armadaproject · Sharpz7 · Sep 25, 2023 · Sep 26, 2023 · Oct 13, 2023 · Oct 13, 2023
diff --git a/.github/README.md b/.github/README.md
@@ -0,0 +1,3 @@
+# CI Documentation
+
+Please see [here](../docs/design/ci/oct-2023.md)
diff --git a/.github/workflows/airflow-operator.yml b/.github/workflows/airflow-operator.yml
@@ -90,15 +90,27 @@ jobs:
       - uses: actions/checkout@v3.3.0
       - run: docker buildx create --name ${DOCKER_BUILDX_BUILDER} --driver docker-container --use
       - run: docker buildx install
-      - uses: actions/setup-go@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: "1.20"
+          cache: false
+
+      # Check for cache
+      - name: Cache Go modules
+        uses: actions/cache/restore@v3
         with:
-          go-version: ${{ matrix.go }}
+          path: |
+            /home/runner/.cache/go-build
+            /home/runner/go/pkg/mod
+          key: ${{ runner.os }}-gocache-${{ hashFiles('**/go.sum','**/tools.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-gocache-
+
       - name: Setup and integration tests
-        run: |
-          # Manually create folders to ensure perms are correct.
-          mkdir -p .kube/internal
-          mkdir -p .kube/external
-          go run github.com/magefile/mage@v1.14.0 -v localdev minimal
+        run: go run github.com/magefile/mage@v1.14.0 -v localdev minimal
+
       - name: Install Protoc
         uses: arduino/setup-protoc@v2
         with:

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -16,12 +16,22 @@ jobs:
         uses: actions/setup-go@v4
         with:
          go-version: '1.20'
+         cache: false
 
-      - name: Cache GOBIN
-        uses: actions/cache@v3
+      - name: Free some disk space
+        run: docker image prune -af
+
+      # Check for cache
+      - name: Cache Go modules
+        uses: actions/cache/restore@v3
         with:
-          path: /home/runner/go/bin
-          key: ${{ runner.os }}-gobin-${{ hashFiles('**/tools.yaml') }}
+          path: |
+            /home/runner/.cache/go-build
+            /home/runner/go/pkg/mod
+
+          key: ${{ runner.os }}-gocache-${{ hashFiles('**/go.sum','**/tools.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-gocache-
 
       - name: Set up Docker Buildx
         id: buildx

diff --git a/.github/workflows/check-required.yml b/.github/workflows/check-required.yml
@@ -0,0 +1,97 @@
+name: Check required jobs
+
+# This workflow is triggered when a workflow run for the CI is completed.
+# It checks if the "All required checks done" job was actually successful
+# (and not just skipped) and creates a check run if that is the case. The
+# check run can be used to protect the main branch from being merged if the
+# CI is not passing. We need to use a GitHub app token to create the check
+# run because otherwise the check suite will be assigned to the first workflow
+# run for the CI, which might not be the latest one. See
+# https://github.com/orgs/community/discussions/24616#discussioncomment-6088422
+# for more details.
+
+on:
+  workflow_run:
+    workflows: [CI]
+
+permissions:
+  actions: read
+  checks: write
+
+jobs:
+  required-jobs:
+    name: Check required jobs
+    if: ${{ !github.event.repository.fork }}
+    environment: create-check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Generate an app token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
+      - uses: actions/github-script@v6
+        with:
+          github-token: ${{ steps.app-token.outputs.token }}
+          script: |
+            const ghaAppId = 15368;
+            const ghaName = 'All required checks done';
+            const myAppId = ${{ secrets.APP_ID }};
+            const myName = 'All required checks succeeded';
+            const owner = context.payload.repository.owner.login;
+            const repo = context.payload.repository.name;
+            const sha = context.payload.workflow_run.head_sha;
+
+            core.info(`List GitHub Actions check runs for ${sha}.`)
+            const { data: { check_runs: ghaChecks } } = await github.rest.checks.listForRef({
+              owner: owner,
+              repo: repo,
+              ref: sha,
+              app_id: ghaAppId,
+              check_name: ghaName,
+            });
+
+            var newCheck = {
+              owner: owner,
+              repo: repo,
+              name: myName,
+              head_sha: sha,
+              status: 'in_progress',
+              started_at: context.payload.workflow_run.created_at,
+              output: {
+                title: 'Not all required checks succeeded',
+              },
+            };
+
+            core.summary.addHeading('The following required checks have been considered:', 3);
+            ghaChecks.forEach(check => {
+              core.summary
+                .addLink(check.name, check.html_url)
+                .addCodeBlock(JSON.stringify(check, ['status', 'conclusion', 'started_at', 'completed_at'], 2), 'json');
+
+              if (check.status === 'completed' && check.conclusion === 'success') {
+                newCheck.status = 'completed';
+                newCheck.conclusion = 'success';
+                newCheck.started_at = check.started_at;
+                newCheck.completed_at = check.completed_at;
+                newCheck.output.title = 'All required checks succeeded';
+              } else if (check.started_at > newCheck.started_at) {
+                newCheck.started_at = check.started_at;
+              }
+            });
+            if (ghaChecks.length === 0) {
+              core.summary.addRaw(`No check runs for ${sha} found.`);
+            }
+            newCheck.output.summary = core.summary.stringify();
+            await core.summary.write();
+
+            core.info(`Create own check run for ${sha}: ${JSON.stringify(newCheck, null, 2)}.`)
+            const { data: { html_url } } = await github.rest.checks.create(newCheck);
+
+            await core.summary
+              .addHeading('Check run created:', 3)
+              .addLink(myName, html_url)
+              .addCodeBlock(JSON.stringify(newCheck, null, 2), 'json')
+              .write();
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -35,23 +35,17 @@ jobs:
   build:
     if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id
     uses: ./.github/workflows/build.yml
+
+
   # Virtual job that can be configured as a required check before a PR can be merged.
+  # As GitHub considers a check as successful if it is skipped, we need to check its status in
+  # another workflow (check-required.yml) and create a check there.
   all-required-checks-done:
     name: All required checks done
-    if: github.event_name == 'schedule' || github.event_name == 'push' || github.event.pull_request.head.repo.id != github.event.pull_request.base.repo.id
     needs:
       - lint
       - test
       - build
     runs-on: ubuntu-22.04
     steps:
-      - uses: actions/github-script@v6
-        with:
-          script: |
-            const results = ${{ toJSON(needs.*.result) }};
-            if (results.every(res => res === 'success')) {
-              core.info('All required checks succeeded');
-            } else {
-              core.setFailed('Some required checks failed');
-            }
-
+      - run: echo "All required checks done"
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -29,7 +29,7 @@ jobs:
           yarn install --frozen-lockfile && yarn run fmt || true
           exit $(git status -s -uno | wc -l)
         working-directory: ./internal/lookout/ui
-        continue-on-error: true  
+        continue-on-error: true
 
       - name: Generating TypeScript lint results as summary
         working-directory: ./internal/lookout/ui
@@ -42,8 +42,8 @@ jobs:
               echo -e "### List of Lint Issues \n" >> $GITHUB_STEP_SUMMARY
               echo -e "${lint_results}" >> $GITHUB_STEP_SUMMARY
            else
-              echo -e "### No Lint issues found.\n" >> $GITHUB_STEP_SUMMARY   
-           fi   
+              echo -e "### No Lint issues found.\n" >> $GITHUB_STEP_SUMMARY
+           fi
         continue-on-error: true
 
   go-lint:
@@ -53,10 +53,22 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3.3.0
 
-      - name: Setup Golang with Cache
-        uses: magnetikonline/action-golang-cache@v4
+      - name: Set up Go with Cache
+        uses: actions/setup-go@v4
+        with:
+         go-version: '1.20'
+         cache: false
+
+      # Check for cache
+      - name: Cache Go modules
+        uses: actions/cache/restore@v3
         with:
-          go-version: "1.20"
+          path: |
+            /home/runner/.cache/go-build
+            /home/runner/go/pkg/mod
+          key: ${{ runner.os }}-gocache-${{ hashFiles('**/go.sum','**/tools.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-gocache-
 
       - name: Lint using golangci-lint
         uses: golangci/golangci-lint-action@v3

diff --git a/.github/workflows/python-client.yml b/.github/workflows/python-client.yml
@@ -73,15 +73,26 @@ jobs:
       - uses: actions/checkout@v3.3.0
       - run: docker buildx create --name ${DOCKER_BUILDX_BUILDER} --driver docker-container --use
       - run: docker buildx install
-      - uses: actions/setup-go@v4
+      - name: Set up Go
+        uses: actions/setup-go@v4
         with:
-          go-version: ${{ matrix.go }}
+          go-version: "1.20"
+          cache: false
+
+      # Check for cache
+      - name: Cache Go modules
+        uses: actions/cache/restore@v3
+        with:
+          path: |
+            /home/runner/.cache/go-build
+            /home/runner/go/pkg/mod
+          key: ${{ runner.os }}-gocache-${{ hashFiles('**/go.sum','**/tools.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-gocache-
+
       - name: Setup and integration tests
-        run: |
-          # Manually create folders to ensure perms are correct.
-          mkdir -p .kube/internal
-          mkdir -p .kube/external
-          go run github.com/magefile/mage@v1.14.0 -v localdev minimal
+        run: go run github.com/magefile/mage@v1.14.0 -v localdev minimal
+
       - name: Install Protoc
         uses: arduino/setup-protoc@v2
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -54,10 +54,23 @@ jobs:
       - name: Fetch Git tags
         run: git fetch --force --tags
 
-      - name: Setup Golang with Cache
-        uses: magnetikonline/action-golang-cache@v4
+      - name: Set up Go with Cache
+        uses: actions/setup-go@v4
         with:
-          go-version: "1.20"
+         go-version: '1.20'
+         cache: false
+
+      # Check for cache
+      - name: Cache Go modules
+        uses: actions/cache/restore@v3
+        with:
+          path: |
+            /home/runner/.cache/go-build
+            /home/runner/go/pkg/mod
+
+          key: ${{ runner.os }}-gocache-${{ hashFiles('**/go.sum','**/tools.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-gocache-
 
       - name: Set up Docker Buildx
         id: buildx