mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-07 05:22:56 +00:00
5cb6a4bc8b
## Problem
`github.sha` contains a merge commit of `head` and `base` if we're in a
PR. In release PRs, this makes no sense, because we fast-forward the
`base` branch to contain the changes from `head`.
Even though we correctly use `${{ github.event.pull_request.head.sha ||
github.sha }}` to reference the git commit when building artifacts, we
don't use that when checking out code, because we want to test the merge
of head and base usually. In the case of release PRs, we definitely
always want to test on the head sha though, because we're going to
forward that, and it already has the base sha as a parent, so the merge
would end up with the same tree anyway.
As a side effect, not checking out `${{
github.event.pull_request.head.sha || github.sha }}` also caused
https://github.com/neondatabase/neon/actions/runs/13986389780/job/39173256184#step:6:49
to say `release-tag=release-compute-8187`, while
https://github.com/neondatabase/neon/actions/runs/14084613121/job/39445314780#step:6:48
is talking about `build-tag=release-compute-8186`
## Summary of changes
Run a few things on `github.event.pull_request.head.sha`, if we're in a
release PR.
170 lines
7.6 KiB
YAML
170 lines
7.6 KiB
YAML
name: Generate run metadata
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
github-event-name:
|
|
type: string
|
|
required: true
|
|
github-event-json:
|
|
type: string
|
|
required: true
|
|
outputs:
|
|
build-tag:
|
|
description: "Tag for the current workflow run"
|
|
value: ${{ jobs.tags.outputs.build-tag }}
|
|
release-tag:
|
|
description: "Tag for the release if this is an RC PR run"
|
|
value: ${{ jobs.tags.outputs.release-tag }}
|
|
previous-storage-release:
|
|
description: "Tag of the last storage release"
|
|
value: ${{ jobs.tags.outputs.storage }}
|
|
previous-proxy-release:
|
|
description: "Tag of the last proxy release"
|
|
value: ${{ jobs.tags.outputs.proxy }}
|
|
previous-compute-release:
|
|
description: "Tag of the last compute release"
|
|
value: ${{ jobs.tags.outputs.compute }}
|
|
run-kind:
|
|
description: "The kind of run we're currently in. Will be one of `push-main`, `storage-release`, `compute-release`, `proxy-release`, `storage-rc-pr`, `compute-rc-pr`, `proxy-rc-pr`, `pr`, or `workflow-dispatch`"
|
|
value: ${{ jobs.tags.outputs.run-kind }}
|
|
release-pr-run-id:
|
|
description: "Only available if `run-kind in [storage-release, proxy-release, compute-release]`. Contains the run ID of the `Build and Test` workflow, assuming one with the current commit can be found."
|
|
value: ${{ jobs.tags.outputs.release-pr-run-id }}
|
|
sha:
|
|
description: "github.event.pull_request.head.sha on release PRs, github.sha otherwise"
|
|
value: ${{ jobs.tags.outputs.sha }}
|
|
|
|
permissions: {}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash -euo pipefail {0}
|
|
|
|
jobs:
|
|
tags:
|
|
runs-on: ubuntu-22.04
|
|
outputs:
|
|
build-tag: ${{ steps.build-tag.outputs.build-tag }}
|
|
release-tag: ${{ steps.build-tag.outputs.release-tag }}
|
|
compute: ${{ steps.previous-releases.outputs.compute }}
|
|
proxy: ${{ steps.previous-releases.outputs.proxy }}
|
|
storage: ${{ steps.previous-releases.outputs.storage }}
|
|
run-kind: ${{ steps.run-kind.outputs.run-kind }}
|
|
release-pr-run-id: ${{ steps.release-pr-run-id.outputs.release-pr-run-id }}
|
|
sha: ${{ steps.sha.outputs.sha }}
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
# Need `fetch-depth: 0` to count the number of commits in the branch
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Get run kind
|
|
id: run-kind
|
|
env:
|
|
RUN_KIND: >-
|
|
${{
|
|
false
|
|
|| (inputs.github-event-name == 'push' && github.ref_name == 'main') && 'push-main'
|
|
|| (inputs.github-event-name == 'push' && github.ref_name == 'release') && 'storage-release'
|
|
|| (inputs.github-event-name == 'push' && github.ref_name == 'release-compute') && 'compute-release'
|
|
|| (inputs.github-event-name == 'push' && github.ref_name == 'release-proxy') && 'proxy-release'
|
|
|| (inputs.github-event-name == 'pull_request' && github.base_ref == 'release') && 'storage-rc-pr'
|
|
|| (inputs.github-event-name == 'pull_request' && github.base_ref == 'release-compute') && 'compute-rc-pr'
|
|
|| (inputs.github-event-name == 'pull_request' && github.base_ref == 'release-proxy') && 'proxy-rc-pr'
|
|
|| (inputs.github-event-name == 'pull_request') && 'pr'
|
|
|| (inputs.github-event-name == 'workflow_dispatch') && 'workflow-dispatch'
|
|
|| 'unknown'
|
|
}}
|
|
run: |
|
|
echo "run-kind=$RUN_KIND" | tee -a $GITHUB_OUTPUT
|
|
|
|
- name: Get the right SHA
|
|
id: sha
|
|
env:
|
|
SHA: >
|
|
${{
|
|
contains(fromJSON('["storage-rc-pr", "proxy-rc-pr", "compute-rc-pr"]'), steps.run-kind.outputs.run-kind)
|
|
&& fromJSON(inputs.github-event-json).pull_request.head.sha
|
|
|| github.sha
|
|
}}
|
|
run: |
|
|
echo "sha=$SHA" | tee -a $GITHUB_OUTPUT
|
|
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
fetch-depth: 0
|
|
ref: ${{ steps.sha.outputs.sha }}
|
|
|
|
- name: Get build tag
|
|
id: build-tag
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
CURRENT_BRANCH: ${{ github.head_ref || github.ref_name }}
|
|
CURRENT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
|
|
RUN_KIND: ${{ steps.run-kind.outputs.run-kind }}
|
|
run: |
|
|
case $RUN_KIND in
|
|
push-main)
|
|
echo "build-tag=$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
storage-release)
|
|
echo "build-tag=release-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
proxy-release)
|
|
echo "build-tag=release-proxy-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
compute-release)
|
|
echo "build-tag=release-compute-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
pr|storage-rc-pr|compute-rc-pr|proxy-rc-pr)
|
|
BUILD_AND_TEST_RUN_ID=$(gh api --paginate \
|
|
-H "Accept: application/vnd.github+json" \
|
|
-H "X-GitHub-Api-Version: 2022-11-28" \
|
|
"/repos/${GITHUB_REPOSITORY}/actions/runs?head_sha=${CURRENT_SHA}&branch=${CURRENT_BRANCH}" \
|
|
| jq '[.workflow_runs[] | select(.name == "Build and Test")][0].id // ("Error: No matching workflow run found." | halt_error(1))')
|
|
echo "build-tag=$BUILD_AND_TEST_RUN_ID" | tee -a $GITHUB_OUTPUT
|
|
case $RUN_KIND in
|
|
storage-rc-pr)
|
|
echo "release-tag=release-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
proxy-rc-pr)
|
|
echo "release-tag=release-proxy-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
compute-rc-pr)
|
|
echo "release-tag=release-compute-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
esac
|
|
;;
|
|
workflow-dispatch)
|
|
echo "build-tag=$GITHUB_RUN_ID" | tee -a $GITHUB_OUTPUT
|
|
;;
|
|
*)
|
|
echo "Unexpected RUN_KIND ('${RUN_KIND}'), failing to assign build-tag!"
|
|
exit 1
|
|
esac
|
|
|
|
- name: Get the previous release-tags
|
|
id: previous-releases
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
gh api --paginate \
|
|
-H "Accept: application/vnd.github+json" \
|
|
-H "X-GitHub-Api-Version: 2022-11-28" \
|
|
"/repos/${GITHUB_REPOSITORY}/releases" \
|
|
| jq -f .github/scripts/previous-releases.jq -r \
|
|
| tee -a "${GITHUB_OUTPUT}"
|
|
|
|
- name: Get the release PR run ID
|
|
id: release-pr-run-id
|
|
if: ${{ contains(fromJSON('["storage-release", "compute-release", "proxy-release"]'), steps.run-kind.outputs.run-kind) }}
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
CURRENT_SHA: ${{ github.sha }}
|
|
run: |
|
|
RELEASE_PR_RUN_ID=$(gh api "/repos/${GITHUB_REPOSITORY}/actions/runs?head_sha=$CURRENT_SHA" | jq '[.workflow_runs[] | select(.name == "Build and Test") | select(.head_branch | test("^rc/release(-(proxy|compute))?/[0-9]{4}-[0-9]{2}-[0-9]{2}$"; "s"))] | first | .id // ("Failed to find Build and Test run from RC PR!" | halt_error(1))')
|
|
echo "release-pr-run-id=$RELEASE_PR_RUN_ID" | tee -a $GITHUB_OUTPUT
|