Skip to content

Commit

Permalink
PRSEDEV-849: Update README & PR template with release information
Browse files Browse the repository at this point in the history
  • Loading branch information
@beca-galliano
beca-galliano committed Jun 11, 2024
1 parent 4393469 commit 01b3b1f
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 25 deletions.
29 changes: 27 additions & 2 deletions PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,40 @@
## Description

### Ticket number
[PLAT-XXX]
[PSREDEV-XXX]

## GitHub Action Releases

We follow [recommended best practices](https://docs.github.com/en/actions/creating-actions/releasing-and-maintaining-actions) for releasing new versions of the action.

### Non-breaking Chanages:
Release a new minor or patch version as appropriate. Then, update the base major version release (and any minor versions)
to point to this latest commit. For example, if the latest major release is v2 and you have added a non-breaking feature,
release v2.1.0 and point v2 to the same commit as v2.1.0.

NOTE: Dependabot does not pick up and raise PRs for `PATCH` versions (i.e v3.8.1), please nofity teams in the relevant slack channels.

### Breaking Changes:
Release a new major version as normal following semantic versioning.

## Checklist

- [ ] Is my change backwards compatible? **_Please include evidence_**

- [ ] I have installed and run pre-commit

- [ ] I have updated the changelog

- [ ] I have tested this and added output to Jira
**_Comment:_**

- [ ] Automated tests added
**_Comment:_**

- [ ] Documentation added ([link]())
**_Comment:_**

### Co-authored by
- [ ] Delete any new stacks created for this ticket
**_Comment:_**

### Co-authored by
70 changes: 47 additions & 23 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,29 +6,24 @@ The action packages, signs, and uploads the application to the specified ECR and

## Action Inputs

| Input | Required | Description | Example |
| ----------------------------- | -------- | -------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ |
| artifact-bucket-name | true | The secret with the name of the artifact S3 bucket | artifact-bucket-1234 |
| container-sign-kms-key-arn | false | The secret with the name of the Signing Profile resource in AWS | signing-profile-1234 |
| working-directory | false | The working directory containing the SAM app and the template file | ./sam-ecr-app |
| template-file | false | The name of the CF template for the application. This defaults to template.yaml | custom-template.yaml |
| role-to-assume-arn | true | The secret with the GitHub Role ARN from the pipeline stack | arn:aws:iam::0123456789999:role/myawesomeapppipeline-GitHubActionsRole-16HIKMTBBDL8Y |
| ecr-repo-name | true | The secret with the name of the ECR repo created by the app-container-repository stack | app-container-repository-tobytraining-containerrepository-i6gdfkdnwrrm |
| dockerfile | false | The Dockerfile to use for the build | Dockerfile |
| docker-build-path | false | The Dockerfile path to use for the build | Docker-build-path |
| docker-platform | false | The target architecture for the image build | "" |
| checkout-repo | false | Checks out the repo as the first step of the action. Default "true". | "true" |
| private-docker-registry | false | Private Docker registry URL. Default to "" | "abc12345.live.dynatrace.com" |
| private-docker-login-username | false | Login username to the private docker registry | "abc12345" |
| private-docker-login-password | false | Login password to the private docker registry | This should ideally be a GitHub secret |
| Input | Required | Description | Example |
|----------------------------|----------|----------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------|
| artifact-bucket-name | true | The secret with the name of the artifact S3 bucket | artifact-bucket-1234 |
| container-sign-kms-key-arn | false | The secret with the name of the Signing Profile resource in AWS | signing-profile-1234 |
| working-directory | false | The working directory containing the SAM app and the template file | ./sam-ecr-app |
| template-file | false | The name of the CF template for the application. This defaults to template.yaml | custom-template.yaml |
| role-to-assume-arn | true | The secret with the GitHub Role ARN from the pipeline stack | arn:aws:iam::0123456789999:role/myawesomeapppipeline-GitHubActionsRole-16HIKMTBBDL8Y |
| ecr-repo-name | true | The secret with the name of the ECR repo created by the app-container-repository stack | app-container-repository-tobytraining-containerrepository-i6gdfkdnwrrm |
| dockerfile | false | The Dockerfile to use for the build | Dockerfile
| checkout-repo | false | Checks out the repo as the first step of the action. Default "true". | "true"

## Usage Example

Pull in the action in your workflow as below, making sure to specify the release version you require.

```yaml
- name: Deploy SAM app to ECR
uses: govuk-one-login/devplatform-upload-action-ecr@<version_number>
uses: alphagov/di-devplatform-upload-action-ecr@<version_number>
with:
artifact-bucket-name: ${{ secrets.ARTIFACT_SOURCE_BUCKET_NAME }}
container-sign-kms-key-arn: ${{ secrets.CONTAINER_SIGN_KMS_KEY }}
Expand All @@ -42,23 +37,52 @@ Pull in the action in your workflow as below, making sure to specify the release

- pre-commit:

```shell
brew install pre-commit
pre-commit install -tpre-commit -tprepare-commit-msg -tcommit-msg
```
```shell
brew install pre-commit
pre-commit install -tpre-commit -tprepare-commit-msg -tcommit-msg
```

## Releasing updates

We follow [recommended best practices](https://docs.github.com/en/actions/creating-actions/releasing-and-maintaining-actions) for releasing new versions of the action.

### Non-breaking changes

Release a new minor or patch version as appropriate, then update the base major version release (and any minor versions)
to point to this latest appropriate commit. e.g.: If the latest major release is v2, and you have added a non-breaking
feature, release v2.1.0 and point v2 to the same commit as v2.1.0.
Release a new minor or patch version as appropriate. Then, update the base major version release (and any minor versions)
to point to this latest commit. For example, if the latest major release is v2 and you have added a non-breaking feature,
release v2.1.0 and point v2 to the same commit as v2.1.0.

NOTE: Until v3 is released, you will need to point both v1 and v2 to the latest version since there are no breaking changes between them.

NOTE: In regards to Dependabot subcribers, Dependabot does not pick up and raise PRs for `PATCH` versions (i.e v3.8.1) of a release ensure consumers are nofitied.

### Breaking changes

Release a new major version as normal following semantic versioning.

### Preparing a release

When working on a PR branch, create a release with the target version, but append -beta to the post-fix tag name.

e.g.

`git tag v3.1-beta`

You can then navigate to the release page, and create a pre-release to validate that the tag is working as expected.
After you've merged the PR, then apply the correct tag for your release.

Please ensure all pre-release versions have been tested prior to creation, you are able to do this via updating `uses:`
property within a GitHub actions workflow to point to a branch name rather than the tag, see example below:

```
jobs:
deploy:
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
id-token: write
contents: read
steps:
- name: Upload and tag
uses: govuk-one-login/devplatform-upload-action-ecr@<BRANCH_NAME>
```

0 comments on commit 01b3b1f

Please sign in to comment.