From 3244fe8b2be18742dbbbc7aeb663d0707c1bbd0d Mon Sep 17 00:00:00 2001 From: Freeman <105403280+F-WRunTime@users.noreply.github.com> Date: Thu, 18 Jul 2024 09:09:49 -0600 Subject: [PATCH 1/2] Enable Public PR Submissions to run Testing. (#707) * Rework the release process, adding a release workflow, and now using a release branch to track release and version file updates after testing and merging is complete to master * Set Version: 0.1.360 * Remove all secrets in test PR to enable better collaborator efforts and remove risk of sharing secrets --------- Co-authored-by: Palina Tolmach --- .github/workflows/master-push.yml | 136 ++++++--------------------- .github/workflows/release.yml | 116 +++++++++++++++++++++++ .github/workflows/test-pr.yml | 36 +------ .github/workflows/update-version.yml | 1 + 4 files changed, 149 insertions(+), 140 deletions(-) create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/master-push.yml b/.github/workflows/master-push.yml index e9d028f73..09a233386 100644 --- a/.github/workflows/master-push.yml +++ b/.github/workflows/master-push.yml @@ -1,119 +1,45 @@ -name: 'Master Push' +--- +name: 'Bump Release' on: push: branches: - 'master' +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true jobs: - - nix-cache: - name: 'Populate Nix Cache' - strategy: - matrix: - runner: [normal, MacIntel, ARM64] - runs-on: ${{ matrix.runner }} - steps: - - name: 'Check out code' - uses: actions/checkout@v4 - with: - ref: ${{ github.event.push.head.sha }} - fetch-depth: 0 - - - name: 'Build and cache Kontrol' - uses: workflow/nix-shell-action@v3 - env: - GC_DONT_GC: 1 - CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_PUBLIC_TOKEN }} - with: - packages: jq - script: | - KONTROL=$(nix build --extra-experimental-features 'nix-command flakes' .#kontrol --json | jq -r '.[].outputs | to_entries[].value') - DRV=$(nix-store --query --deriver ${KONTROL}) - nix-store --query --requisites --include-outputs ${DRV} | cachix push k-framework - - nix-binary-cache: - name: 'Populate Nix Binary Cache' - strategy: - matrix: - runner: [normal, MacIntel, ARM64] - runs-on: ${{ matrix.runner }} - steps: - - name: 'Check out code' - uses: actions/checkout@v4 - - - name: 'Publish Kontrol to k-framework-binary cache' - uses: workflow/nix-shell-action@v3 - env: - CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PRIVATE_KFB_TOKEN }}' - GC_DONT_GC: '1' - with: - packages: jq - script: | - export PATH="$(nix build github:runtimeverification/kup --no-link --json | jq -r '.[].outputs | to_entries[].value')/bin:$PATH" - kup publish k-framework-binary .#kontrol --keep-days 180 - kup publish k-framework-binary .#kontrol.solc_0_8_13 --keep-days 180 - kup publish k-framework-binary .#kontrol.solc_0_8_15 --keep-days 180 - - - dockerhub: - name: 'Build and Publish Docker Image' - runs-on: [self-hosted, linux, normal] - steps: - - name: 'Check out code' - uses: actions/checkout@v4 - with: - ref: ${{ github.event.push.head.sha }} - fetch-depth: 0 - - - name: 'Set environment' - run: | - KONTROL_VERSION=$(cat package/version) - TAG=runtimeverificationinc/kontrol:ubuntu-jammy-${KONTROL_VERSION} - echo "TAG=${TAG}" >> ${GITHUB_ENV} - - - name: 'Build Docker image' - run: | - K_VERSION=$(cat deps/k_release) - Z3_VERSION=$(cat deps/z3) - docker build . --no-cache --tag ${TAG} --build-arg K_VERSION=${K_VERSION} --build-arg Z3_VERSION=${Z3_VERSION} - - - name: 'Run Docker image' - run: docker run --rm ${TAG} kontrol --help - - - name: 'Push Docker image to Docker Hub' - run: | - echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login --username rvdockerhub --password-stdin - docker image push ${TAG} - - - cut-release: - name: 'Cut Release' + version-bump: + name: 'Version Bump' runs-on: ubuntu-latest - needs: dockerhub steps: - name: 'Check out code' uses: actions/checkout@v4 with: - ref: ${{ github.event.push.head.sha }} + token: ${{ secrets.JENKINS_GITHUB_PAT }} + # fetch-depth 0 means deep clone the repo fetch-depth: 0 - - - name: 'Create release' - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + - name: 'Configure GitHub user' run: | - set -x - VERSION=v$(cat package/version) - gh release create ${VERSION} --target ${{ github.sha }} - - - name: 'Update dependents' + git config user.name rv-jenkins + git config user.email devops@runtimeverification.com + - name: 'Update version' run: | - set -x - VERSION=$(cat package/version) - curl --fail \ - -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${{ secrets.JENKINS_GITHUB_PAT }}" \ - -H "X-GitHub-Api-Version: 2022-11-28" \ - https://api.github.com/repos/runtimeverification/devops/dispatches \ - -d '{"event_type":"on-demand-test","client_payload":{"repo":"runtimeverification/kontrol","version":"'${VERSION}'"}}' - + git checkout -B release origin/release + old_master="$(git merge-base origin/master origin/release)" + new_master="$(git rev-parse origin/master)" + + if git diff --exit-code ${old_master} ${new_master} -- package/version; then + og_version=$(git show origin/${GITHUB_BASE_REF}:package/version) + ./package/version.sh bump ${og_version} + else + git merge --no-edit --strategy-option=theirs origin/master + fi + ./package/version.sh sub + new_version=$(cat package/version) + sed --in-place "s/^VERSION: Final = '.*'$/VERSION: Final = '${new_version}'/" src/kontrol/__init__.py + if git add --update && git commit --no-edit --allow-empty --message "Set Version: $(cat package/version)"; then + git push origin release + git tag "release-$(cat package/version)" origin/master + git push origin "release-$(cat package/version)" + fi diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 000000000..8bda3918e --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,116 @@ +--- +name: 'Release' +on: + push: + branches: + - 'release' +jobs: + nix-cache: + name: 'Populate Nix Cache' + strategy: + matrix: + runner: [normal, MacIntel, ARM64] + runs-on: ${{ matrix.runner }} + steps: + - name: 'Check out code' + uses: actions/checkout@v4 + with: + ref: ${{ github.event.push.head.sha }} + fetch-depth: 0 + + - name: 'Build and cache Kontrol' + uses: workflow/nix-shell-action@v3 + env: + GC_DONT_GC: 1 + CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_PUBLIC_TOKEN }} + with: + packages: jq + script: | + KONTROL=$(nix build --extra-experimental-features 'nix-command flakes' .#kontrol --json | jq -r '.[].outputs | to_entries[].value') + DRV=$(nix-store --query --deriver ${KONTROL}) + nix-store --query --requisites --include-outputs ${DRV} | cachix push k-framework + + nix-binary-cache: + name: 'Populate Nix Binary Cache' + strategy: + matrix: + runner: [normal, MacIntel, ARM64] + runs-on: ${{ matrix.runner }} + steps: + - name: 'Check out code' + uses: actions/checkout@v4 + + - name: 'Publish Kontrol to k-framework-binary cache' + uses: workflow/nix-shell-action@v3 + env: + CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PRIVATE_KFB_TOKEN }}' + GC_DONT_GC: '1' + with: + packages: jq + script: | + export PATH="$(nix build github:runtimeverification/kup --no-link --json | jq -r '.[].outputs | to_entries[].value')/bin:$PATH" + kup publish k-framework-binary .#kontrol --keep-days 180 + kup publish k-framework-binary .#kontrol.solc_0_8_13 --keep-days 180 + kup publish k-framework-binary .#kontrol.solc_0_8_15 --keep-days 180 + + dockerhub: + name: 'Build and Publish Docker Image' + runs-on: [self-hosted, linux, normal] + steps: + - name: 'Check out code' + uses: actions/checkout@v4 + with: + ref: ${{ github.event.push.head.sha }} + fetch-depth: 0 + + - name: 'Set environment' + run: | + KONTROL_VERSION=$(cat package/version) + TAG=runtimeverificationinc/kontrol:ubuntu-jammy-${KONTROL_VERSION} + echo "TAG=${TAG}" >> ${GITHUB_ENV} + + - name: 'Build Docker image' + run: | + K_VERSION=$(cat deps/k_release) + Z3_VERSION=$(cat deps/z3) + docker build . --no-cache --tag ${TAG} --build-arg K_VERSION=${K_VERSION} --build-arg Z3_VERSION=${Z3_VERSION} + + - name: 'Run Docker image' + run: docker run --rm ${TAG} kontrol --help + + - name: 'Push Docker image to Docker Hub' + run: | + echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login --username rvdockerhub --password-stdin + docker image push ${TAG} + + + cut-release: + name: 'Cut Release' + runs-on: ubuntu-latest + needs: dockerhub + steps: + - name: 'Check out code' + uses: actions/checkout@v4 + with: + ref: ${{ github.event.push.head.sha }} + fetch-depth: 0 + + - name: 'Create release' + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -x + VERSION=v$(cat package/version) + gh release create ${VERSION} --target ${{ github.sha }} + + - name: 'Update dependents' + run: | + set -x + VERSION=$(cat package/version) + curl --fail \ + -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${{ secrets.JENKINS_GITHUB_PAT }}" \ + -H "X-GitHub-Api-Version: 2022-11-28" \ + https://api.github.com/repos/runtimeverification/devops/dispatches \ + -d '{"event_type":"on-demand-test","client_payload":{"repo":"runtimeverification/kontrol","version":"'${VERSION}'"}}' diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 4ce837c79..fa21f3259 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -1,3 +1,4 @@ +--- name: 'Test PR' on: pull_request: @@ -8,34 +9,7 @@ concurrency: cancel-in-progress: true jobs: - - version-bump: - name: 'Version Bump' - runs-on: ubuntu-latest - steps: - - name: 'Check out code' - uses: actions/checkout@v4 - with: - token: ${{ secrets.JENKINS_GITHUB_PAT }} - fetch-depth: 0 - ref: ${{ github.event.pull_request.head.sha }} - - name: 'Configure GitHub user' - run: | - git config user.name devops - git config user.email devops@runtimeverification.com - - name: 'Update version' - run: | - og_version=$(git show origin/${GITHUB_BASE_REF}:package/version) - ./package/version.sh bump ${og_version} - ./package/version.sh sub - new_version=$(cat package/version) - sed --in-place "s/^VERSION: Final = '.*'$/VERSION: Final = '${new_version}'/" src/kontrol/__init__.py - git add --update && git commit --message "Set Version: $(cat package/version)" || true - - name: 'Push updates' - run: git push origin HEAD:${GITHUB_HEAD_REF} - code-quality-checks: - needs: version-bump name: 'Code Quality Checks' runs-on: ubuntu-latest steps: @@ -189,12 +163,6 @@ jobs: with: fetch-depth: 0 - - name: Login to Docker Hub - uses: docker/login-action@v3 - with: - username: rvdockerhub - password: ${{ secrets.DOCKERHUB_PASSWORD }} - - name: 'Set environment' run: | echo "IMAGE_TAG=runtimeverificationinc/kontrol-${GITHUB_SHA}" >> ${GITHUB_ENV} @@ -257,7 +225,6 @@ jobs: with: install_url: https://releases.nixos.org/nix/nix-2.13.3/install extra_nix_config: | - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} substituters = http://cache.nixos.org https://cache.iog.io trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= @@ -266,7 +233,6 @@ jobs: uses: cachix/cachix-action@v12 with: name: k-framework - authToken: ${{ secrets.CACHIX_PUBLIC_TOKEN }} - name: 'Build Kontrol' env: diff --git a/.github/workflows/update-version.yml b/.github/workflows/update-version.yml index c08801157..79765ae65 100644 --- a/.github/workflows/update-version.yml +++ b/.github/workflows/update-version.yml @@ -1,3 +1,4 @@ +--- name: 'Update Version' on: push: From 9c0332347a7eb25b78c04a4690cafacf5914a66f Mon Sep 17 00:00:00 2001 From: Freeman <105403280+F-WRunTime@users.noreply.github.com> Date: Thu, 18 Jul 2024 09:22:37 -0600 Subject: [PATCH 2/2] Missed a reference to the default branch (#708) --- .github/workflows/master-push.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/master-push.yml b/.github/workflows/master-push.yml index 09a233386..faeea4613 100644 --- a/.github/workflows/master-push.yml +++ b/.github/workflows/master-push.yml @@ -30,7 +30,7 @@ jobs: new_master="$(git rev-parse origin/master)" if git diff --exit-code ${old_master} ${new_master} -- package/version; then - og_version=$(git show origin/${GITHUB_BASE_REF}:package/version) + og_version=$(git show origin/master:package/version) ./package/version.sh bump ${og_version} else git merge --no-edit --strategy-option=theirs origin/master