From 0ac23fa4ecefd61b27c6aaffbfb0dca6c0fcee5d Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 18:15:54 -0700 Subject: [PATCH 01/19] Use public path for callable workflows --- .github/workflows/preDeploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index d4f0561c8450..86fdd54c85ee 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -6,10 +6,10 @@ on: jobs: lint: - uses: ./.github/workflows/lint.yml + uses: Expensify/App/.github/workflows/lint.yml@main test: - uses: ./.github/workflows/test.yml + uses: Expensify/App/.github/workflows/test.yml@main confirmPassingBuild: runs-on: ubuntu-latest From 0f29be25152e24abc9f06a16232343d086cfada1 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 18:17:04 -0700 Subject: [PATCH 02/19] Make createNewVersion into callable workflow --- .github/workflows/createNewVersion.yml | 38 ++++++++++++++++++-------- 1 file changed, 26 insertions(+), 12 deletions(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 1b6970a43d95..a554092ae977 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -1,37 +1,51 @@ -name: Create a new version +name: Create new version on: - workflow_dispatch: + workflow_call: inputs: SEMVER_LEVEL: description: One of {BUILD, PATCH, MINOR, MAJOR} required: true + type: string + + outputs: + NEW_VERSION: + description: The new version string + value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }} + + secrets: + GPG_PASSPHRASE: + required: true + OS_BOTIFY_TOKEN: + required: true jobs: createNewVersion: if: github.actor == 'OSBotify' runs-on: macos-11 + outputs: + NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }} + steps: - # Version: 2.3.4 - - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f + # Version: 3.0.2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b with: fetch-depth: 0 - token: ${{ secrets.OS_BOTIFY_TOKEN }} + + - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main + with: + GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65 with: poll-interval-seconds: 10 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main - with: - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} + GITHUB_TOKEN: ${{ github.token }} - name: Create new branch run: | - BRANCH_NAME="version-${{ github.event.inputs.SEMVER_LEVEL }}-$(uuidgen)" + BRANCH_NAME="version-${{ inputs.SEMVER_LEVEL }}-$(uuidgen)" git checkout -b "$BRANCH_NAME" git push --set-upstream origin "$BRANCH_NAME" echo "VERSION_BRANCH=$BRANCH_NAME" >> "$GITHUB_ENV" @@ -41,7 +55,7 @@ jobs: uses: Expensify/App/.github/actions/javascript/bumpVersion@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - SEMVER_LEVEL: ${{ github.event.inputs.SEMVER_LEVEL }} + SEMVER_LEVEL: ${{ inputs.SEMVER_LEVEL }} - name: Commit new version run: | From fbdec873741adc518fff14a00bc23c0f469396c9 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 18:17:31 -0700 Subject: [PATCH 03/19] Integrate callable workflow into cherryPick.yml --- .github/workflows/cherryPick.yml | 35 ++++++-------------------------- 1 file changed, 6 insertions(+), 29 deletions(-) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index f8a52143e985..6297969fe77d 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -26,36 +26,13 @@ jobs: createNewVersion: needs: validateActor - runs-on: ubuntu-latest if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) && github.event.inputs.NEW_VERSION == '' }} - outputs: - NEW_VERSION: ${{ steps.getNewVersion.outputs.NEW_VERSION }} - steps: - - name: Checkout main branch - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: main - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65 - with: - poll-interval-seconds: 10 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create new BUILD version - uses: Expensify/App/.github/actions/javascript/triggerWorkflowAndWait@main - with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: createNewVersion.yml - INPUTS: '{ "SEMVER_LEVEL": "BUILD" }' - - - name: Pull main to get the new version - id: getNewVersion - run: | - git pull origin main - echo "New version is $(npm run print-version --silent)" - echo "::set-output name=NEW_VERSION::$(npm run print-version --silent)" + uses: Expensify/App/.github/workflows/createNewVersion.yml@main + with: + SEMVER_LEVEL: BUILD + secrets: + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} cherryPick: needs: [validateActor, createNewVersion] From 04ba6300b0cca0e1d757d02865c7bb1c8ad6c7ba Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 22:03:29 -0700 Subject: [PATCH 04/19] Refactor preDeploy to use callable createNewVersion workflow --- .github/workflows/preDeploy.yml | 119 +++++++++++++++----------------- 1 file changed, 57 insertions(+), 62 deletions(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 86fdd54c85ee..515abc1e540c 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -30,42 +30,42 @@ jobs: needs: confirmPassingBuild outputs: mergedPullRequest: ${{ steps.getMergedPullRequest.outputs.number }} - isStagingDeployLocked: ${{ steps.isStagingDeployLocked.outputs.IS_LOCKED }} - isAutomatedPullRequest: ${{ steps.isAutomatedPullRequest.outputs.IS_VERSION_BUMP_PR }} - shouldCherryPick: ${{ steps.shouldCherryPick.outputs.SHOULD_CHERRY_PICK }} + isAutomatedPullRequest: ${{ steps.isAutomatedPullRequest.outputs.IS_AUTOMATED_PR }} + shouldDeploy: ${{ steps.shouldDeploy.outputs.SHOULD_DEPLOY }} + shouldCherryPick: ${{ steps.isStagingDeployLocked.outputs.IS_LOCKED && steps.hasCherryPickLabel.outputs.HAS_CP_LABEL }} steps: - # Version: 2.3.4 - - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - fetch-depth: 0 - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - name: Get merged pull request id: getMergedPullRequest uses: actions-ecosystem/action-get-merged-pull-request@59afe90821bb0b555082ce8ff1e36b03f91553d9 with: - github_token: ${{ secrets.GITHUB_TOKEN }} + github_token: ${{ github.token }} - name: Check if StagingDeployCash is locked id: isStagingDeployLocked uses: Expensify/App/.github/actions/javascript/isStagingDeployLocked@main with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} - - name: Check if merged pull request was an automatic version bump PR + - name: Check if merged pull request was an automated PR id: isAutomatedPullRequest - run: echo "::set-output name=IS_VERSION_BUMP_PR::${{ github.actor == 'OSBotify' }}" + run: echo "::set-output name=IS_AUTOMATED_PR::${{ github.actor == 'OSBotify' }}" - name: Check if merged pull request has `CP Staging` label - id: shouldCherryPick - run: echo "::set-output name=SHOULD_CHERRY_PICK::${{ contains(steps.getMergedPullRequest.outputs.labels, 'CP Staging') }}" + id: hasCherryPickLabel + run: echo "::set-output name=HAS_CP_LABEL::${{ contains(steps.getMergedPullRequest.outputs.labels, 'CP Staging') }}" + + - name: Check if merged pull request should trigger a deploy + id: shouldDeploy + run: echo "::set-output name=SHOULD_DEPLOY::${{ fromJSON(needs.hasCherryPickLabel.outputs.HAS_CP_LABEL) || ( + !fromJSON(steps.isStagingDeployLocked.outputs.IS_LOCKED) && + !fromJSON(steps.isAutomatedPullRequest.outputs.IS_AUTOMATED_PR) + ) }}" skipDeploy: runs-on: ubuntu-latest needs: chooseDeployActions - if: ${{ fromJSON(needs.chooseDeployActions.outputs.isStagingDeployLocked) && !fromJSON(needs.chooseDeployActions.outputs.isAutomatedPullRequest) && !fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} - + if: ${{ !fromJSON(needs.chooseDeployActions.outputs.shouldDeploy) && !fromJSON(needs.chooseDeployActions.outputs.isAutomatedPullRequest) }} steps: - name: Comment on deferred PR uses: actions-ecosystem/action-create-comment@cd098164398331c50e7dfdd0dfa1b564a1873fac @@ -75,96 +75,91 @@ jobs: body: | :hand: This PR was not deployed to staging yet because QA is ongoing. It will be automatically deployed to staging after the next production release. - version: - runs-on: ubuntu-latest + createNewVersion: needs: chooseDeployActions - if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) || (!fromJSON(needs.chooseDeployActions.outputs.isStagingDeployLocked) && !fromJSON(needs.chooseDeployActions.outputs.isAutomatedPullRequest)) }} - + if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldDeploy) }} + uses: Expensify/App/.github/workflows/createNewVersion.yml@main + with: + SEMVER_LEVEL: BUILD + secrets: + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + + updateStaging: + needs: [chooseDeployActions, createNewVersion] + runs-on: ubuntu-latest steps: - # Version: 2.3.4 - - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - fetch-depth: 0 - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65 with: poll-interval-seconds: 10 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create new BUILD version - uses: Expensify/App/.github/actions/javascript/triggerWorkflowAndWait@main - with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: createNewVersion.yml - INPUTS: '{ "SEMVER_LEVEL": "BUILD" }' - - - name: Pull main to get the new version - run: | - git pull origin main - echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" - echo "New version is ${{ env.NEW_VERSION }}" + GITHUB_TOKEN: ${{ github.token }} - name: Update staging branch from main - if: ${{ !fromJSON(needs.chooseDeployActions.outputs.isStagingDeployLocked) }} + if: ${{ !fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} uses: Expensify/App/.github/actions/composite/updateProtectedBranch@main with: TARGET_BRANCH: staging OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - - name: Determine if this pull request will be cherry-picked - run: echo "DO_CHERRY_PICK=${{ fromJSON(needs.chooseDeployActions.outputs.isStagingDeployLocked) && fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }}" >> "$GITHUB_ENV" - - - name: Cherry pick to staging - if: ${{ fromJSON(env.DO_CHERRY_PICK) }} + - name: Cherry-pick PR to staging + if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} uses: Expensify/App/.github/actions/javascript/triggerWorkflowAndWait@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} WORKFLOW: cherryPick.yml - INPUTS: '{ "PULL_REQUEST_NUMBER": "${{ needs.chooseDeployActions.outputs.mergedPullRequest }}", "NEW_VERSION": "${{ env.NEW_VERSION }}" }' + INPUTS: '{ "PULL_REQUEST_NUMBER": "${{ needs.chooseDeployActions.outputs.mergedPullRequest }}", "NEW_VERSION": "${{ needs.createNewVersion.outputs.NEW_VERSION }}" }' + + # Version: 3.0.2 + - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b + with: + fetch-depth: 0 + ref: staging # Create a local git tag on staging so that GitUtils.getPullRequestsMergedBetween can use `git log` to generate a # list of pull requests that were merged between this version tag and another. # NOTE: This tag is only used locally and shouldn't be pushed to the remote. # If it was pushed, that would trigger the staging deploy which is handled in a separate workflow (deploy.yml) - name: Tag staging - run: | - git checkout staging - git pull origin staging - git tag ${{ env.NEW_VERSION }} + run: git tag ${{ needs.createNewVersion.outputs.NEW_VERSION }} - name: Update StagingDeployCash uses: Expensify/App/.github/actions/javascript/createOrUpdateStagingDeploy@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - NPM_VERSION: ${{ env.NEW_VERSION }} + NPM_VERSION: ${{ needs.createNewVersion.outputs.NEW_VERSION }} + + - name: Find open StagingDeployCash + id: getStagingDeployCash + run: echo "::set-output name=STAGING_DEPLOY_CASH::$(gh issue list --label StagingDeployCash --json number --jq '.[0].number')" + env: + GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Comment in StagingDeployCash to alert Applause that a new pull request has been cherry-picked - if: ${{ fromJSON(env.DO_CHERRY_PICK) }} + if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} run: | PR_URL="https://github.com/Expensify/App/pull/${{ needs.chooseDeployActions.outputs.mergedPullRequest }}" - printf -v COMMENT ":clap: Heads up @Expensify/applauseleads :clap:\nA [new pull request](%s) has been :cherries: cherry-picked :cherries: to staging, and will be deployed to staging in version \`%s\` :rocket:" "$PR_URL" ${{ env.NEW_VERSION }} + printf -v COMMENT ":clap: Heads up @Expensify/applauseleads :clap:\nA [new pull request](%s) has been :cherries: cherry-picked :cherries: to staging, and will be deployed to staging in version \`%s\` :rocket:" "$PR_URL" ${{ needs.createNewVersion.outputs.NEW_VERSION }} gh issue comment \ - "$(gh issue list --label StagingDeployCash --json number --jq '.[0].number')" \ - --body "$COMMENT" + ${{ steps.getStagingDeployCash.outputs.STAGING_DEPLOY_CASH }} \ + --body "$COMMENT" env: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - name: Wait for staging deploys to finish - if: ${{ fromJSON(env.DO_CHERRY_PICK) }} + if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} uses: Expensify/App/.github/actions/javascript/awaitStagingDeploys@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - TAG: ${{ env.NEW_VERSION }} + TAG: ${{ needs.createNewVersion.outputs.NEW_VERSION }} - name: Comment in StagingDeployCash to alert Applause that cherry-picked pull request has been deployed. - if: ${{ fromJSON(env.DO_CHERRY_PICK) }} + if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} run: | gh issue comment \ - "$(gh issue list --label StagingDeployCash --json number --jq '.[0].number')" \ - --body ":tada: All set?…You bet! @Expensify/applauseleads https://github.com/Expensify/App/releases/tag/${{ env.NEW_VERSION }} has been deployed to staging :tada:" + ${{ steps.getStagingDeployCash.outputs.STAGING_DEPLOY_CASH }} \ + --body ":tada: All set?…You bet! @Expensify/applauseleads https://github.com/Expensify/App/releases/tag/${{ needs.createNewVersion.outputs.NEW_VERSION }} has been deployed to staging :tada:" env: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} From a516412238ec76fbba841aef4c615074d5e9a940 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 22:04:26 -0700 Subject: [PATCH 05/19] Get rid of unnecessary fetch-depth: 0 --- .github/workflows/preDeploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 515abc1e540c..2b39be638d52 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -114,7 +114,6 @@ jobs: # Version: 3.0.2 - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b with: - fetch-depth: 0 ref: staging # Create a local git tag on staging so that GitUtils.getPullRequestsMergedBetween can use `git log` to generate a From 27c22db0b95697082e50893791be460c10e278aa Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 22:36:56 -0700 Subject: [PATCH 06/19] Use callable workflow in finishReleaseCycle --- .github/workflows/finishReleaseCycle.yml | 52 +++++++----------------- 1 file changed, 15 insertions(+), 37 deletions(-) diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 8c3d6b6f1dc5..4227940a7871 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -56,11 +56,6 @@ jobs: needs: validate if: ${{ fromJSON(needs.validate.outputs.isValid) }} steps: - - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: main - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - name: Update production branch uses: Expensify/App/.github/actions/composite/updateProtectedBranch@main with: @@ -68,32 +63,22 @@ jobs: OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle. - createNewStagingDeployCash: - runs-on: macos-11 + # Create a new patch version to prep for next release cycle + createNewPatchVersion: needs: validate if: ${{ fromJSON(needs.validate.outputs.isValid) }} - steps: - # Version: 2.3.4 - - uses: actions/checkout@5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f - with: - ref: main - fetch-depth: 0 - token: ${{ secrets.OS_BOTIFY_TOKEN }} - - - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65 - with: - poll-interval-seconds: 10 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Create new PATCH version - uses: Expensify/App/.github/actions/javascript/triggerWorkflowAndWait@main - with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - WORKFLOW: createNewVersion.yml - INPUTS: '{ "SEMVER_LEVEL": "PATCH" }' + uses: Expensify/App/.github/workflows/createNewVersion.yml@main + with: + SEMVER_LEVEL: PATCH + secrets: + OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle. + createNewStagingDeployCash: + runs-on: ubuntu-latest + needs: createNewPatchVersion + steps: - name: Update staging branch to trigger staging deploy uses: Expensify/App/.github/actions/composite/updateProtectedBranch@main with: @@ -101,25 +86,18 @@ jobs: OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - - name: Pull staging to get the new version - run: | - git checkout staging - git pull origin staging - echo "NEW_VERSION=$(npm run print-version --silent)" >> "$GITHUB_ENV" - echo "New version is ${{ env.NEW_VERSION }}" - # Create a local git tag so that GitUtils.getPullRequestsMergedBetween can use `git log` to generate a # list of pull requests that were merged between this version tag and another. # NOTE: This tag is only used locally and shouldn't be pushed to the remote. # If it was pushed, that would trigger the staging deploy which is handled in a separate workflow (deploy.yml) - name: Tag version - run: git tag ${{ env.NEW_VERSION }} + run: git tag ${{ needs.createNewPatchVersion.outputs.NEW_VERSION }} - name: Create new StagingDeployCash uses: Expensify/App/.github/actions/javascript/createOrUpdateStagingDeploy@main with: GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - NPM_VERSION: ${{ env.NEW_VERSION }} + NPM_VERSION: ${{ needs.createNewPatchVersion.outputs.NEW_VERSION }} - if: ${{ failure() }} uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main From 29b5a12579a2d397260c9d66ea541628357633dd Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 22:54:37 -0700 Subject: [PATCH 07/19] Move turnstyle to later step --- .github/workflows/createNewVersion.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index a554092ae977..129a4043e3db 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -37,12 +37,6 @@ jobs: with: GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65 - with: - poll-interval-seconds: 10 - env: - GITHUB_TOKEN: ${{ github.token }} - - name: Create new branch run: | BRANCH_NAME="version-${{ inputs.SEMVER_LEVEL }}-$(uuidgen)" @@ -50,6 +44,12 @@ jobs: git push --set-upstream origin "$BRANCH_NAME" echo "VERSION_BRANCH=$BRANCH_NAME" >> "$GITHUB_ENV" + - uses: softprops/turnstyle@8db075d65b19bf94e6e8687b504db69938dc3c65 + with: + poll-interval-seconds: 10 + env: + GITHUB_TOKEN: ${{ github.token }} + - name: Generate version id: bumpVersion uses: Expensify/App/.github/actions/javascript/bumpVersion@main From 9781fbdd2dc35bc53ea51f3eba5499f6b113fed4 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 22:54:44 -0700 Subject: [PATCH 08/19] Use macos-latest --- .github/workflows/createNewVersion.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 129a4043e3db..8b07c730dec8 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -22,7 +22,7 @@ on: jobs: createNewVersion: if: github.actor == 'OSBotify' - runs-on: macos-11 + runs-on: macos-latest outputs: NEW_VERSION: ${{ steps.bumpVersion.outputs.NEW_VERSION }} From 0ca6494ee6ee9e9874befaefbfd07041ce91d67a Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 23:10:55 -0700 Subject: [PATCH 09/19] Get rid of unnecessary OSBotify usages --- .github/workflows/preDeploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 2b39be638d52..ebee02573fe4 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -150,7 +150,7 @@ jobs: if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldCherryPick) }} uses: Expensify/App/.github/actions/javascript/awaitStagingDeploys@main with: - GITHUB_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + GITHUB_TOKEN: ${{ github.token }} TAG: ${{ needs.createNewVersion.outputs.NEW_VERSION }} - name: Comment in StagingDeployCash to alert Applause that cherry-picked pull request has been deployed. From 8f9def97dd81375a5399f26ee63b1b3432d1524a Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 23:19:08 -0700 Subject: [PATCH 10/19] Get rid of multiline conditional --- .github/workflows/preDeploy.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index ebee02573fe4..aeda67f98d55 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -57,10 +57,7 @@ jobs: - name: Check if merged pull request should trigger a deploy id: shouldDeploy - run: echo "::set-output name=SHOULD_DEPLOY::${{ fromJSON(needs.hasCherryPickLabel.outputs.HAS_CP_LABEL) || ( - !fromJSON(steps.isStagingDeployLocked.outputs.IS_LOCKED) && - !fromJSON(steps.isAutomatedPullRequest.outputs.IS_AUTOMATED_PR) - ) }}" + run: echo "::set-output name=SHOULD_DEPLOY::${{ fromJSON(needs.hasCherryPickLabel.outputs.HAS_CP_LABEL) || (!fromJSON(steps.isStagingDeployLocked.outputs.IS_LOCKED) && !fromJSON(steps.isAutomatedPullRequest.outputs.IS_AUTOMATED_PR)) }}" skipDeploy: runs-on: ubuntu-latest From 73047ae87bb0e30a4ff8326450e48495e0cf0328 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 23:34:37 -0700 Subject: [PATCH 11/19] Rename LARGE_SECRET_PASSPHRASE to GPG_PASSPHRASE --- .github/workflows/createNewVersion.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 8b07c730dec8..dd78be671701 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -35,7 +35,7 @@ jobs: - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - name: Create new branch run: | @@ -74,7 +74,7 @@ jobs: TARGET_BRANCH: main SOURCE_BRANCH: ${{ env.VERSION_BRANCH }} OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - if: ${{ failure() }} uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main From 92038621d6c6641c160c6f4103768dddc5339873 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 23:36:49 -0700 Subject: [PATCH 12/19] Add slack webhook secret --- .github/workflows/cherryPick.yml | 1 + .github/workflows/createNewVersion.yml | 2 ++ .github/workflows/finishReleaseCycle.yml | 1 + .github/workflows/preDeploy.yml | 1 + 4 files changed, 5 insertions(+) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 6297969fe77d..366da01b26bc 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -33,6 +33,7 @@ jobs: secrets: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} cherryPick: needs: [validateActor, createNewVersion] diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index dd78be671701..fc8be65f9b10 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -18,6 +18,8 @@ on: required: true OS_BOTIFY_TOKEN: required: true + SLACK_WEBHOOK: + required: true jobs: createNewVersion: diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 4227940a7871..2d94c5efaa6b 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -73,6 +73,7 @@ jobs: secrets: OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle. createNewStagingDeployCash: diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index aeda67f98d55..870ae3bc965a 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -81,6 +81,7 @@ jobs: secrets: GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} updateStaging: needs: [chooseDeployActions, createNewVersion] From 09754be6fd933dd45725edbfa74ed163975cf088 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 23:40:09 -0700 Subject: [PATCH 13/19] Fix typo in preDeploy workflow --- .github/workflows/preDeploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 870ae3bc965a..0cbf7e7b0990 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -57,7 +57,7 @@ jobs: - name: Check if merged pull request should trigger a deploy id: shouldDeploy - run: echo "::set-output name=SHOULD_DEPLOY::${{ fromJSON(needs.hasCherryPickLabel.outputs.HAS_CP_LABEL) || (!fromJSON(steps.isStagingDeployLocked.outputs.IS_LOCKED) && !fromJSON(steps.isAutomatedPullRequest.outputs.IS_AUTOMATED_PR)) }}" + run: echo "::set-output name=SHOULD_DEPLOY::${{ fromJSON(steps.hasCherryPickLabel.outputs.HAS_CP_LABEL) || (!fromJSON(steps.isStagingDeployLocked.outputs.IS_LOCKED) && !fromJSON(steps.isAutomatedPullRequest.outputs.IS_AUTOMATED_PR)) }}" skipDeploy: runs-on: ubuntu-latest From ad932b1c7949eace11165c834433a1338398da47 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Fri, 8 Jul 2022 23:42:54 -0700 Subject: [PATCH 14/19] Use secrets: inherit --- .github/workflows/cherryPick.yml | 4 ---- .github/workflows/createNewVersion.yml | 12 +++--------- .github/workflows/finishReleaseCycle.yml | 4 ---- .github/workflows/preDeploy.yml | 4 ---- 4 files changed, 3 insertions(+), 21 deletions(-) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 366da01b26bc..eecb7d996ce8 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -30,10 +30,6 @@ jobs: uses: Expensify/App/.github/workflows/createNewVersion.yml@main with: SEMVER_LEVEL: BUILD - secrets: - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} cherryPick: needs: [validateActor, createNewVersion] diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index fc8be65f9b10..99dc3d31643e 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -13,13 +13,7 @@ on: description: The new version string value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }} - secrets: - GPG_PASSPHRASE: - required: true - OS_BOTIFY_TOKEN: - required: true - SLACK_WEBHOOK: - required: true + secrets: inherit jobs: createNewVersion: @@ -37,7 +31,7 @@ jobs: - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - name: Create new branch run: | @@ -76,7 +70,7 @@ jobs: TARGET_BRANCH: main SOURCE_BRANCH: ${{ env.VERSION_BRANCH }} OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - if: ${{ failure() }} uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index 2d94c5efaa6b..aee9c52485db 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -70,10 +70,6 @@ jobs: uses: Expensify/App/.github/workflows/createNewVersion.yml@main with: SEMVER_LEVEL: PATCH - secrets: - OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} # Deploy deferred PRs to staging and create a new StagingDeployCash for the next release cycle. createNewStagingDeployCash: diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 0cbf7e7b0990..80456533e250 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -78,10 +78,6 @@ jobs: uses: Expensify/App/.github/workflows/createNewVersion.yml@main with: SEMVER_LEVEL: BUILD - secrets: - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} updateStaging: needs: [chooseDeployActions, createNewVersion] From 5851c0ce8fbea722da7529a5a1501b55a18aa58c Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Sat, 9 Jul 2022 00:02:44 -0700 Subject: [PATCH 15/19] Use latest actionlint --- .github/scripts/validateActionsAndWorkflows.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/scripts/validateActionsAndWorkflows.sh b/.github/scripts/validateActionsAndWorkflows.sh index a91b76c9fdd3..35aeeca07524 100755 --- a/.github/scripts/validateActionsAndWorkflows.sh +++ b/.github/scripts/validateActionsAndWorkflows.sh @@ -34,7 +34,7 @@ if [[ -z "${CI}" && -z "$(command -v shellcheck)" ]]; then brew install shellcheck fi -curl -s curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash | bash -s -- 1.6.13 +bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) ./actionlint -color || EXIT_CODE=1 # Cleanup after ourselves and delete actionlint From aeba602ec8db14a82ca8d7a23e69d27478088e50 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Sat, 9 Jul 2022 00:16:12 -0700 Subject: [PATCH 16/19] Use secrets: inherit correctly --- .github/workflows/cherryPick.yml | 1 + .github/workflows/createNewVersion.yml | 12 +++++++++--- .github/workflows/finishReleaseCycle.yml | 1 + .github/workflows/preDeploy.yml | 1 + 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index eecb7d996ce8..69e7a708e3a6 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -28,6 +28,7 @@ jobs: needs: validateActor if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) && github.event.inputs.NEW_VERSION == '' }} uses: Expensify/App/.github/workflows/createNewVersion.yml@main + secrets: inherit with: SEMVER_LEVEL: BUILD diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 99dc3d31643e..fc8be65f9b10 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -13,7 +13,13 @@ on: description: The new version string value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }} - secrets: inherit + secrets: + GPG_PASSPHRASE: + required: true + OS_BOTIFY_TOKEN: + required: true + SLACK_WEBHOOK: + required: true jobs: createNewVersion: @@ -31,7 +37,7 @@ jobs: - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - name: Create new branch run: | @@ -70,7 +76,7 @@ jobs: TARGET_BRANCH: main SOURCE_BRANCH: ${{ env.VERSION_BRANCH }} OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} - if: ${{ failure() }} uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml index aee9c52485db..88187d7a4355 100644 --- a/.github/workflows/finishReleaseCycle.yml +++ b/.github/workflows/finishReleaseCycle.yml @@ -68,6 +68,7 @@ jobs: needs: validate if: ${{ fromJSON(needs.validate.outputs.isValid) }} uses: Expensify/App/.github/workflows/createNewVersion.yml@main + secrets: inherit with: SEMVER_LEVEL: PATCH diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index 80456533e250..d95fab1a0335 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -76,6 +76,7 @@ jobs: needs: chooseDeployActions if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldDeploy) }} uses: Expensify/App/.github/workflows/createNewVersion.yml@main + secrets: inherit with: SEMVER_LEVEL: BUILD From f676ef19b4e76db62f9130de1f4a283fe9462dff Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Sat, 9 Jul 2022 00:24:23 -0700 Subject: [PATCH 17/19] Add secret descriptions to make actionlint happy --- .github/workflows/createNewVersion.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index fc8be65f9b10..05eba7aa07b9 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -15,10 +15,13 @@ on: secrets: GPG_PASSPHRASE: + description: Passphrase used to decrypt GPG key required: true OS_BOTIFY_TOKEN: + description: Token for the OSBotify user required: true SLACK_WEBHOOK: + description: Webhook used to comment in slack required: true jobs: From c5fc72f3a163580ac6e32273eea8b48b7176a2b1 Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Mon, 11 Jul 2022 12:42:06 -0700 Subject: [PATCH 18/19] Rename GPG_PASSPHRASE secret back to LARGE_SECRET_PASSPHRASE for secrets: inherit to work --- .github/workflows/createNewVersion.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 05eba7aa07b9..5d0f34365f42 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -14,7 +14,7 @@ on: value: ${{ jobs.createNewVersion.outputs.NEW_VERSION }} secrets: - GPG_PASSPHRASE: + LARGE_SECRET_PASSPHRASE: description: Passphrase used to decrypt GPG key required: true OS_BOTIFY_TOKEN: @@ -40,7 +40,7 @@ jobs: - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main with: - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - name: Create new branch run: | @@ -79,7 +79,7 @@ jobs: TARGET_BRANCH: main SOURCE_BRANCH: ${{ env.VERSION_BRANCH }} OS_BOTIFY_TOKEN: ${{ secrets.OS_BOTIFY_TOKEN }} - GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} + GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }} - if: ${{ failure() }} uses: Expensify/App/.github/actions/composite/announceFailedWorkflowInSlack@main From 78d4580e4f38fcc2be2087e2da4f6377ed3b7ebb Mon Sep 17 00:00:00 2001 From: Rory Abraham Date: Mon, 11 Jul 2022 12:47:02 -0700 Subject: [PATCH 19/19] Make SEMVER_LEVEL optional --- .github/workflows/cherryPick.yml | 2 -- .github/workflows/createNewVersion.yml | 3 ++- .github/workflows/preDeploy.yml | 2 -- 3 files changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cherryPick.yml b/.github/workflows/cherryPick.yml index 69e7a708e3a6..b0945f4e0920 100644 --- a/.github/workflows/cherryPick.yml +++ b/.github/workflows/cherryPick.yml @@ -29,8 +29,6 @@ jobs: if: ${{ fromJSON(needs.validateActor.outputs.IS_DEPLOYER) && github.event.inputs.NEW_VERSION == '' }} uses: Expensify/App/.github/workflows/createNewVersion.yml@main secrets: inherit - with: - SEMVER_LEVEL: BUILD cherryPick: needs: [validateActor, createNewVersion] diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml index 5d0f34365f42..2fa033dedd30 100644 --- a/.github/workflows/createNewVersion.yml +++ b/.github/workflows/createNewVersion.yml @@ -5,7 +5,8 @@ on: inputs: SEMVER_LEVEL: description: One of {BUILD, PATCH, MINOR, MAJOR} - required: true + required: false + default: BUILD type: string outputs: diff --git a/.github/workflows/preDeploy.yml b/.github/workflows/preDeploy.yml index d95fab1a0335..c7347766a68f 100644 --- a/.github/workflows/preDeploy.yml +++ b/.github/workflows/preDeploy.yml @@ -77,8 +77,6 @@ jobs: if: ${{ fromJSON(needs.chooseDeployActions.outputs.shouldDeploy) }} uses: Expensify/App/.github/workflows/createNewVersion.yml@main secrets: inherit - with: - SEMVER_LEVEL: BUILD updateStaging: needs: [chooseDeployActions, createNewVersion]