-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Standardize on GitHub Actions for CI #17103
Merged
gulducat
merged 1 commit into
main
from
convert-hashicorp-nomad-to-actions-20230505-212504
Jun 2, 2023
Merged
Standardize on GitHub Actions for CI #17103
gulducat
merged 1 commit into
main
from
convert-hashicorp-nomad-to-actions-20230505-212504
Jun 2, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Collaborator
b814a6a
to
6e8638f
Compare
tgross
reviewed
May 11, 2023
tgross
reviewed
May 11, 2023
Converted this to a draft to signal that it should not be merged while our CI friends and myself are out all next week. |
7667e80
to
7fba238
Compare
namely, these workflows: test-e2e, test-ui, and test-windows extra-curricularly, as part of the overall migration effort company-wide, this also includes some standardization such as: * explicit permissions:read on various workflows * pinned action version shas (per https://github.com/hashicorp/security-public-tsccr) * actionlint, which among other things runs shellcheck on GHA run steps Co-authored-by: Daniel Kimsey <daniel.kimsey@hashicorp.com>
ae8abe2
to
bf412ce
Compare
tgross
approved these changes
Jun 2, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
In #17103 we set read-only permissions on all the workflows. Unfortunately we missed that the `release` workflow makes git commits and pushes them to the repository, so it needs to have write permissions.
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
In #17103 we set read-only permissions on all the workflows. Unfortunately we missed that the `release` workflow makes git commits and pushes them to the repository, so it needs to have write permissions.
This was referenced Jun 22, 2023
Merged
Merged
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
Although #17669 fixed the permissions of the release pipeline to push new commits, there was still an error when invoking the `build` workflow. The format of the reference was changed in #17103 such that we're sending the git ref (a SHA) and not the "--ref" argument required by the GH actions workflow API, which in this case is apparently specially defined as "The branch or tag name which contains the version of the workflow file you'd like to run" and not what git calls a "ref". This changeset: * Removes the third-party action entirely so that we're using GitHub's own tooling. This removes one more thing from the supply chain to pin and ensures a 1:1 mapping of args to what's documented by GitHub. * Removes the `--ref` argument entirely, which causes it to default to the current branch that the release workflow is running on (which is always what we want).
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
Although #17669 fixed the permissions of the release pipeline to push new commits, there was still an error when invoking the `build` workflow. The format of the reference was changed in #17103 such that we're sending the git ref (a SHA) and not the "--ref" argument required by the GH actions workflow API, which in this case is apparently specially defined as "The branch or tag name which contains the version of the workflow file you'd like to run" and not what git calls a "ref". This changeset: * Removes the third-party action entirely so that we're using GitHub's own tooling. This removes one more thing from the supply chain to pin and ensures a 1:1 mapping of args to what's documented by GitHub. * Removes the `--ref` argument entirely, which causes it to default to the current branch that the release workflow is running on (which is always what we want).
tgross
added a commit
that referenced
this pull request
Jun 22, 2023
Although #17669 fixed the permissions of the release pipeline to push new commits, there was still an error when invoking the `build` workflow. The format of the reference was changed in #17103 such that we're sending the git ref (a SHA) and not the "--ref" argument required by the GH actions workflow API, which in this case is apparently specially defined as "The branch or tag name which contains the version of the workflow file you'd like to run" and not what git calls a "ref". This changeset: * Removes the third-party action entirely so that we're using GitHub's own tooling. This removes one more thing from the supply chain to pin and ensures a 1:1 mapping of args to what's documented by GitHub. * Removes the `--ref` argument entirely, which causes it to default to the current branch that the release workflow is running on (which is always what we want).
This was referenced Jun 22, 2023
Merged
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backport/1.3.x
backport to 1.3.x release line
backport/1.4.x
backport to 1.4.x release line
backport/1.5.x
backport to 1.5.x release line
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The primary goal here is to migrate our remaining CI workflows from Circle CI to GitHub Actions, namely: test-e2e, test-ui, and test-windows.
Related test changes to enable that were split out to separate PRs: #17401 and #17399
Extra-curricularly, as part of the overall migration effort company-wide, this also includes some standardization such as: