From c02b57b52f00e5c1028d991dcf9560df6bb7230a Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 12:47:02 +0700 Subject: [PATCH 1/9] Fix CI - new job to select channels - upload in separate job - release job (WIP) --- .github/workflows/ci.yml | 109 ++++++++++++++++++++++++--------------- 1 file changed, 68 insertions(+), 41 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 64d7d1a..24b8027 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,18 +33,64 @@ jobs: with: artifact-name: charm-packed - bootstrap: - name: "Bootstrap" + + channel: + name: Select Charmhub channel runs-on: ubuntu-latest - needs: build + outputs: + test: ${{ steps.channel.outputs.test }} + release: ${{ steps.channel.outputs.release }} + + steps: + - name: Select Charmhub channel + id: channel + shell: bash + run: | + set -x + case ${{ github.ref_name }} in + 3.* | 4.*) + TRACK="${{ github.ref_name }}" + ;; + master) + TRACK="latest" + ;; + esac + + echo "test=$TRACK/edge/${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "release=$TRACK/edge" >> "$GITHUB_OUTPUT" + + + upload: + name: Upload to Charmhub + needs: [build, channel] + runs-on: ubuntu-latest + + steps: + - name: Download packed charm + id: download + uses: actions/download-artifact@v3 + with: + name: ${{ needs.build.outputs.artifact-name }} + + - name: Upload charm to Charmhub + env: + CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }} + run: | + sudo snap install charmcraft --classic + charmcraft upload ${{ steps.download.outputs.download-path }}/*.charm \ + --release ${{ needs.channel.outputs.test }} + + + integration: + name: "Integration tests" + runs-on: ubuntu-latest + needs: [build, upload, channel] strategy: fail-fast: false matrix: cloud: ["lxd", "microk8s"] env: LOCAL_CHARM_PATH: ${{ github.workspace }}/controller.charm - CHARMHUB_NAME: juju-qa-controller - CHARMHUB_CHANNEL: latest/edge/${{ github.run_id }} steps: - name: Download packed charm @@ -103,8 +149,7 @@ jobs: run: | sg snap_microk8s <> "$GITHUB_OUTPUT" - - if [[ -z $TRACK ]]; then - echo "upload=false" >> "$GITHUB_OUTPUT" - else - echo "upload=true" >> "$GITHUB_OUTPUT" - fi - + charmcraft status juju-controller --format json | + jq ${{ needs.channel.outputs.release }} ... - - name: Upload to Charmhub - if: steps.channel.outputs.upload == 'true' - env: - CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }} + - name: Release to edge + if: github.event_name == 'push' run: | - sudo snap install charmcraft --classic - charmcraft upload ${{ steps.download.outputs.download-path }}/*.charm \ - --release ${{ steps.channel.outputs.track }}/edge + charmcraft release juju-controller \ + --revision=${{ steps.revision.outputs.revision }} + --channel=${{ needs.channel.outputs.release }} From 71005988141c8c4f0cff9aa398ab0457d2b3db87 Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 13:04:25 +0700 Subject: [PATCH 2/9] Add Git branch name to Charmhub branch --- .github/workflows/ci.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 24b8027..f26ee6c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,17 +46,21 @@ jobs: id: channel shell: bash run: | - set -x + set -eux case ${{ github.ref_name }} in 3.* | 4.*) TRACK="${{ github.ref_name }}" ;; - master) + *) TRACK="latest" ;; esac - echo "test=$TRACK/edge/${{ github.sha }}" >> "$GITHUB_OUTPUT" + # Feature branches will be released to the 'latest' track, so we need + # to include the branch name to disambiguate. + BRANCH="${{ github.ref_name }}-${{ github.sha }}" + + echo "test=$TRACK/edge/$BRANCH" >> "$GITHUB_OUTPUT" echo "release=$TRACK/edge" >> "$GITHUB_OUTPUT" @@ -173,6 +177,8 @@ jobs: run: | sudo snap install charmcraft --classic + # TODO: check if track exists, otherwise don't upload + - name: Get uploaded revision id: revision run: | From 0d989653f3522f00e70eb424a40c59655758f9e7 Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 13:09:07 +0700 Subject: [PATCH 3/9] add CHARM_NAME var - remove extraneous upload step in integration test --- .github/workflows/ci.yml | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f26ee6c..2992f76 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -3,6 +3,8 @@ on: push: pull_request: workflow_dispatch: +env: + CHARM_NAME: ${{ vars.CHARM_NAME }} jobs: @@ -82,6 +84,7 @@ jobs: run: | sudo snap install charmcraft --classic charmcraft upload ${{ steps.download.outputs.download-path }}/*.charm \ + --name $CHARM_NAME \ --release ${{ needs.channel.outputs.test }} @@ -108,17 +111,6 @@ jobs: mv ${{ steps.download.outputs.download-path }}/*.charm \ $LOCAL_CHARM_PATH - # Currently the only way to get charms on k8s is via Charmhub. - - name: Upload charm to Charmhub - id: charmcraft - if: matrix.cloud == 'microk8s' - env: - CHARMCRAFT_AUTH: ${{ secrets.CHARMCRAFT_AUTH }} - run: | - sudo snap install charmcraft --classic - charmcraft upload $LOCAL_CHARM_PATH \ - --name $CHARMHUB_NAME --release $CHARMHUB_CHANNEL - - name: Save charmcraft logs as artifact if: always() && steps.charmcraft.outcome != 'skipped' uses: actions/upload-artifact@v3 @@ -182,12 +174,12 @@ jobs: - name: Get uploaded revision id: revision run: | - charmcraft status juju-controller --format json | + charmcraft status $CHARM_NAME --format json | jq ${{ needs.channel.outputs.release }} ... - name: Release to edge if: github.event_name == 'push' run: | - charmcraft release juju-controller \ + charmcraft release $CHARM_NAME \ --revision=${{ steps.revision.outputs.revision }} --channel=${{ needs.channel.outputs.release }} From 7a4b257a3d36f1388b6ea3a2792399477f27440a Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 13:26:42 +0700 Subject: [PATCH 4/9] don't release feature branches --- .github/workflows/ci.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2992f76..2e726e0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -52,9 +52,15 @@ jobs: case ${{ github.ref_name }} in 3.* | 4.*) TRACK="${{ github.ref_name }}" + DO_RELEASE=true + ;; + main) + TRACK="latest" + DO_RELEASE=true ;; *) TRACK="latest" + DO_RELEASE=false # Don't release feature branches ;; esac @@ -63,7 +69,9 @@ jobs: BRANCH="${{ github.ref_name }}-${{ github.sha }}" echo "test=$TRACK/edge/$BRANCH" >> "$GITHUB_OUTPUT" - echo "release=$TRACK/edge" >> "$GITHUB_OUTPUT" + if [[ "$DO_RELEASE" == 'true' ]]; then + echo "release=$TRACK/edge" >> "$GITHUB_OUTPUT" + fi upload: @@ -169,8 +177,6 @@ jobs: run: | sudo snap install charmcraft --classic - # TODO: check if track exists, otherwise don't upload - - name: Get uploaded revision id: revision run: | @@ -178,7 +184,7 @@ jobs: jq ${{ needs.channel.outputs.release }} ... - name: Release to edge - if: github.event_name == 'push' + if: github.event_name == 'push' && needs.channel.outputs.release != '' run: | charmcraft release $CHARM_NAME \ --revision=${{ steps.revision.outputs.revision }} From fd598a2315c4bea1f7400089ffbf97ff737d5795 Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 14:15:47 +0700 Subject: [PATCH 5/9] get revision for uploaded charm --- .github/workflows/ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2e726e0..d0e23b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -179,9 +179,13 @@ jobs: - name: Get uploaded revision id: revision + env: + CHANNEL: ${{ needs.channel.outputs.test }} run: | - charmcraft status $CHARM_NAME --format json | - jq ${{ needs.channel.outputs.release }} ... + TRACK=$(echo $CHANNEL | cut -d '/' -f 1) + REVISION=$(charmcraft status $CHARM_NAME --format json | + jq ".[] | select(.track == \"$TRACK\") | .mappings[0].releases[] | select(.channel == \"$CHANNEL\") | .revision") + echo "revision=$REVISION" >> "$GITHUB_OUTPUT" - name: Release to edge if: github.event_name == 'push' && needs.channel.outputs.release != '' From 56d3eea5199cfc17e7b590f48c12b18d25e60150 Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 14:32:23 +0700 Subject: [PATCH 6/9] disable pull_request --- .github/workflows/ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d0e23b0..7789c4f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,7 +1,10 @@ name: "CI" +# We don't run this workflow on 'pull_request', because we require secrets to +# upload the charm to Charmhub, and pull_request runs can't access secrets. +# PRs should be opened from a branch on the main juju/juju-controller repo, +# not from a fork. on: push: - pull_request: workflow_dispatch: env: CHARM_NAME: ${{ vars.CHARM_NAME }} From 0110e573b8571f23f21705ef38f2e24fbe5e4115 Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 14:37:21 +0700 Subject: [PATCH 7/9] print revision --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7789c4f..1c86d71 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -185,6 +185,7 @@ jobs: env: CHANNEL: ${{ needs.channel.outputs.test }} run: | + set -x TRACK=$(echo $CHANNEL | cut -d '/' -f 1) REVISION=$(charmcraft status $CHARM_NAME --format json | jq ".[] | select(.track == \"$TRACK\") | .mappings[0].releases[] | select(.channel == \"$CHANNEL\") | .revision") From f4f1c97db70b2a6e2460ec4f207f5efb2781ac5a Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 14:42:51 +0700 Subject: [PATCH 8/9] workflow to check PR is not from a fork --- .github/workflows/pr.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/workflows/pr.yml diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..6f3d048 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,10 @@ +name: "PR" +on: [pull_request, workflow_dispatch] +jobs: + fork: + # check PR is not running from a fork + name: Check head branch + runs-on: ubuntu-latest + steps: + - run: | + echo ${{ github.head_ref }} \ No newline at end of file From 57d4f169aa86bce9f4a4890921386db9e6d05463 Mon Sep 17 00:00:00 2001 From: Jordan Barrett Date: Wed, 18 Oct 2023 14:47:16 +0700 Subject: [PATCH 9/9] check PR head repo --- .github/workflows/pr.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 6f3d048..968078b 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -7,4 +7,6 @@ jobs: runs-on: ubuntu-latest steps: - run: | - echo ${{ github.head_ref }} \ No newline at end of file + if [[ "${{ github.event.pull_request.head.repo.full_name }}" != "juju/juju-controller" ]]; then + echo "::error::CI is unable to run on a PR opened from a fork. Please push your branch to the main repo and reopen this PR." + fi