Pipelines v3 Release Candidate #83
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…epos (#69) * chore: start work on dev-378 * chore: change the definition of post-provision new account to be more narrowly tailored to creating the new account, not the PR * chore: move around some values * chore: wire up data flows * chor: update for api changes * chore: more wiring cleanups
* Update pipelines-root.yml * Update pipelines-root.yml * debugging * Update pipelines-root.yml * JOB_NAME * add job_id * fix missing bracket * fix * Run logs url action * Use 2024-07-19_get-job-id actions * Add actions: read permission * permissions * pass var into next step * permissions * fix input * Dynamic step name * typo * test syntax * test syntax * colons are broken * try other quoting * Add get logs url to other jobs --------- Co-authored-by: Zach Goldberg <[email protected]>
* WIP add drift detection * Fix broken if statement * Pass root as working directory to bootstrap * Fix exclude root dir from run-all plan * Fix git change detection * Working dir for later steps * Add parallelism limit 6 * Use 0.26.0-rc4. Remove paralllelism limit * Fix role used for run-all plan * feat: Adding cross runner cache persistence * fix whitespace * Fix missing GH_TOKEN * Use -n for git status check * Pipelines CLI v0.26.1 * Fix missing author for create pr * Pipelines CLI v0.26.2-rc1 * Drift detection 2.0 * Fix command * GH_TOKEN * MACHINE_USER_NAME * Use org repo admin for pr creation * Add org admin token * Allow erroring modules. Always cache providers * Cache auth on disk. Only run first 10. * Pipelines CLI v0.28.0-rc2 * Pipelines CLI v0.28.0-rc3 * Switch to just plan * mkdir planfolder * fix plan folder * fix plan folder for parse plans * Pipelines CLI v0.28.0-rc4 * Pipelines CLI v0.28.0-rc5 * Matrixed drift detection jobs * Inline repo dir * Fix * Fix typo * debug mktemp missing * fix path var * dont override path * pathing * Update pipelines-drift-detection.yml * Update pipelines-root.yml * fix json escape string * fix array slicing * fix json escaping * property quotes * Add first pass pr body content * Fix missing pipelines actions * avoid backtick expansion * avoid backtick expansion * echo pr body * move arg * bash escape newline * try other escape * Use INFRA_ROOT_WRITE_TOKEN * Use INFRA_ROOT_WRITE_TOKEN * Add branch link, switch back to drift-detection branch * Actions @ main * actions @ main * Add error detection * tee to file * EOF * multiline github output * more newlines * fix job url, path * debugging * debugging * debugging * debugging * debugging * debugging * add log url link to top of pr body * remove debug limit of 10 units * Add step summary * Fix json output * try without cred caching * try without color removal * restore color removal, remove echos * Increase line height of drifted items * Remove debug limit * Reset changes to other workflows * Use matching pipelines versions * Use action for determine * Pipelines CLI v0.28.0 * Extract drift detection * Pass args * typo * Pass JOB_NAME and STEP_NAME through * Use merged determine units * Var rename. Remove terraform syntax highlight * Test sort units fix * consolidate jobs action. rename secret * Add branch_name input * Fix actions version * Fix actions version * Use merged action * Update pipelines-drift-detection.yml --------- Co-authored-by: Yousif Akbar <[email protected]> Co-authored-by: Oreoluwa Agunbiade <[email protected]>
ZachGoldberg
changed the title
ZachGoldberg
added
the
breaking-change
* Use actions@2024-08-27_gruntcon_githubapp * Use [email protected] * Use pipelines-credentials for downloading actions * uses format * Update pipelines-root.yml * Fix correctly use outputs * typo * Try concatenate env * Try github var * Pass tokens to execute * Fix typo * debug cloning * chars * interp * less args * remove debugging * add new tokens to preflight * rename token * chore: baseline needs both tokens * chore: use the new tokens everywhere * chore: fix token thing * Fetch infra root write and org admin, pass to preflight * Switch out admin tokens in root * Disable provisioning temporarily * Fix read token ref * Update unlock to use github app tokens * Bump pipelines CLI to v0.29.0-rc2 * Use top level env GH_TOKEN * Use github app in delegated workflow * Bump pipelines CLI to v0.29.0-rc3 * Try rc3 * Try v0.28.2 * Trace log * v0.28.3-rc2 * v0.28.3-rc3 * v0.28.3-rc5 * v0.29.0-rc5 * fix: Set `api_base_url` * fix: Use `gruntwork-io` for `pipelines-credentials` * feat: Adding dynamicity to API URL * Use customer org token * DEV-519 Integerate drift detection with GitHub App (#86) * Integrate app * Add org read token * Add create pr token * Make secrets not required * Dynamic api_base_url * Use moved action --------- Co-authored-by: Zach Goldberg <[email protected]> Co-authored-by: Yousif Akbar <[email protected]>
yhakbar
requested changes
Sep 27, 2024
| steps: | ||
| - name: Fetch Gruntwork Read Token | ||
| id: pipelines-gruntwork-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
|
|
||
| - name: Fetch Org Read Token | ||
| id: pipelines-customer-org-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
| steps: | ||
| - name: Fetch Gruntwork Read Token | ||
| id: pipelines-gruntwork-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
|
|
||
| - name: Fetch Org Read Token | ||
| id: pipelines-customer-org-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
| steps: | ||
| - name: Fetch Gruntwork Read Token | ||
| id: pipelines-gruntwork-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
.github/workflows/pipelines-root.yml
Outdated
|
|
||
| - name: Fetch Infra Root Write Token | ||
| id: pipelines-infra-root-write-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
.github/workflows/pipelines-root.yml
Outdated
| @@ -238,32 +342,59 @@ jobs: | |||
| matrix: | |||
| jobs: ${{ fromJson(needs.pipelines_orchestrate.outputs.pipelines_jobs)[0].NewAccounts }} | |||
| steps: | |||
| - name: Fetch Gruntwork Read Token | |||
| id: pipelines-gruntwork-read-token | |||
| uses: gruntwork-io/pipelines-credentials@main | |||
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
.github/workflows/pipelines-root.yml
Outdated
|
|
||
| - name: Fetch Org Read Token | ||
| id: pipelines-customer-org-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
| JOB_NAME: ${{ env.JOB_NAME }} | ||
| STEP_NAME: "Execute Drift Detection" | ||
|
|
||
| consolidate_jobs: |
There was a problem hiding this comment.
Suggested change
| consolidate_jobs: | |
| consolidate_jobs: | |
| name: Consolidate Jobs |
|
|
||
| - name: Fetch Org Read Token | ||
| id: pipelines-customer-org-read-token | ||
| uses: gruntwork-io/pipelines-credentials@main |
There was a problem hiding this comment.
Suggested change
| uses: gruntwork-io/pipelines-credentials@main | |
| uses: gruntwork-io/pipelines-credentials@v1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🎈 Gruntwork Pipelines v3.0.0 Release Notes
Pipelines version 3 introduces several new features which include a number of breaking changes. The migration guide below should take less than 5 minutes for most teams to complete, but please do make sure to follow it closely. We're providing a checklist here to help teams ensure that steps are not skipped.
actions:readpermission to PIPELINES_READ_TOKENMigration Guide
Update Pipeline Permissions to add
actions: readpermissionsCustomers explicitly list permissions that Gruntwork Pipelines workflows has by default in the pipelines workflow files in
.github/workflowsinside their infrastructure repositories. Pipelines v3 now requiresactions: readpermissions in order to introspect its own runs and provide more helpful logging capabilities.Customers should make the one-line change to add the
actions: readpermission in the following files in every repository that uses Gruntwork pipelines (including root, access control and delegated repos). Note, most repositories will have only 1 or two of these workflow files, in which case update what is present and don't worry about the others..github/workflows/pipelines.yml.github/workflows/pipelines-drift-detection.yml.github/workflows/pipelines-root.yml.github/workflows/pipelines-unlock.ymlOld Permissions
New Permissions
Update to Terragrunt v0.67.0
The latest pipelines works best with the latest version of Terragrunt. Recent versions of Terragrunt have much improved logging, performance and correctness improvements in
run-allscenarios with pipelines.
This is only for customers who only allow GitHub actions to run if they are on an explicit allowlistAllowlist Actions
New actions to add
gruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-consolidate-jobsgruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-determine-unitsgruntwork-io/pipelines-actions/.github/actions/pipelines-drift-detection-determine-driftgruntwork-io/pipelines-actions/.github/actions/pipelines-new-pr-actiongruntwork-io/pipelines-actions/.github/actions/pipelines-get-job-logs-url(Optional) Replace Machine Users with a GitHub App
Install the app
Leave the tokens
New Features
Pipelines Drift Detection (Enterprise Only)
Pipelines as a GitHub App
(Maybe? We might need to hold off for e.g. v3.1 for this)
Improved Account Factory Bootstrap Customization Hooks
Pipelines Log Link Improvements