Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix release automation #555

Merged
merged 12 commits into from
Mar 26, 2024
Merged

Fix release automation #555

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
3fd5c50
Update version
rvermeulen Mar 12, 2024
f3bb301
Checkout head sha for the correct local files
rvermeulen Mar 13, 2024
229e791
Exclude checkrun for Update Release
rvermeulen Mar 13, 2024
72ec587
Invoke correct hot-fix check script
rvermeulen Mar 13, 2024
880092b
Setup Python and install script dependencies
rvermeulen Mar 13, 2024
47837fd
Add reason to get merge base failure message
rvermeulen Mar 13, 2024
9b64f0e
Increase fetch depth to test merge base logic
rvermeulen Mar 13, 2024
47951eb
Merge branch 'main' into fix/update-release
rvermeulen Mar 13, 2024
c90927b
Force creation of release tag
rvermeulen Mar 14, 2024
8c8a2e2
Bump to the correct next semantic version
rvermeulen Mar 14, 2024
759de82
Force push tag
rvermeulen Mar 14, 2024
486000e
Add support for running tools from different ref
rvermeulen Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 47 additions & 11 deletions .github/workflows/finalize-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@ on:
inputs:
ref:
description: |
The release branch to finalize.
The ref of release to finalize (e.g., 'rc/MAJOR.MINOR.PATCH').
required: true
tool-ref:
description: |
The ref to the tooling to use for the finalize (e.g., 'rc/MAJOR.MINOR.PATCH').
required: false

jobs:
finalize-release:
Expand All @@ -20,34 +24,56 @@ jobs:
- name: Determine ref
env:
REF_FROM_INPUT: ${{ inputs.ref }}
TOOL_REF_FROM_INPUT: ${{ inputs.tool-ref }}
REF_FROM_PR: ${{ github.event.pull_request.merge_commit_sha }}
BASE_REF_FROM_PR: ${{ github.event.pull_request.base.ref }}
run: |
if [[ $GITHUB_EVENT_NAME == "workflow_dispatch" ]]; then
echo "REF=$REF_FROM_INPUT" >> "$GITHUB_ENV"
echo "TOOL_REF=$TOOL_REF_FROM_INPUT" >> "$GITHUB_ENV"
echo "BASE_REF=$REF_FROM_INPUT" >> "$GITHUB_ENV"
else
echo "REF=$REF_FROM_PR" >> "$GITHUB_ENV"
echo "TOOL_REF=$REF_FROM_PR" >> "$GITHUB_ENV"
echo "BASE_REF=$BASE_REF_FROM_PR" >> "$GITHUB_ENV"
fi

- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.REF }}
fetch-depth: 0
path: release

- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ env.TOOL_REF }}
path: tooling

- name: Install Python
uses: actions/setup-python@v4
with:
python-version: "3.9"

- name: Install dependencies
run: pip install -r scripts/release/requirements.txt
working-directory: tooling

- name: Configure git
run: |
git config user.name "$GITHUB_ACTOR"
git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
working-directory: release

- name: Update release tag
run: |
version=${BASE_REF#rc/}
echo "Creating release tag v$version"

git tag -a v$version -m "Release v$version"
git push -f origin v$version
git tag -f -a v$version -m "Release v$version"
git push --force origin v$version
working-directory: release

- name: Finalize release
env:
Expand All @@ -57,30 +83,40 @@ jobs:
echo "Finalizing release v$version"

gh release edit "v$version" --draft=false --tag=v$version
working-directory: release

- name: Determine if release was a hotfix release
run: |
version=${BASE_REF#rc/}
echo "HOTFIX_RELEASE=$(python scripts/release/is-hotfix.py $version)" >> "$GITHUB_ENV"
# We are running the script in the tooling directory with the release directory as the working directory
echo "HOTFIX_RELEASE=$(python ../tooling/scripts/release/is-hotfix-release.py $version)" >> "$GITHUB_ENV"
working-directory: release

- name: Determine next release version
if: env.HOTFIX_RELEASE == 'false'
run: |
version=${BASE_REF#rc/}
next_version=$(python scripts/release/next-version.py --component minor --pre-release dev -- $version)
echo "NEXT_VERSION=$next_version" >> "$GITHUB_ENV"
working-directory: tooling

- name: Bump main version
if: env.HOTFIX_RELEASE == 'false'
env:
GH_TOKEN: ${{ github.token }}
run: |
version=${BASE_REF#rc/}
next_version="$version-dev"
echo "Bumping main version to $next_version"
echo "Bumping main version to $NEXT_VERSION"

git switch main
git pull --ff-only origin main

git switch -c release-automation/bump-version

./scripts/release/bump-version.sh "$next_version"
# We are running the script in the tooling directory with the release directory as the working directory
../tooling/scripts/release/bump-version.sh "$NEXT_VERSION"

git add -u .
git commit -m "Bump version to $next_version"
git commit -m "Bump version to $NEXT_VERSION"
git push --set-upstream origin release-automation/bump-version

gh pr create --repo $GITHUB_REPOSITORY --base main --head release-automation/bump-version --body "Bump the version of main to the dev label of the just released version $next_version" --title "Bump version to $next_version"
gh pr create --repo $GITHUB_REPOSITORY --base main --head release-automation/bump-version --body "Bump the version of main to $NEXT_VERSION" --title "Bump version to $NEXT_VERSION"
working-directory: release
3 changes: 2 additions & 1 deletion .github/workflows/update-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ jobs:
uses: actions/checkout@v4
with:
fetch-depth: 0 # We need the full history to compute the changelog
ref: ${{ inputs.head-sha }}

- name: Install Python
uses: actions/setup-python@v4
Expand Down Expand Up @@ -59,7 +60,7 @@ jobs:
--layout scripts/release/release-layout.yml \
--repo "$GITHUB_REPOSITORY" \
--github-token "$GITHUB_REPOSITORY:$GITHUB_TOKEN" "github/codeql-coding-standards-release-engineering:$RELEASE_ENGINEERING_TOKEN" \
--skip-checkrun "release-status"
--skip-checkrun "release-status" "Update Release"

- name: Update release notes
env:
Expand Down
2 changes: 1 addition & 1 deletion docs/user_manual.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ This section describes known failure modes for "CodeQL Coding Standards" and des
| | Ouf of space | Less output. Some files may be only be partially analyzed, or not analyzed at all. | Error reported on the command line. | Increase space. If it remains an issue report space consumption issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). |
| | False positives | More output. Results are reported which are not violations of the guidelines. | All reported results must be reviewed. | Report false positive issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). |
| | False negatives | Less output. Violations of the guidelines are not reported. | Other validation and verification processes during software development should be used to complement the analysis performed by CodeQL Coding Standards. | Report false negative issues via the CodeQL Coding Standards [bug tracker](https://github.com/github/codeql-coding-standards/issues). |
| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.25.0-dev.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. |
| | Modifying coding standard suite | More or less output. If queries are added to the query set more result can be reported. If queries are removed less results might be reported. | All queries supported by the CodeQL Coding Standards are listed in the release artifacts `supported_rules_list_2.25.0-dev.csv` where VERSION is replaced with the used release. The rules in the resulting Sarif file must be cross-referenced with the expected rules in this list to determine the validity of the used CodeQL suite. | Ensure that the CodeQL Coding Standards are not modified in ways that are not documented as supported modifications. |
| | Incorrect deviation record specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation records with a reason. Ensure that all deviation records are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. |
| | Incorrect deviation permit specification | More output. Results are reported for guidelines for which a deviation is assigned. | Analysis integrity report lists all deviations and incorrectly specified deviation permits with a reason. Ensure that all deviation permits are correctly specified. | Ensure that the deviation record is specified according to the specification in the user manual. |
| | Unapproved use of a deviation record | Less output. Results for guideline violations are not reported. | Validate that the deviation record use is approved by verifying the approved-by attribute of the deviation record specification. | Ensure that each raised deviation record is approved by an independent approver through an auditable process. |
Expand Down
2 changes: 1 addition & 1 deletion scripts/release/is-hotfix-release.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
def get_merge_base_of_ref() -> str:
cp = run(["git", "merge-base", "HEAD", "origin/main"], capture_output=True, text=True)
if cp.returncode != 0:
raise RuntimeError("Failed to get merge base")
raise RuntimeError(f"Failed to get merge base with reason '{cp.stderr.strip()}'")
return cp.stdout.strip()

def get_release_branches_containing(commit: str) -> List[Version]:
Expand Down
28 changes: 28 additions & 0 deletions scripts/release/next-version.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
from semantic_version import Version
import argparse

parser = argparse.ArgumentParser(description='Prints the next release version')
parser.add_argument('-c', '--component', default="minor", help='The component to increment (major, minor, patch)')
parser.add_argument('-p', '--pre-release', nargs='*', help='The pre-release label(s) (e.g. alpha, dev). Multiple labels can be specified so separate the options and the version using `--`!')
parser.add_argument('-b', '--build', nargs='*', help='The build identifier(s). Multiple identifiers can be specified so separate the options and the version using `--`!')
parser.add_argument('current_version', type=Version, help='The current version')

if __name__ == "__main__":
args = parser.parse_args()
version : Version = args.current_version
next_version = None
if args.component== "major":
next_version = version.next_major()
elif args.component == "minor":
next_version = version.next_minor()
elif args.component == "patch":
next_version = version.next_patch()
else:
raise ValueError(f"Invalid release type: {args.release_type}")

if args.pre_release:
next_version.prerelease = args.pre_release
if args.build:
next_version.build = args.build

print(next_version)
Loading