Standardize on GitHub Actions for CI #17103
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hc-github-team-es-release-engineering
force-pushed
the
convert-hashicorp-nomad-to-actions-20230505-212504
branch
from
b814a6a
to
6e8638f
Compare
hc-github-team-es-release-engineering
requested review from
emilymianeil,
jeanneryan and
gulducat
and removed request for
emilymianeil and
jeanneryan
emilymianeil
added
backport/1.3.x
tgross
reviewed
May 11, 2023
tgross
reviewed
May 11, 2023
|
Converted this to a draft to signal that it should not be merged while our CI friends and myself are out all next week. |
emilymianeil
force-pushed
the
convert-hashicorp-nomad-to-actions-20230505-212504
branch
from
7667e80
to
7fba238
Compare
namely, these workflows: test-e2e, test-ui, and test-windows extra-curricularly, as part of the overall migration effort company-wide, this also includes some standardization such as: * explicit permissions:read on various workflows * pinned action version shas (per https://github.com/hashicorp/security-public-tsccr) * actionlint, which among other things runs shellcheck on GHA run steps Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
gulducat
force-pushed
the
convert-hashicorp-nomad-to-actions-20230505-212504
branch
from
ae8abe2
to
bf412ce
Compare
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
In #17103 we set read-only permissions on all the workflows. Unfortunately we missed that the `release` workflow makes git commits and pushes them to the repository, so it needs to have write permissions.
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
In #17103 we set read-only permissions on all the workflows. Unfortunately we missed that the `release` workflow makes git commits and pushes them to the repository, so it needs to have write permissions.
This was referenced Jun 22, 2023
Merged
Merged
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
Although #17669 fixed the permissions of the release pipeline to push new commits, there was still an error when invoking the `build` workflow. The format of the reference was changed in #17103 such that we're sending the git ref (a SHA) and not the "--ref" argument required by the GH actions workflow API, which in this case is apparently specially defined as "The branch or tag name which contains the version of the workflow file you'd like to run" and not what git calls a "ref". This changeset: * Removes the third-party action entirely so that we're using GitHub's own tooling. This removes one more thing from the supply chain to pin and ensures a 1:1 mapping of args to what's documented by GitHub. * Removes the `--ref` argument entirely, which causes it to default to the current branch that the release workflow is running on (which is always what we want).
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
Although #17669 fixed the permissions of the release pipeline to push new commits, there was still an error when invoking the `build` workflow. The format of the reference was changed in #17103 such that we're sending the git ref (a SHA) and not the "--ref" argument required by the GH actions workflow API, which in this case is apparently specially defined as "The branch or tag name which contains the version of the workflow file you'd like to run" and not what git calls a "ref". This changeset: * Removes the third-party action entirely so that we're using GitHub's own tooling. This removes one more thing from the supply chain to pin and ensures a 1:1 mapping of args to what's documented by GitHub. * Removes the `--ref` argument entirely, which causes it to default to the current branch that the release workflow is running on (which is always what we want).
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
Although #17669 fixed the permissions of the release pipeline to push new commits, there was still an error when invoking the `build` workflow. The format of the reference was changed in #17103 such that we're sending the git ref (a SHA) and not the "--ref" argument required by the GH actions workflow API, which in this case is apparently specially defined as "The branch or tag name which contains the version of the workflow file you'd like to run" and not what git calls a "ref". This changeset: * Removes the third-party action entirely so that we're using GitHub's own tooling. This removes one more thing from the supply chain to pin and ensures a 1:1 mapping of args to what's documented by GitHub. * Removes the `--ref` argument entirely, which causes it to default to the current branch that the release workflow is running on (which is always what we want).
This was referenced Jun 22, 2023
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The primary goal here is to migrate our remaining CI workflows from Circle CI to GitHub Actions, namely: test-e2e, test-ui, and test-windows.
Related test changes to enable that were split out to separate PRs: #17401 and #17399
Extra-curricularly, as part of the overall migration effort company-wide, this also includes some standardization such as: