[no-relnote] Configure all GitHub actions as reusable workflow #915
Conversation
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
from
2399526 to
911ed71
Compare
|
|
| pull_request: | ||
| types: | ||
| - opened | ||
| - synchronize | ||
| branches: | ||
| - main | ||
| - release-* |
There was a problem hiding this comment.
Is there any reason to not use the "standard" triggers for this?
There was a problem hiding this comment.
I think is a good first step to run the code scan before performing any extra steps.
There was a problem hiding this comment.
That wasn't my question. Does it make sense to also run this on PRs?
.github/workflows/e2e.yaml
Outdated
| env: | ||
| IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/container-toolkit | ||
| VERSION: ${COMMIT_SHORT_SHA} | ||
| IMAGE_NAME: ghcr.io/${{ inputs.lowercase_repo_owner }}/container-toolkit |
There was a problem hiding this comment.
Question: Isn't this always nvidia?
| needs: packages | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| name: Check out code |
There was a problem hiding this comment.
What version is checked out here? Should we align this with the short sha?
There was a problem hiding this comment.
would make sense in a follow-up PR. The defaults are ok, but moving forward when writing more reusable workflows, it will make more sense
https://github.com/actions/checkout?tab=readme-ov-file#usage
There was a problem hiding this comment.
Shure. Could you please clarify which verison is checked out by default.
There was a problem hiding this comment.
# The branch, tag or SHA to checkout. When checking out the repository that
# triggered a workflow, this defaults to the reference or SHA for that event.
# Otherwise, uses the default branch.There was a problem hiding this comment.
What I mean is, if this is triggered by a workflow call, is the SHA that is checked out the current version in the PR, or the SHA of the default branch.
There was a problem hiding this comment.
is the SHA of the commit that triggered the action, unregarding of the branch (that's why copy-pr-bot works)
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
from
911ed71 to
63ef912
Compare
.github/workflows/ci.yaml
Outdated
| if [[ "${{ github.ref_name != 'main' && !startsWith(github.ref_name, 'release-') }}" == "true" ]]; then | ||
| echo "build_multi_arch_images=false" >> $GITHUB_OUTPUT | ||
| else | ||
| echo "build_multi_arch_images=true" >> $GITHUB_OUTPUT | ||
| fi |
There was a problem hiding this comment.
It may be clearer to invert the conditional:
| if [[ "${{ github.ref_name != 'main' && !startsWith(github.ref_name, 'release-') }}" == "true" ]]; then | |
| echo "build_multi_arch_images=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "build_multi_arch_images=true" >> $GITHUB_OUTPUT | |
| fi | |
| if [[ "${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }}" == "true" ]]; then | |
| echo "build_multi_arch_images=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "build_multi_arch_images=false" >> $GITHUB_OUTPUT | |
| fi |
Actually, could we simplify this further to:
| if [[ "${{ github.ref_name != 'main' && !startsWith(github.ref_name, 'release-') }}" == "true" ]]; then | |
| echo "build_multi_arch_images=false" >> $GITHUB_OUTPUT | |
| else | |
| echo "build_multi_arch_images=true" >> $GITHUB_OUTPUT | |
| fi | |
| multi_arch_required="${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }}" | |
| echo "build_multi_arch_images=${{ multi_arch_required }}" >> $GITHUB_OUTPUT |
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
2 times, most recently
from
87be0dd to
d45f14d
Compare
.github/workflows/ci.yaml
Outdated
| runs-on: ubuntu-latest | ||
| outputs: | ||
| version: ${{ steps.version.outputs.version }} | ||
| build_multi_arch_images: ${{ steps.build_multi_arch_images.outputs.value }} |
There was a problem hiding this comment.
Could this just be:
| build_multi_arch_images: ${{ steps.build_multi_arch_images.outputs.value }} | |
| build_multi_arch_images: ${{ github.ref_name == 'main' || startsWith(github.ref_name, 'release-') }} |
and then we don't need the scripts below?
| needs: packages | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| name: Check out code |
There was a problem hiding this comment.
Shure. Could you please clarify which verison is checked out by default.
.github/workflows/image.yaml
Outdated
| VERSION: ${COMMIT_SHORT_SHA} | ||
| IMAGE_NAME: ghcr.io/nvidia/container-toolkit | ||
| VERSION: ${{ inputs.version }} | ||
| PUSH_ON_BUILD: ${{ inputs.push_on_build }} |
There was a problem hiding this comment.
What about?
| PUSH_ON_BUILD: ${{ inputs.push_on_build }} | |
| PUSH_ON_BUILD: true |
There was a problem hiding this comment.
I was going for reusability of the workflow file, but default to true is ok
There was a problem hiding this comment.
When we need to, we can add push_on_build to the inputs and set a default value.
.github/workflows/ci.yaml
Outdated
| echo "build_multi_arch_images=$multi_arch_required" >> $GITHUB_OUTPUT | ||
| golang: | ||
| needs: code-scanning |
There was a problem hiding this comment.
What is the risk in running the golang tests and the code-scanning in parallel?
There was a problem hiding this comment.
none. let me re-arrange
There was a problem hiding this comment.
now we run the basic checks in parallel
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
from
d45f14d to
1440638
Compare
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
2 times, most recently
from
84b9711 to
992c72f
Compare
| prepare-variables: | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| version: ${{ steps.version.outputs.version }} |
There was a problem hiding this comment.
Does the following work?
| version: ${{ steps.version.outputs.version }} | |
| version: ${{ github.sha.substring(0,8) }} |
There was a problem hiding this comment.
no, it doesn't
There was a problem hiding this comment.
As a matter of interest, what error does it give? Do we have a reference of which functions are available to us? We do use startsWith, for example.
There was a problem hiding this comment.
.github/workflows/ci.yaml
Outdated
| code-scanning: | ||
| uses: ./.github/workflows/code_scanning.yaml | ||
|
|
||
| prepare-variables: |
There was a problem hiding this comment.
Does it make sense to just call this variables?
.github/workflows/e2e.yaml
Outdated
| IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/container-toolkit | ||
| VERSION: ${COMMIT_SHORT_SHA} | ||
| IMAGE_NAME: ghcr.io/nvidia/container-toolkit | ||
| VERSION: ${{ steps.vars.outputs.version }} |
There was a problem hiding this comment.
| VERSION: ${{ steps.vars.outputs.version }} | |
| VERSION: ${{ inputs.version }} |
| env: | ||
| IMAGE_NAME: ghcr.io/${LOWERCASE_REPO_OWNER}/container-toolkit | ||
| VERSION: ${COMMIT_SHORT_SHA} | ||
| IMAGE_NAME: ghcr.io/nvidia/container-toolkit |
There was a problem hiding this comment.
If we do move e2e.yaml to a central repo, we would have to have this as an input.
(Out of scope for this PR).
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
from
992c72f to
987f91e
Compare
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
from
987f91e to
e280018
Compare
|
If I recall correctly, the action results are tracked by SHA and I was wondering whether it makes sense to trigger the Update: One place where this is required is for dependabot PRs. These do not "automatically" create a PR branch. |
.github/workflows/code_scanning.yaml
Outdated
| branches: | ||
| - main | ||
| - release-* | ||
| workflow_call: |
There was a problem hiding this comment.
Given that we want these to run on PRs so that they trigger for dependabot we may want to update this to:
| workflow_call: | |
| workflow_call: {} | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| branches: | |
| - main | |
| - release-* |
.github/workflows/golang.yaml
Outdated
| branches: | ||
| - main | ||
| - release-* | ||
| workflow_call: |
There was a problem hiding this comment.
Given that we want these to run on PRs so that they trigger for dependabot we may want to update this to:
| workflow_call: | |
| workflow_call: {} | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| branches: | |
| - main | |
| - release-* |
Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>
ArangoGutierrez
force-pushed
the
e2e_tests02
branch
from
e280018 to
27f1738
Compare
elezar
left a comment
elezar
left a comment
There was a problem hiding this comment.
Thanks @ArangoGutierrez
Looks good.
2 participants
No description provided.