Automate Docker updates in CI #20530
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
| branch="ci-docker-$latest_version" | ||
| git config user.name "Spring Buildmaster" > /dev/null | ||
| git config user.email "buildmaster@springframework.org" > /dev/null | ||
| git checkout -b "$branch" origin/master > /dev/null |
There was a problem hiding this comment.
I'm not sure if this will work in the Concourse setup as I don't know if we have a real repository there.
There was a problem hiding this comment.
It will work. stage.sh does something similar.
ci/scripts/detect-docker-updates.sh
Outdated
| sed -i "s/version=.*/version=\"$latest_version\"/" git-repo/ci/images/get-docker-url.sh | ||
| git add git-repo/ci/images/get-docker-url.sh > /dev/null | ||
| git commit -m "$issue_title" > /dev/null | ||
| git push origin "$branch" > /dev/null |
There was a problem hiding this comment.
Do we maybe need to switch to the master branch again afterwards?
There was a problem hiding this comment.
I don't think we can push from here as it will ask for credentials. We should probably commit inside the task and push using the git-resource in pipeline.yml. If there was no commit, it should be a no-op. Once the git-resource is used to push, we can trigger another task that creates the pull-request. This task config can then be shared between all the automatic detection jobs that we have (jdk, ubuntu and docker). It can take the branch name and issue title as params. What do you think @dreis2211?
There was a problem hiding this comment.
I'm not quite sure if I understand what you want to share exactly? Everything inside this if (so line 24-46) or just the curl command in line 36-43?
I must admit the Concourse setup you're asking for is not completely clear to me (although I generally understand the plan), but my Concourse experience is limited. I'd probably need a little bit of help with that, I guess.
| if [[ ${existing_upgrade_issues} = "" ]]; then | ||
| # Create changes in dedicated branch | ||
| branch="ci-docker-$latest_version" | ||
| git config user.name "Spring Buildmaster" > /dev/null |
There was a problem hiding this comment.
We'd need to cd into the git-repo before doing that.
|
Here's what I was thinking. Following the Here's what the - task: detect-docker-updates
file: git-repo/ci/tasks/detect-docker-updates.yml
params:
BRANCH: ((branch)) [1]
GITHUB_REPO: spring-boot
GITHUB_ORGANIZATION: spring-projects
GITHUB_PASSWORD: ((github-password))
GITHUB_USERNAME: ((github-username))
image: spring-boot-ci-image
- put: git-repo-ci-docker [2]
params:
repository: docker-updates-git-repo
force: true
- task: create-pull-request
file: git-repo/ci/tasks/create-pull-request.yml
params:
BRANCH: ((branch))
GITHUB_REPO: spring-boot
GITHUB_ORGANIZATION: spring-projects
GITHUB_PASSWORD: ((github-password))
GITHUB_USERNAME: ((github-username))[1] - name: git-repo-ci-docker
type: git
icon: github-circle
source:
uri: ((github-repo))
username: ((github-username))
password: ((github-password))
branch: ci-docker-((branch))[2] branch would be the branch configured in [1]. If this is still confusing and I can see how it can be because it is hard to test, I can prepare a branch with your PR and the changes I mentioned on top of that. Let me know what works best for you. |
|
Yeah, it's kind of hard if it can't be tested really. But I will give it a try - I have a way better idea now of what you were thinking. Will do so over the weekend, I guess. Thanks, @mbhave |
| - name: detect-docker-updates | ||
| plan: | ||
| - get: git-repo | ||
| resource: git-repo-ci-docker |
There was a problem hiding this comment.
I was wondering if that should point to the new resource.
There was a problem hiding this comment.
I don't think it should point to the new resource. We will only use the new resource to put to it since we want to put to that branch. Since the commit is based off master, we need to use the actual git-repo resource.
| uri: ((github-repo)) | ||
| username: ((github-username)) | ||
| password: ((github-password)) | ||
| branch: ci-docker-((branch)) |
There was a problem hiding this comment.
Is this working if the branch doesn't exist?
There was a problem hiding this comment.
No, we need to create a long-running branch beforehand. I don't know if there's a way to create branches on the fly in concourse.
| --- | ||
| platform: linux | ||
| inputs: | ||
| - name: git-repo |
There was a problem hiding this comment.
I'm wondering if this need to be a different input - e.g. the docker git resource in this case. Which makes it less generic somehow.
There was a problem hiding this comment.
For this task, it only uses the git-repo to run the create-pull-request.sh. It's not actually used anywhere in the script itself so we can stick to using the regular git-repo and not the docker-specific one.
|
I pushed an updated version, but the Concourse git-repo configs still confuse me. Their naming is simply not intuitive to me, sorry. I'm not happy with this PR - I can't really test the setup and it feels like doing open heart surgery with a blindfold on. |
| image: spring-boot-ci-image | ||
| - put: git-repo-ci-docker | ||
| params: | ||
| repository: docker-updates-git-repo |
There was a problem hiding this comment.
Where is the docker-updates-git-repo coming from? I was assuming it needs to be an output in the detect-docker-updates.yml?
There was a problem hiding this comment.
Yes, that's correct. You do have it as an output in detect-docker-updates.yml if I'm not wrong. I renamed it to git-repo-updated for brevity in the branch I've linked to below.
|
@dreis2211 Thanks so much for updating this and sorry this is such a pain to test :( I will take a look at the updated PR today. |
|
No need to be sorry. |
|
@dreis2211 I made a few minor changes to your PR here. I think this will work now. If you're okay with the changes, I can squash your commits, add mine on top and merge. We'll find out if it does work :) |
|
@mbhave I'm okay with whatever you suggest |
mbhave
added
type: task
|
I guess it didn't work |
|
It did with a few minor changes. The create pull request task was missing the image configuration and I had missed a |
|
Thanks for the PR @dreis2211! |
|
@mbhave The PR was created but it seems to be empty. Thoughts? |
|
@dreis2211 I just realized that too. It had the right commit the first time I ran it. When I ran it again, it detected that a PR already exists and force pushed the existing I think if we remove this We can then move that |
|
Seems like a plan. Sorry, that you have additional work with this PR. Let me know if I should open a PR for the suggested changes, but I think it's simpler if you do them directly |
If a PR with the given title exists, we clone the existing PR branch so that it doesn't get overridden by master. See gh-20530
|
No problem! I hadn't anticipated this case. Anyway, I ran the pipeline twice and it seems to work now even when a PR exists. Thanks again! |
Hi,
as discussed in #20420 this is an attempt to automate Docker upgrades for the CI environment. I say attempt, because I can't really test it in the real setup, so forgive me if things are not working. If they are, it should open a PR for version 19.03.8.
Let me know what you think.
Cheers,
Christoph