Add manual release CI workflow (release.yaml)#2656
Conversation
Hello delthas,My role is to assist you with the merge of this Available options
Available commands
Status report is not available. |
Request integration branchesWaiting for integration branch creation to be requested by the user. To request integration branches, please comment on this pull request with the following command: Alternatively, the |
fe56be3 to
3500bd2
Compare
6490ff3 to
dd5ee2d
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## development/8.3 #2656 +/- ##
===================================================
+ Coverage 73.54% 73.56% +0.01%
===================================================
Files 222 222
Lines 18188 18188
Branches 3786 3786
===================================================
+ Hits 13377 13380 +3
+ Misses 4806 4803 -3
Partials 5 5 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
francoisferrand
left a comment
There was a problem hiding this comment.
As logic is added to release workflow, bugs are also added : which is esp. critical for releases, which are only used seldom and especially when we need (urgently) a release... Thus (non-trivial) release workflow should be tested, as we do for exemple in Zenko
dd5ee2d to
43f7f53
Compare
Add a workflow_dispatch release.yaml for arsenal. Arsenal is a library (no Docker image) consumed as a git dependency where the tag equals the package.json version, so the release reduces to creating the GitHub release + tag, replacing the manual `gh release create`. The workflow reads the version from package.json (no manual tag input) and fails if it is missing, fails if that release already exists or if the git tag already exists (so an aborted release that left a dangling tag cannot be moved onto a different commit), and rejects dispatches from any branch other than development/* or hotfix/* so a release cannot be cut from un-merged code. github.ref_name is passed via an env var to avoid shell injection in the guard step. Add workflow tests under tests/workflows (act-js + mock-github, run on node 24 via the new check-workflows CI) covering the branch guard, the version-present guard, and the tag-existence guard. The coverage script excludes tests/workflows so the act-js suite is not collected by the unit/coverage run, and the test package pins tar to ^7 via resolutions (act-js's transitive tar@6 is flagged by dependency-review). Issue: ARSN-604
43f7f53 to
3bd36fb
Compare
|
Added some tests, inspired by Zenko. |
maeldonn
left a comment
There was a problem hiding this comment.
Do we need a separate package? Root already has jest/ts-jest/typescript, so
@kie/act-js and @kie/mock-github could just be root devDeps. Avoids a second
yarn.lock to maintain. What's the reasoning?
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Install NodeJS | ||
| uses: actions/setup-node@v4 |
There was a problem hiding this comment.
| uses: actions/setup-node@v4 | |
| uses: actions/setup-node@v6 |
please check all actions, you are using outdated ones...
| on: | ||
| push: | ||
| branches-ignore: | ||
| - 'development/**' |
There was a problem hiding this comment.
there is also q/*/** to ignore : otherwise it will run twice on Bert-e's queue, since there are 2 branches : q/ and q//
| - 'development/**' | ||
| paths: | ||
| - '.github/workflows/**' | ||
| - 'tests/workflows/**' |
There was a problem hiding this comment.
best to run on everything IMHO
- you never know if the workflow may depend on what's in the repo
- cheap anyway
- best to run periodically to find out before it breaks
There was a problem hiding this comment.
do we need a separate workflow file?
best to keep in same workflow as other test/premerge, like in other repos
| let github: MockGithub; | ||
| let act: Act; | ||
|
|
||
| async function setupRepo(versionFixture: string, branch: string) { |
There was a problem hiding this comment.
seems to do more than setup "repo" : it also setups act
| act.setPlatforms("ubuntu-latest", IMAGE); | ||
| act.setEnv("GITHUB_REPOSITORY", "scality/Arsenal"); | ||
| act.setEnv("GITHUB_REF", `refs/heads/${branch}`); | ||
| } |
There was a problem hiding this comment.
we need the GitHub variable for asynchronous cleanup in afterEach (unless we can register a cleanup step dynamically) ; but not the case for act : could we return it instead of relying on global variable?
Summary
Arsenal has no release workflow, unlike
cloudserver,vault2, andbackbeat, which each ship aworkflow_dispatchrelease pipeline. Today arsenal releases are cut by hand viagh release create <version> --generate-notes.This adds
.github/workflows/release.yaml, triggered manually (workflow_dispatch), that:package.json(no manual tag input), so the released tag can never drift from what consumers pin (git+https://github.com/scality/arsenal#<tag>).softprops/action-gh-releaseotherwise updates an existing release silently).generate_release_notes: true), targeting the dispatched commit.Arsenal is a library (
private: true, no Docker image), so the workflow reduces to the GitHub-release step only — no Docker/oras steps. Build artifacts continue to be published by the existing per-pushcompilejob intests.yaml. The release name is kept as the bare version (e.g.8.5.1) to match arsenal's existing release history.Issue: ARSN-604