Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a custom Action for Committing Checksum/Version Updates #79

Open
CodeGat opened this issue Oct 20, 2024 · 0 comments
Open

Create a custom Action for Committing Checksum/Version Updates #79

CodeGat opened this issue Oct 20, 2024 · 0 comments
Assignees
@CodeGat
Labels
priority:medium type:enhancement type:infra Dealing with CI/CD Pipelines

Comments

@CodeGat
Copy link
Collaborator

CodeGat commented Oct 20, 2024

In line with the de-duplication of code efforts that we are going in model-config-tests (see #76, #77), it seems like a lot of the common commit and push logic that happens within the repository could possibly be packaged up into it's own action.

See

model-config-tests/.github/workflows/config-comment-test.yml

Lines 301 to 375 in aab242d

commit:
name: Commit Result
if: needs.prepare-command.outputs.commit-requested == 'true' && needs.check-repro.outputs.result == 'fail'
needs:
- prepare-command
- repro
- check-repro
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
ARTIFACT_LOCAL_LOCATION: /opt/artifact
GH_TOKEN: ${{ github.token }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GH_COMMIT_CHECK_TOKEN }}
- name: Checkout Associated PR ${{ github.event.issue.number }}
# Since the trigger for this workflow was on.issue_comment, we need
# to do a bit more wrangling to checkout the pull request
run: gh pr checkout ${{ github.event.issue.number }}
- name: Download Newly Created Checksum
uses: actions/download-artifact@v4
with:
name: ${{ needs.repro.outputs.artifact-name }}
path: ${{ env.ARTIFACT_LOCAL_LOCATION }}
- name: Update files
# This will copy checksums from the artifact to the repo
run: |
mkdir testing
cp --recursive --verbose ${{ env.ARTIFACT_LOCAL_LOCATION }}/*/* testing
- name: Import Commit-Signing Key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }}
git_config_global: true
git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }}
git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }}
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Commit and Push Updates
run: |
git add .
git commit -m "Updated checksums as part of ${{ env.RUN_URL }}"
git push
failure-notifier:
name: Notify PR of Workflow Failure
# We need the last jobs as 'needs' on the failure notifier so
# any of the dependent jobs that fail are covered here
needs:
- permission-check
- prepare-command
- check-repro
- commit
if: failure()
runs-on: ubuntu-latest
steps:
- uses: access-nri/actions/.github/actions/pr-comment@main
with:
comment: >-
:x: `!test` Command Failed :x:
${{ needs.prepare-command.result == 'failure' && format('The command given could not be parsed correctly. Usage: {0}', env.USAGE) || '' }}
${{ needs.permission-check.result == 'failure' && 'You do not have at least write permissions on this repository.' || '' }}
${{ needs.commit.result == 'failure' && 'There was a problem committing the result of the reproducibility run.' || '' }}
See ${{ env.RUN_URL }}
as well as

model-config-tests/.github/workflows/config-pr-2-confirm.yml

Lines 97 to 161 in aab242d

commit:
name: Commit metadata.yaml and Checksum
needs:
- bump-version
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
ARTIFACT_LOCAL_LOCATION: /opt/artifact
GH_TOKEN: ${{ github.token }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GH_COMMIT_CHECK_TOKEN }}
- name: Checkout Associated PR ${{ github.event.issue.number }}
# Since the trigger for this workflow was on.issue_comment, we need
# to do a bit more wrangling to checkout the pull request and get the branch name
id: pr
run: |
gh pr checkout ${{ github.event.issue.number }}
echo "branch=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
- name: Download Newly Created Checksum
# Given the PR branch, we need to find the latest associated workflow run
# on this branch we can then download the associated artifact
run: |
associated_run=$(gh run list \
--json='databaseId,headBranch,updatedAt,status' \
--jq='[.[] | select(.headBranch == "${{ steps.pr.outputs.branch }}" and .status == "completed")] | sort_by(.updatedAt) | last | .databaseId')
gh run download $associated_run -D ${{ env.ARTIFACT_LOCAL_LOCATION }}
- name: Update metadata.yaml and Checksum files
run: |
yq -i '.version = "${{ needs.bump-version.outputs.after }}"' metadata.yaml
cp --recursive --verbose ${{ env.ARTIFACT_LOCAL_LOCATION }}/*/* testing
- name: Import Commit-Signing Key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }}
git_config_global: true
git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }}
git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }}
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Commit and Push Updates
run: |
if [[ "${{ needs.bump-version.outputs.type }}" == "minor" ]]; then
git commit -am "Bumped version to ${{ needs.bump-version.outputs.after }} as part of ${{ env.RUN_URL }}"
elif [[ "${{ needs.bump-version.outputs.type }}" == "major" ]]; then
git commit -am "Updated checksums and bumped version to ${{ needs.bump-version.outputs.after }} as part of ${{ env.RUN_URL }}"
fi
git push
- name: Comment Success
uses: access-nri/actions/.github/actions/pr-comment@main
with:
comment: |
:white_check_mark: Version bumped from `${{ needs.bump-version.outputs.before }}` to `${{ needs.bump-version.outputs.after }}` :white_check_mark:
and

model-config-tests/.github/workflows/config-pr-2-confirm.yml

Lines 97 to 162 in aab242d

commit:
name: Commit metadata.yaml and Checksum
needs:
- bump-version
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
env:
ARTIFACT_LOCAL_LOCATION: /opt/artifact
GH_TOKEN: ${{ github.token }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GH_COMMIT_CHECK_TOKEN }}
- name: Checkout Associated PR ${{ github.event.issue.number }}
# Since the trigger for this workflow was on.issue_comment, we need
# to do a bit more wrangling to checkout the pull request and get the branch name
id: pr
run: |
gh pr checkout ${{ github.event.issue.number }}
echo "branch=$(git rev-parse --abbrev-ref HEAD)" >> $GITHUB_OUTPUT
- name: Download Newly Created Checksum
# Given the PR branch, we need to find the latest associated workflow run
# on this branch we can then download the associated artifact
run: |
associated_run=$(gh run list \
--json='databaseId,headBranch,updatedAt,status' \
--jq='[.[] | select(.headBranch == "${{ steps.pr.outputs.branch }}" and .status == "completed")] | sort_by(.updatedAt) | last | .databaseId')
gh run download $associated_run -D ${{ env.ARTIFACT_LOCAL_LOCATION }}
- name: Update metadata.yaml and Checksum files
run: |
yq -i '.version = "${{ needs.bump-version.outputs.after }}"' metadata.yaml
cp --recursive --verbose ${{ env.ARTIFACT_LOCAL_LOCATION }}/*/* testing
- name: Import Commit-Signing Key
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.GH_ACTIONS_BOT_GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GH_ACTIONS_BOT_GPG_PASSPHRASE }}
git_config_global: true
git_committer_name: ${{ vars.GH_ACTIONS_BOT_GIT_USER_NAME }}
git_committer_email: ${{ vars.GH_ACTIONS_BOT_GIT_USER_EMAIL }}
git_user_signingkey: true
git_commit_gpgsign: true
git_tag_gpgsign: true
- name: Commit and Push Updates
run: |
if [[ "${{ needs.bump-version.outputs.type }}" == "minor" ]]; then
git commit -am "Bumped version to ${{ needs.bump-version.outputs.after }} as part of ${{ env.RUN_URL }}"
elif [[ "${{ needs.bump-version.outputs.type }}" == "major" ]]; then
git commit -am "Updated checksums and bumped version to ${{ needs.bump-version.outputs.after }} as part of ${{ env.RUN_URL }}"
fi
git push
- name: Comment Success
uses: access-nri/actions/.github/actions/pr-comment@main
with:
comment: |
:white_check_mark: Version bumped from `${{ needs.bump-version.outputs.before }}` to `${{ needs.bump-version.outputs.after }}` :white_check_mark:
.

These sections may have differences depending on the actions given, which can be sorted out via inputs to the action.
@CodeGat CodeGat self-assigned this Oct 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@CodeGat CodeGat

Labels
priority:medium type:enhancement type:infra Dealing with CI/CD Pipelines
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@CodeGat