chore: workflows call workflows (#7089)

Relying on tags to trigger workflows makes it hard to trace what's happening after a release, currently: 1. We manually trigger a release workflow 2. The release workflow executes and tags the new release in code 3. Several other workflows trigger after matching the tag doing different things: build docker images, tarballs and other things. This creates a loose dependency between the workflows which are actually part of the same "release workflow" which makes it difficult to spot when one or other dependent workflow fails because the dependency is indirect through the tagging mechanism. This PR switches to a more direct approach using [workflow calls](https://docs.github.com/en/actions/using-workflows/reusing-workflows). This will create a graph as shown in the following graph: ![](https://docs.github.com/assets/cb-34427/mw-1440/images/help/actions/reusable-workflows-ci-cd.webp) making it easier to track and identify any problem. The "drawback" of this approach is that previously we could trigger all dependent workflows at once by creating a tag matching the expected pattern without manually triggering a new release. This limitation can be overcome by adding a manual workflow_dispatch to the workflows using the tag trigger.
Unleash · May 24, 2024 · 07354f7 · 07354f7
1 parent 292f430
commit 07354f7
Show file tree

Hide file tree

Showing 6 changed files with 64 additions and 50 deletions.
diff --git a/.github/workflows/docker_publish.yaml b/.github/workflows/docker_publish.yaml
@@ -6,14 +6,13 @@ on:
       - main
     paths-ignore:
       - website/**
-    tags:
-      - 'v*'
-  workflow_dispatch:
+  workflow_call:
     inputs:
-      ignore-push:
-        description: 'Ignore push to dockerhub. If not set the image will be pushed with the sha of the commit as tag'
-        required: false
-        type: boolean
+      version:
+        description: "Which version to release"
+        type: 'string'
+        required: true
+  workflow_dispatch:
 
 jobs:
   build:
@@ -35,10 +34,10 @@ jobs:
           images: |
             unleashorg/unleash-server
           tags: |
-            # only enabled for v* tags:
-            type=semver,pattern={{ version }},enable=${{ startsWith(github.ref, 'refs/tags/v') }}
-            type=semver,pattern={{ major.minor }},enable=${{ startsWith(github.ref, 'refs/tags/v') }}
-            type=semver,pattern={{ major }},enable=${{ startsWith(github.ref, 'refs/tags/v') }}
+            # only enabled for workflow dispatch except main (assume its a release):
+            type=semver,pattern={{ version }},enable=${{ github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' }},value=${{ inputs.version }}
+            type=semver,pattern={{ major }}.{{ minor }},enable=${{ github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' }},value=${{ inputs.version }}
+            type=semver,pattern={{ major }},enable=${{ github.event_name == 'workflow_dispatch' && github.ref != 'refs/heads/main' }},value=${{ inputs.version }}
             # only enabled in main:
             type=edge,prefix=main-,suffix=-${{ matrix.version }},enable=${{ github.ref == 'refs/heads/main' }}
             # only enabled on workflow_dispatch:
@@ -57,7 +56,7 @@ jobs:
         with:
           context: .
           platforms: linux/amd64,linux/arm64
-          push: ${{ github.event_name != 'workflow_dispatch' || github.event.inputs.ignore-push != 'true' }}
+          push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: NODE_VERSION=${{ matrix.version }}
diff --git a/.github/workflows/notify_enterprise.yaml b/.github/workflows/notify_enterprise.yaml
@@ -7,12 +7,6 @@ on:
     paths-ignore:
       - website/**
       - coverage/**
-# not sure if we will have all the payload as the push to main has.
-#  workflow_run:
-#    workflows: [ 'Publish to npm' ]
-#    types: [ completed ]
-#    branches:
-#      - 'main'
 
 jobs:
   build:

diff --git a/.github/workflows/publish-new-version.yaml b/.github/workflows/publish-new-version.yaml
@@ -54,14 +54,18 @@ jobs:
           echo PREV=$(git describe --tags ${PREV_COMMIT}) >> $GITHUB_ENV
       - if: ${{ !endsWith(github.event.inputs.version, '0') }}
         run: echo PREV=$(git describe --abbrev=0) >> $GITHUB_ENV
-      - name: Generate changelog if not pre-release
+      - name: Generate changelog from ${{ env.PREV }}
         continue-on-error: true
         if: ${{ !contains(github.event.inputs.version, '-') }}
         env:
           PREV: ${{ env.PREV }}
         run: |
-          git-cliff ${PREV}..HEAD --tag v${{ github.event.inputs.version }} --prepend CHANGELOG.md
+          git-cliff ${{ env.PREV }}..HEAD --tag v${{ github.event.inputs.version }} --prepend CHANGELOG.md
+          if [ -n "$(git status --porcelain)" ]; then
           git commit -am "docs: Update CHANGELOG.md"
+          else
+            echo "No changes to CHANGELOG.md"
+          fi
       - run: yarn install --frozen-lockfile --ignore-scripts
       - name: npm version
         run: |
@@ -106,19 +110,27 @@ jobs:
           git commit -m "chore: bump version to ${{ github.event.inputs.version }}+main"
           git push origin main
 
-  update-version-checker:
+  publish-docker:
+    needs: build
+    uses: ./.github/workflows/docker_publish.yaml
+    with:
+      version: ${{ github.event.inputs.version }}
+
+  publish-npm:
     needs: build
+    uses: ./.github/workflows/release.yaml
+    with:
+      version: ${{ github.event.inputs.version }}
+
+  release-changelog: # TODO this changelog is different than the git-cliff one above
+    needs: build
+    uses: ./.github/workflows/release_changelog.yml
+    with:
+      version: ${{ github.event.inputs.version }}
+
+  update-version-checker:
+    needs: publish-docker
     if: ${{ github.event.inputs.update-version-function == 'true' }}
-    runs-on: ubuntu-latest
-    steps:
-      - name: Authenticate Google IAM
-        uses: 'google-github-actions/auth@v2'
-        with:
-          workload_identity_provider: 'projects/340004706233/locations/global/workloadIdentityPools/gh-actions-pool/providers/github-actions-oidc-unleash'
-          service_account: 'versionUpdateSa@metrics-304612.iam.gserviceaccount.com'
-          token_format: 'access_token'
-      - name: Update version checker
-        uses: 'Unleash/update-version-action@v0'
-        with:
-          version: ${{ github.event.inputs.version }}
-          distribution: 'oss'
+    uses: ./.github/workflows/update_version_for_version_checker.yml
+    with:
+      version: ${{ github.event.inputs.version }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -1,8 +1,11 @@
 name: 'Publish to npm'
 on:
-  push:
-    tags:
-      - 'v*'
+  workflow_call:
+    inputs:
+      version:
+        description: "Which version number should we use for the release"
+        type: 'string'
+        required: true
 
 jobs:
   build:
@@ -35,9 +38,6 @@ jobs:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-      - name: Get the version
-        id: get_version
-        run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
       - name: Publish static assets to S3
         run: |
-          aws s3 cp frontend/build s3://getunleash-static/unleash/${{ steps.get_version.outputs.VERSION }} --recursive
+          aws s3 cp frontend/build s3://getunleash-static/unleash/v${{ inputs.version }} --recursive
diff --git a/.github/workflows/release_changelog.yml b/.github/workflows/release_changelog.yml
@@ -1,12 +1,14 @@
-name: 'Releases'
+name: 'Release changelog'
 on:
-  push:
-    tags:
-      - 'v*'
+  workflow_call:
+    inputs:
+      version:
+        description: "Which version number should we use for the release"
+        type: 'string'
+        required: true
 
 jobs:
   release:
-    if: startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -16,12 +18,13 @@ jobs:
         uses: metcalfc/changelog-generator@v4.3.1
         with:
           myToken: ${{ secrets.GITHUB_TOKEN }}
+          base-ref: v${{ inputs.version }}
       - name: Create release
-        uses: actions/create-release@v1
+        uses: softprops/action-gh-release@v2
         with:
-          tag_name: ${{ github.ref }}
-          release_name: ${{ github.ref }}
+          tag_name: v${{ inputs.version }}
+          name: v${{ inputs.version }}
           body: ${{ steps.github_release.outputs.changelog }}
-          prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'alpha') }}
+          prerelease: ${{ contains(inputs.version, 'beta') || contains(inputs.version, 'alpha') }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/update_version_for_version_checker.yml b/.github/workflows/update_version_for_version_checker.yml
@@ -5,6 +5,12 @@ permissions:
   contents: read
 
 on:
+  workflow_call:
+    inputs:
+      version:
+        description: "Which version should we set OSS to"
+        type: 'string'
+        required: true
   workflow_dispatch:
     inputs:
       version: