From 04dcff1018e6739bba17f33d9af22488e9111039 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Tue, 2 Apr 2024 11:08:00 -0400 Subject: [PATCH 1/9] chore: remove checklist from PR template as it isn't being used (#102) --- pull_request_template.md | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/pull_request_template.md b/pull_request_template.md index 68665bd..ddb2b84 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -12,18 +12,3 @@ Please provide an explanation of the PR, including the appropriate context, background, goal, and rationale. If there is an issue with this information, please provide a tl;dr and link the issue. --> - -## Checklist - - - -- [ ] New and updated code has appropriate documentation -- [ ] New and updated code has new and/or updated testing -- [ ] Required CI checks are passing -- [ ] Visual proof for any user facing features like CLI or documentation updates -- [ ] Linked issues closed with keywords From 1693d5f48d3025a06f28ec5cb5c29fc09e9c6cc9 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Wed, 3 Apr 2024 11:22:15 -0400 Subject: [PATCH 2/9] feat(ci): add workflow for creating an EPIC issue for release tracking (#101) --- .../reusable_create_release_tracking_epic.yml | 117 ++++++++++++++++++ 1 file changed, 117 insertions(+) create mode 100644 .github/workflows/reusable_create_release_tracking_epic.yml diff --git a/.github/workflows/reusable_create_release_tracking_epic.yml b/.github/workflows/reusable_create_release_tracking_epic.yml new file mode 100644 index 0000000..5f926ed --- /dev/null +++ b/.github/workflows/reusable_create_release_tracking_epic.yml @@ -0,0 +1,117 @@ +name: Create Release Tracking Epic + +# This workflow creates an EPIC for tracking the deployment of a release to +# testnets and mainnet. +# +# Example workflow to be used in repository calling this workflow. +# This would trigger on published releases +# +# name: Release Trigger Issue +# on: +# release: +# types: [published] +# jobs: +# trigger_issue: +# uses: celestiaorg/.github/.github/workflows/reusable_release_tracking_epic.yml +# secrets: inherit +# with: +# release-repo: ${{ github.repository }} +# release-version: ${{ github.event.release.tag_name }} +# + +on: + # workflow_dispatch is used to manually test this workflow + workflow_dispatch: + inputs: + release-repo: + required: true + type: string + description: "Which repo is triggering this release?" + release-version: + required: true + type: string + description: "What is the version triggering this release?" + # workflow_call is the primary trigger to be used for this workflow + workflow_call: + inputs: + release-repo: + required: true + type: string + description: "Which repo is triggering this release?" + release-version: + required: true + type: string + description: "What is the version triggering this release?" + +jobs: + create_issue: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - uses: dacbd/create-issue-action@v2 + id: create-issue + with: + # This is an org level secret. No changes needed at the repo level + token: ${{ secrets.CREATE_RELEASE_EPIC }} + owner: celestiaorg + # Create the tracking issue in devops as devops is responsible for + # updating the networks + repo: devops + # Currently unable to assign a group to an issue, so assigning MSevey + # as issue owner. + assignees: MSevey + # Title and body and free to change based on the team's needs + title: ${{inputs.release-repo}} ${{inputs.release-version}} Release Deployment Tracking + body: | + ## Release Checklist + ```[tasklist] + ### Pre-work + - [ ] Confirm release tested on Robusta + - [ ] App and Node compatibility confirmed + - [ ] Release notes reviewed + ``` + ```[tasklist] + ### Stage 1: Arabica + - [ ] Prepare deployment to Arabica + - [ ] Prepare announcement for Arabica + - [ ] Deploy to Arabica + - [ ] Verify release on Arabica + - [ ] Docs updated for release for Arabica + - [ ] Announce release for Arabica + ``` + ```[tasklist] + ### Stage 2: Mocha + - [ ] Prepare deployment to Mocha + - [ ] Prepare announcement for Mocha + - [ ] Deploy to Mocha + - [ ] Verify release on Mocha + - [ ] Docs updated for release for Mocha + - [ ] Announce release for Mocha + ``` + ```[tasklist] + ### Stage 3: Mainnet + - [ ] Prepare deployment for mainnet + - [ ] Prepare announcement for mainnet + - [ ] Deploy to mainnet + - [ ] Verify release on mainnet + - [ ] Docs updated for release for mainnet + - [ ] Announce release for mainnet + ``` + cc @celestiaorg/devops + + - uses: ravsamhq/notify-slack-action@v2 + with: + status: ${{ job.status }} + token: ${{ secrets.GITHUB_TOKEN }} + notification_title: "New Release for Deployment" + message_format: "{emoji} *{workflow}* {status_message} in <{repo_url}|{repo}>" + footer: "Linked Issue <${{steps.create-issue.outputs.html_url}}>" + # This is the devops user group + mention_groups: "S04MZ965WQZ" + env: + # This is an org level secret and is currently set to #releases in + # slack + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} From 0a30ee902d62ccabff7aeef2ea444c362847c029 Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Wed, 3 Apr 2024 15:36:41 -0400 Subject: [PATCH 3/9] fix(ci): update logic check in reuseable pipeline (#99) --- .../workflows/reusable_dockerfile_pipeline.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index 1a1da6c..ef8823a 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -113,8 +113,9 @@ jobs: # yamllint enable # Log the key inputs to the logic as well a the outputs. We check that - # build_for_pr and build_for_merge are never equal as that would indicate a - # bug. + # build_for_pr and build_for_merge are never equal when they are true as that + # would indicate a bug. If they are both false, this is ok, as this is the + # case on pushing commits to a PR. logic-check: needs: prepare-env runs-on: "ubuntu-latest" @@ -129,7 +130,9 @@ jobs: echo "build_for_merge: ${{ needs.prepare-env.outputs.build_for_merge }}" echo "not_a_fork: ${{ needs.prepare-env.outputs.not_a_fork }}" - name: Check logic - if: ${{ needs.prepare-env.outputs.build_for_pr == needs.prepare-env.outputs.build_for_merge }} + if: | + (needs.prepare-env.outputs.build_for_pr == needs.prepare-env.outputs.build_for_merge) + && needs.prepare-env.outputs.build_for_pr != 'false' run: | echo "Failing step due to build_for_pr == build_for_merge" exit 1 @@ -176,6 +179,13 @@ jobs: runs-on: "ubuntu-latest" # wait until the jobs are finished. needs: ["prepare-env", "logic-check", "docker-security"] + # We only want to run this step if one of the build flags is true. We don't + # run if both logic flags are false. This is the case for push events on PR + # commits. The logic-check job protects us from the case of both build flags + # being equal to true. + if: | + needs.prepare-env.outputs.build_for_pr == 'true' + || needs.prepare-env.outputs.build_for_merge == 'true' permissions: contents: write packages: write From dd6bbb45ebe049f93f1739b506f4211ca9292a7d Mon Sep 17 00:00:00 2001 From: Matthew Sevey Date: Thu, 4 Apr 2024 09:26:35 -0400 Subject: [PATCH 4/9] fix(ci): fix slack webhook secret name (#103) --- .github/workflows/reusable_create_release_tracking_epic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable_create_release_tracking_epic.yml b/.github/workflows/reusable_create_release_tracking_epic.yml index 5f926ed..81c2dcc 100644 --- a/.github/workflows/reusable_create_release_tracking_epic.yml +++ b/.github/workflows/reusable_create_release_tracking_epic.yml @@ -114,4 +114,4 @@ jobs: env: # This is an org level secret and is currently set to #releases in # slack - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_RELEASE_CHANNEL }} From 0e0fd06cf46dc3aa8b7ddf3ee423a48dae474fa8 Mon Sep 17 00:00:00 2001 From: Matthew Sevey <15232757+MSevey@users.noreply.github.com> Date: Mon, 29 Apr 2024 13:22:14 -0400 Subject: [PATCH 5/9] chore(ci): update issue tasks for release epic (#104) --- .../workflows/reusable_create_release_tracking_epic.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/reusable_create_release_tracking_epic.yml b/.github/workflows/reusable_create_release_tracking_epic.yml index 81c2dcc..2b98b76 100644 --- a/.github/workflows/reusable_create_release_tracking_epic.yml +++ b/.github/workflows/reusable_create_release_tracking_epic.yml @@ -70,7 +70,7 @@ jobs: ```[tasklist] ### Pre-work - [ ] Confirm release tested on Robusta - - [ ] App and Node compatibility confirmed + - [ ] App and Node compatibility confirmed (protocol team) - [ ] Release notes reviewed ``` ```[tasklist] @@ -78,7 +78,7 @@ jobs: - [ ] Prepare deployment to Arabica - [ ] Prepare announcement for Arabica - [ ] Deploy to Arabica - - [ ] Verify release on Arabica + - [ ] Verify release on Arabica (protocol team) - [ ] Docs updated for release for Arabica - [ ] Announce release for Arabica ``` @@ -87,7 +87,7 @@ jobs: - [ ] Prepare deployment to Mocha - [ ] Prepare announcement for Mocha - [ ] Deploy to Mocha - - [ ] Verify release on Mocha + - [ ] Verify release on Mocha (protocol team) - [ ] Docs updated for release for Mocha - [ ] Announce release for Mocha ``` @@ -96,7 +96,7 @@ jobs: - [ ] Prepare deployment for mainnet - [ ] Prepare announcement for mainnet - [ ] Deploy to mainnet - - [ ] Verify release on mainnet + - [ ] Verify release on mainnet (protocol team) - [ ] Docs updated for release for mainnet - [ ] Announce release for mainnet ``` From 1b388dc322b4edfd301ed13b83cf619b7cdc17e3 Mon Sep 17 00:00:00 2001 From: Matthew Sevey <15232757+MSevey@users.noreply.github.com> Date: Thu, 30 May 2024 10:18:30 -0400 Subject: [PATCH 6/9] feat(ci): allow custom docker context (#107) --- .github/workflows/reusable_dockerfile_pipeline.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index ef8823a..ece8dfd 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -12,6 +12,11 @@ on: required: false type: string description: "You can specify a different package name." + dockerContext: + required: false + type: string + description: "The docker context" + default: "." env: GITHUB_REG: ghcr.io @@ -150,7 +155,7 @@ jobs: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }} with: - context: . + context: ${{ inputs.dockerContext}} push: false platforms: linux/amd64 # we're building the container before the scan, use the short sha tag @@ -276,7 +281,7 @@ jobs: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }} with: - context: . + context: ${{ inputs.dockerContext}} platforms: linux/arm64,linux/amd64 provenance: false push: true @@ -296,7 +301,7 @@ jobs: OUTPUT_SHORT_SHA: ${{ needs.prepare-env.outputs.output_short_sha }} OUTPUT_IMAGE_NAME: ${{ needs.prepare-env.outputs.output_image_name }} with: - context: . + context: ${{ inputs.dockerContext}} platforms: linux/amd64 provenance: false # Only push if the head and base repos match, meaning it is not a fork From 799a966c40f8e50823604937df7a8de7022cedea Mon Sep 17 00:00:00 2001 From: ramin Date: Mon, 17 Jun 2024 20:36:50 +0100 Subject: [PATCH 7/9] update: bump setup-python to v5 (#109) --- .github/actions/yamllint/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/yamllint/action.yml b/.github/actions/yamllint/action.yml index 0051d56..8ebe309 100644 --- a/.github/actions/yamllint/action.yml +++ b/.github/actions/yamllint/action.yml @@ -6,7 +6,7 @@ description: "Lint yaml code with yamllint" runs: using: "composite" steps: - - uses: actions/setup-python@v4 + - uses: actions/setup-python@v5 with: python-version: "3.x" architecture: x64 From b1ea69590ae1d008ccb054e3a87451a3e8d8be31 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 13:26:54 -0400 Subject: [PATCH 8/9] chore(deps): bump actions/add-to-project from 0.5.0 to 1.0.2 (#111) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/reusable_housekeeping.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable_housekeeping.yml b/.github/workflows/reusable_housekeeping.yml index 58d6117..80d6e52 100644 --- a/.github/workflows/reusable_housekeeping.yml +++ b/.github/workflows/reusable_housekeeping.yml @@ -82,7 +82,7 @@ jobs: if: ${{ inputs.run-projects }} runs-on: ubuntu-latest steps: - - uses: actions/add-to-project@v0.5.0 + - uses: actions/add-to-project@v1.0.2 with: project-url: ${{ inputs.project-url }} # There is a celestiaorg level ADD_TO_PROJECT_PAT secret that belongs From 0dffae84ae0f6f0d4d30bff440b1b4b07b9ff612 Mon Sep 17 00:00:00 2001 From: Matthew Sevey <15232757+MSevey@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:43:51 -0400 Subject: [PATCH 9/9] feat: add checkout ref to support building from a specific ref manually (#112) --- .github/workflows/reusable_dockerfile_pipeline.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/reusable_dockerfile_pipeline.yml b/.github/workflows/reusable_dockerfile_pipeline.yml index ece8dfd..8f7fcee 100644 --- a/.github/workflows/reusable_dockerfile_pipeline.yml +++ b/.github/workflows/reusable_dockerfile_pipeline.yml @@ -17,6 +17,10 @@ on: type: string description: "The docker context" default: "." + checkout_ref: + required: false + type: string + description: "Specific checkout reference" env: GITHUB_REG: ghcr.io @@ -36,6 +40,8 @@ jobs: steps: - name: Checkout uses: "actions/checkout@v4" + with: + ref: ${{ inputs.checkout_ref }} - name: Add vars to ENV id: setting_env @@ -148,6 +154,8 @@ jobs: steps: - name: Checkout uses: "actions/checkout@v4" + with: + ref: ${{ inputs.checkout_ref }} - name: Build uses: docker/build-push-action@v5 @@ -227,6 +235,8 @@ jobs: - name: Checkout if: ${{ steps.run_check.outputs.run == 'true'}} uses: "actions/checkout@v4" + with: + ref: ${{ inputs.checkout_ref }} - name: Login to ${{ matrix.registry.name }} if: ${{ steps.run_check.outputs.run == 'true'}}