASE_DRAFT: ${{ github.event.inputs.draft }} - CODER_DRY_RUN: ${{ contains(github.event.inputs.dry_run, 'true') || contains(github.event.inputs.snapshot, 'true') }} + # + # Also note that inputs (vs github.event.inputs) are usable across both + # workflow_dispatch and workflow_call. + # https://github.blog/changelog/2022-06-10-github-actions-inputs-unified-across-manual-and-reusable-workflows/ + CODER_RELEASE: ${{ contains(inputs.snapshot, 'false') }} + CODER_RELEASE_INCREMENT: ${{ inputs.increment }} + CODER_RELEASE_DRAFT: ${{ inputs.draft }} + CODER_DRY_RUN: ${{ contains(inputs.dry_run, 'true') || contains(inputs.snapshot, 'true') }} jobs: release: @@ -85,7 +89,7 @@ jobs: ref=HEAD old_version="$(git describe --abbrev=0 "$ref^1")" - if [[ "${{ github.event.inputs.ignore_missing_commit_metadata }}" == *t* ]]; then + if [[ "${{ inputs.ignore_missing_commit_metadata }}" == *t* ]]; then export CODER_IGNORE_MISSING_COMMIT_METADATA=1 fi @@ -273,7 +277,7 @@ jobs: - name: Publish Helm Chart # Do not publish helm charts for either dry run or snapshots. - if: ${{ contains(github.event.inputs.dry_run, 'false') && contains(github.event.inputs.snapshot, 'false') }} + if: ${{ contains(inputs.dry_run, 'false') && contains(inputs.snapshot, 'false') }} run: | set -euo pipefail version="$(./scripts/version.sh)" @@ -285,7 +289,7 @@ jobs: gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2 - name: Upload artifacts to actions (if dry-run or snapshot) - if: ${{ contains(github.event.inputs.dry_run, 'true') || contains(github.event.inputs.snapshot, 'true') }} + if: ${{ contains(inputs.dry_run, 'true') || contains(inputs.snapshot, 'true') }} uses: actions/upload-artifact@v2 with: name: release-artifacts From 8c3297d354d63fe4c32c3ee17774da564360f13f Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 12:28:10 +0000 Subject: [PATCH 03/10] one more test --- .github/workflows/release.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 04be43b4b8d00..7ba92fff22203 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -77,6 +77,14 @@ jobs: - name: Fetch git tags run: git fetch --tags --force + - name: Test + run: | + echo ${{ inputs.dry_run && '--dry-run' || 'no dry' }} + echo ${{ !inputs.dry_run && 'no dry' || '--dry-run'}} + echo ${{ (!inputs.dry_run && !inputs.snapshot) && 'release' || 'no release'}} + echo ${{ (inputs.dry_run || inputs.snapshot) && 'no release' || 'release'}} + exit 1 + # Configure git user name/email for creating annotated version tag. - name: Setup git config run: | From 1e63d4cc48892782cff512848e49ffe1142dfb61 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 12:31:12 +0000 Subject: [PATCH 04/10] one more test2 --- .github/workflows/release.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 7ba92fff22203..695070e36f104 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -52,10 +52,10 @@ env: # Also note that inputs (vs github.event.inputs) are usable across both # workflow_dispatch and workflow_call. # https://github.blog/changelog/2022-06-10-github-actions-inputs-unified-across-manual-and-reusable-workflows/ - CODER_RELEASE: ${{ contains(inputs.snapshot, 'false') }} + CODER_RELEASE: ${{ !inputs.snapshot }} CODER_RELEASE_INCREMENT: ${{ inputs.increment }} CODER_RELEASE_DRAFT: ${{ inputs.draft }} - CODER_DRY_RUN: ${{ contains(inputs.dry_run, 'true') || contains(inputs.snapshot, 'true') }} + CODER_DRY_RUN: ${{ inputs.dry_run || inputs.snapshot }} jobs: release: @@ -80,6 +80,8 @@ jobs: - name: Test run: | echo ${{ inputs.dry_run && '--dry-run' || 'no dry' }} + echo ${{ inputs.dry_run && '--dry-run' || '' }} + echo ${{ inputs.dry_run && '--dry-run' }} echo ${{ !inputs.dry_run && 'no dry' || '--dry-run'}} echo ${{ (!inputs.dry_run && !inputs.snapshot) && 'release' || 'no release'}} echo ${{ (inputs.dry_run || inputs.snapshot) && 'no release' || 'release'}} From fbae8b383e2698a88120d7ca9562738261b92464 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 12:41:33 +0000 Subject: [PATCH 05/10] Simplify --- .github/workflows/release.yaml | 26 ++++---------------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 695070e36f104..5784c14b3d98e 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,15 +42,8 @@ permissions: concurrency: ${{ github.workflow }}-${{ github.ref }} env: - # Use string semantics for negating the boolean, otherwise it will always - # be false. See https://github.com/actions/runner/issues/1483. - # Note that any time we need to do expressions, more than outputting the - # actual boolean value, it's safest to use `contains` because it casts the - # input to string, meaning we get the same behavior for true and 'true'. - # Boolean behavior differs between workflow_dispatch and workflow_call. - # - # Also note that inputs (vs github.event.inputs) are usable across both - # workflow_dispatch and workflow_call. + # Use `inputs` (vs `github.event.inputs`) to ensure that booleans are actual + # booleans, not strings. # https://github.blog/changelog/2022-06-10-github-actions-inputs-unified-across-manual-and-reusable-workflows/ CODER_RELEASE: ${{ !inputs.snapshot }} CODER_RELEASE_INCREMENT: ${{ inputs.increment }} @@ -77,16 +70,6 @@ jobs: - name: Fetch git tags run: git fetch --tags --force - - name: Test - run: | - echo ${{ inputs.dry_run && '--dry-run' || 'no dry' }} - echo ${{ inputs.dry_run && '--dry-run' || '' }} - echo ${{ inputs.dry_run && '--dry-run' }} - echo ${{ !inputs.dry_run && 'no dry' || '--dry-run'}} - echo ${{ (!inputs.dry_run && !inputs.snapshot) && 'release' || 'no release'}} - echo ${{ (inputs.dry_run || inputs.snapshot) && 'no release' || 'release'}} - exit 1 - # Configure git user name/email for creating annotated version tag. - name: Setup git config run: | @@ -286,8 +269,7 @@ jobs: uses: "google-github-actions/setup-gcloud@v1" - name: Publish Helm Chart - # Do not publish helm charts for either dry run or snapshots. - if: ${{ contains(inputs.dry_run, 'false') && contains(inputs.snapshot, 'false') }} + if: ${{ !inputs.dry_run && !inputs.snapshot }} run: | set -euo pipefail version="$(./scripts/version.sh)" @@ -299,7 +281,7 @@ jobs: gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2 - name: Upload artifacts to actions (if dry-run or snapshot) - if: ${{ contains(inputs.dry_run, 'true') || contains(inputs.snapshot, 'true') }} + if: ${{ inputs.dry_run || inputs.snapshot }} uses: actions/upload-artifact@v2 with: name: release-artifacts From dc91244bf3576645f2c00a8e242ba24ddaee3c7b Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 12:48:07 +0000 Subject: [PATCH 06/10] CODER_RELEASE: true requires tag, not possible in dry-run --- .github/workflows/release.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 5784c14b3d98e..eb17ad5f81098 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -45,7 +45,7 @@ env: # Use `inputs` (vs `github.event.inputs`) to ensure that booleans are actual # booleans, not strings. # https://github.blog/changelog/2022-06-10-github-actions-inputs-unified-across-manual-and-reusable-workflows/ - CODER_RELEASE: ${{ !inputs.snapshot }} + CODER_RELEASE: ${{ !inputs.dry_run && !inputs.snapshot }} CODER_RELEASE_INCREMENT: ${{ inputs.increment }} CODER_RELEASE_DRAFT: ${{ inputs.draft }} CODER_DRY_RUN: ${{ inputs.dry_run || inputs.snapshot }} From f5e8d598d969bfb2643b1a34aab35c2410a72ddd Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 13:22:45 +0000 Subject: [PATCH 07/10] Remove snapshot --- .github/workflows/release.yaml | 14 +++++--------- scripts/release.sh | 1 - 2 files changed, 5 insertions(+), 10 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index eb17ad5f81098..96b63f4d98f9b 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -22,10 +22,6 @@ on: type: boolean required: true default: false - snapshot: - description: Force a dev version to be generated, implies dry_run. - type: boolean - default: false ignore_missing_commit_metadata: description: WARNING! This option disables the requirement that all commits have a PR. Not needed for dry_run. type: boolean @@ -45,10 +41,10 @@ env: # Use `inputs` (vs `github.event.inputs`) to ensure that booleans are actual # booleans, not strings. # https://github.blog/changelog/2022-06-10-github-actions-inputs-unified-across-manual-and-reusable-workflows/ - CODER_RELEASE: ${{ !inputs.dry_run && !inputs.snapshot }} + CODER_RELEASE: ${{ !inputs.dry_run }} CODER_RELEASE_INCREMENT: ${{ inputs.increment }} CODER_RELEASE_DRAFT: ${{ inputs.draft }} - CODER_DRY_RUN: ${{ inputs.dry_run || inputs.snapshot }} + CODER_DRY_RUN: ${{ inputs.dry_run }} jobs: release: @@ -269,7 +265,7 @@ jobs: uses: "google-github-actions/setup-gcloud@v1" - name: Publish Helm Chart - if: ${{ !inputs.dry_run && !inputs.snapshot }} + if: ${{ !inputs.dry_run }} run: | set -euo pipefail version="$(./scripts/version.sh)" @@ -280,8 +276,8 @@ jobs: gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/coder_helm_${version}.tgz gs://helm.coder.com/v2 gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2 - - name: Upload artifacts to actions (if dry-run or snapshot) - if: ${{ inputs.dry_run || inputs.snapshot }} + - name: Upload artifacts to actions (if dry-run) + if: ${{ inputs.dry_run }} uses: actions/upload-artifact@v2 with: name: release-artifacts diff --git a/scripts/release.sh b/scripts/release.sh index 51c64accab53a..b6297e01e1d62 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -171,7 +171,6 @@ log maybedryrun 0 gh workflow run release.yaml \ --ref "$branch" \ -F increment="$increment" \ - -F snapshot=false \ "${args[@]}" log From 77ca70aa743eb205405f9fad2eed5bc88f8ace13 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 13:35:46 +0000 Subject: [PATCH 08/10] Add run name and prevent non-dry-run releases on non-main branches --- .github/workflows/release.yaml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 96b63f4d98f9b..96c15dfa87ad4 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,5 +1,6 @@ # GitHub release workflow. name: Release +run-name: Release ${{ github.ref_name }}${{ inputs.dry_run && ' (DRYRUN)' || '' }} on: workflow_dispatch: inputs: @@ -54,6 +55,10 @@ jobs: # Necessary for Docker manifest DOCKER_CLI_EXPERIMENTAL: "enabled" steps: + - name: Prevent non-dry-run releases on branches + if: ${{ github.action_ref != 'main' && !inputs.dry_run }} + run: exit 1 + - uses: actions/checkout@v3 with: fetch-depth: 0 From faf9c322a42ba574f0de457ba00d4243dd7f8ec2 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 15:12:19 +0000 Subject: [PATCH 09/10] Output action_ref to see if it is correct --- .github/workflows/release.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 96c15dfa87ad4..6c32c345bfc59 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -57,7 +57,9 @@ jobs: steps: - name: Prevent non-dry-run releases on branches if: ${{ github.action_ref != 'main' && !inputs.dry_run }} - run: exit 1 + run: | + echo "Release not allowed on ${{ github.action_ref }}, use dry-run." + exit 1 - uses: actions/checkout@v3 with: From 3d44c27adcdf883634490f3fa89b77315c55a4b0 Mon Sep 17 00:00:00 2001 From: Mathias Fredriksson Date: Thu, 12 Jan 2023 15:19:13 +0000 Subject: [PATCH 10/10] Add logrun to lib.sh --- .github/workflows/release.yaml | 6 +++--- scripts/lib.sh | 11 +++++++++-- scripts/release.sh | 3 +-- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 6c32c345bfc59..e597d92f3b2a2 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -55,10 +55,10 @@ jobs: # Necessary for Docker manifest DOCKER_CLI_EXPERIMENTAL: "enabled" steps: - - name: Prevent non-dry-run releases on branches - if: ${{ github.action_ref != 'main' && !inputs.dry_run }} + - name: Check release on main (or dry-run) + if: ${{ github.ref_name != 'main' && !inputs.dry_run }} run: | - echo "Release not allowed on ${{ github.action_ref }}, use dry-run." + echo "Release not allowed on ${{ github.ref_name }}, use dry-run." exit 1 - uses: actions/checkout@v3 diff --git a/scripts/lib.sh b/scripts/lib.sh index 04f55bff4e452..61d67b3cdab8c 100644 --- a/scripts/lib.sh +++ b/scripts/lib.sh @@ -131,11 +131,18 @@ maybedryrun() { log "DRYRUN: $*" else shift - log $ "$@" - "$@" + logrun "$@" fi } +# logrun prints the given program and flags, and then executes it. +# +# Usage: logrun gh release create ... +logrun() { + log $ "$*" + "$@" +} + # log prints a message to stderr. log() { echo "$*" 1>&2 diff --git a/scripts/release.sh b/scripts/release.sh index b6297e01e1d62..dd8c27b2ed49f 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -167,8 +167,7 @@ else fi log -# Use maybedryrun to echo the command. -maybedryrun 0 gh workflow run release.yaml \ +logrun gh workflow run release.yaml \ --ref "$branch" \ -F increment="$increment" \ "${args[@]}"