From a5a6840fbe556238d826f39c6e4488a558a9330b Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 12 Oct 2023 15:40:25 +0900 Subject: [PATCH 1/8] fix: fix release flow --- .github/workflows/docker_build_push.yml | 30 +++++++++++------------ .github/workflows/release.yml | 32 +++++++++++++++---------- 2 files changed, 34 insertions(+), 28 deletions(-) diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml index 8aa089f..566d205 100644 --- a/.github/workflows/docker_build_push.yml +++ b/.github/workflows/docker_build_push.yml @@ -4,8 +4,8 @@ on: branches: - "develop" - "main" - tags: - - "*.*.*" + pull_request: + types: [synchronize, opened] env: GHCR: ghcr.io @@ -119,19 +119,19 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - # - name: Nightly build test on amd64 for pull requests - # if: ${{ github.event_name == 'pull_request' }} - # uses: docker/build-push-action@v5 - # with: - # context: . - # build-args: ${{ matrix.build-args }} - # push: false - # build-contexts: ${{ matrix.build-contexts }} - # file: ${{ matrix.dockerfile }} - # cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} - # cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} - # platforms: linux/amd64 - # labels: ${{ steps.meta.outputs.labels }} + - name: Nightly build test on amd64 for pull requests + if: ${{ github.event_name == 'pull_request' }} + uses: docker/build-push-action@v5 + with: + context: . + build-args: ${{ matrix.build-args }} + push: false + build-contexts: ${{ matrix.build-contexts }} + file: ${{ matrix.dockerfile }} + cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} + cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} + platforms: linux/amd64 + labels: ${{ steps.meta.outputs.labels }} - name: Nightly build and push from develop branch if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ec075c5..e6feb14 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,10 @@ on: - "Build and publish docker" types: - "completed" + pull_request: + types: [closed] + branches: + - main jobs: on-success: @@ -70,26 +74,27 @@ jobs: steps: - run: "echo 'The relese triggering workflows passed'" + - name: "set env" + id: "set-env" run: | - if [ ${{ matrix.platform }} = "linux/amd64" ];then PLATFORM_MAP="x86_64";else PLATFORM_MAP="aarch64";fi - if [ ${{ github.ref_name == 'develop' }} ];then BUILD_NAME="rpxy-nightly";else BUILD_NAME="rpxy";fi - echo "PLATFORM_MAP=${PLATFORM_MAP}" >> $GITHUB_ENV - echo "TARGET_NAME=${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_ENV + if [ ${{ matrix.platform }} = "linux/amd64" ]; then PLATFORM_MAP="x86_64"; else PLATFORM_MAP="aarch64"; fi + if [ ${{ github.ref_name == 'develop' }} ]; then BUILD_NAME="-nightly"; else BUILD_NAME=""; fi + if [ ${{ github.ref_name == 'develop' }} ]; then BUILD_IMG="nightly"; else BUILD_IMG="latest"; fi + echo "build_img=${BUILD_IMG}" >> $GITHUB_OUTPUT + echo "target_name=rpxy${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_OUTPUT - name: "docker pull and extract binary from docker image" id: "extract-binary" run: | - CONTAINER_ID=`docker create --platform=${{ matrix.platform }} ghcr.io/junkurihara/rust-rpxy:nightly${{ matrix.tags-suffix }}` - docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${TARGET_NAME} - cd /tmp - echo "artifact=${TARGET_NAME}" >> $GITHUB_OUTPUT + CONTAINER_ID=`docker create --platform=${{ matrix.platform }} ghcr.io/junkurihara/rust-rpxy:${{ steps.set-env.outputs.build_img }}${{ matrix.tags-suffix }}` + docker cp ${CONTAINER_ID}:/rpxy/bin/rpxy /tmp/${{ steps.set-env.outputs.target_name }} - name: "upload artifacts" uses: actions/upload-artifact@v3 with: - name: ${{ steps.extract-binary.outputs.artifact }} - path: "/tmp/${{ steps.extract-binary.outputs.artifact }}" + name: ${{ steps.set-env.outputs.target_name }} + path: "/tmp/${{ steps.set-env.outputs.target_name }}" on-failure: runs-on: ubuntu-latest @@ -99,7 +104,7 @@ jobs: release: runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/') + if: ${{ github.event_name == 'pull_request' }} needs: on-success steps: - name: checkout @@ -119,10 +124,11 @@ jobs: - name: release uses: softprops/action-gh-release@v1 - if: startsWith(github.ref, 'refs/tags/') with: files: /tmp/assets/*.tar.gz - tag_name: ${{ github.ref }} + name: ${{ github.event.pull_request.title }} + tag_name: ${{ github.event.pull_request.title }} + body: ${{ github.event.pull_request.body }} draft: true prerelease: false generate_release_notes: true From 731de5f64f6c86561f65fcb9f12928c92d6f091b Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 12 Oct 2023 15:44:30 +0900 Subject: [PATCH 2/8] fix: fix release flow - for check --- .github/workflows/release.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e6feb14..862b18d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,11 +9,12 @@ on: types: [closed] branches: - main + push: # TODO: delete later jobs: on-success: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'success' }} + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' }} strategy: fail-fast: false matrix: @@ -98,7 +99,7 @@ jobs: on-failure: runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'failure' }} + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' }} steps: - run: echo 'The release triggering workflows failed' From 8804f6ca188a79b981bb6323023ab4b02d040c30 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 12 Oct 2023 15:53:21 +0900 Subject: [PATCH 3/8] fix: fix release flow - prepare release --- .github/workflows/release.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 862b18d..c5d2f18 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,12 +9,11 @@ on: types: [closed] branches: - main - push: # TODO: delete later jobs: on-success: runs-on: ubuntu-latest - if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' }} + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' }} strategy: fail-fast: false matrix: @@ -79,9 +78,9 @@ jobs: - name: "set env" id: "set-env" run: | - if [ ${{ matrix.platform }} = "linux/amd64" ]; then PLATFORM_MAP="x86_64"; else PLATFORM_MAP="aarch64"; fi - if [ ${{ github.ref_name == 'develop' }} ]; then BUILD_NAME="-nightly"; else BUILD_NAME=""; fi - if [ ${{ github.ref_name == 'develop' }} ]; then BUILD_IMG="nightly"; else BUILD_IMG="latest"; fi + if [ ${{ matrix.platform }} == 'linux/amd64' ]; then PLATFORM_MAP="x86_64"; else PLATFORM_MAP="aarch64"; fi + if [ ${{ github.ref_name }} == 'develop' ]; then BUILD_NAME="-nightly"; else BUILD_NAME=""; fi + if [ ${{ github.ref_name }} == 'develop' ]; then BUILD_IMG="nightly"; else BUILD_IMG="latest"; fi echo "build_img=${BUILD_IMG}" >> $GITHUB_OUTPUT echo "target_name=rpxy${BUILD_NAME}-${PLATFORM_MAP}-unknown-linux-${{ matrix.target }}${{ matrix.build-feature }}" >> $GITHUB_OUTPUT From d2fdc05d66a9dcb7c7daa801fa4d92ef38de3366 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 12 Oct 2023 16:03:49 +0900 Subject: [PATCH 4/8] fix: fix release flow - limit focus --- .github/workflows/release.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c5d2f18..3cd2bf8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,6 +5,9 @@ on: - "Build and publish docker" types: - "completed" + branches: + - main + - develop pull_request: types: [closed] branches: @@ -13,7 +16,7 @@ on: jobs: on-success: runs-on: ubuntu-latest - if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' }} + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'pull_request' }} strategy: fail-fast: false matrix: From cf1f7a3dcaecf09c9ebf1fccaa6d6b3759f5b1fe Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 12 Oct 2023 16:57:38 +0900 Subject: [PATCH 5/8] fix: fix release flow - release is always done from pr to main branch with title *.*.* --- .github/workflows/release.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3cd2bf8..05ffa21 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -107,18 +107,28 @@ jobs: release: runs-on: ubuntu-latest - if: ${{ github.event_name == 'pull_request' }} + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} needs: on-success steps: + - name: check pull_request title + uses: actions-ecosystem/action-regex-match@v2 + id: regex-match + with: + text: ${{ github.event.pull_request.title }} + regex: "^(\\d+\\.\\d+\\.\\d+)$" + - name: checkout + if: ${{ steps.regex-match.outputs.match != '' }} uses: actions/checkout@v4 - name: download artifacts + if: ${{ steps.regex-match.outputs.match != ''}} uses: actions/download-artifact@v3 with: path: /tmp/rpxy - name: make tar.gz of assets + if: ${{ steps.regex-match.outputs.match != ''}} run: | mkdir /tmp/assets cd /tmp/rpxy @@ -126,6 +136,7 @@ jobs: ls -lha /tmp/assets - name: release + if: ${{ steps.regex-match.outputs.match != ''}} uses: softprops/action-gh-release@v1 with: files: /tmp/assets/*.tar.gz From de8b885140e65229e2f75e500185de470d79aaf0 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Thu, 12 Oct 2023 18:26:38 +0900 Subject: [PATCH 6/8] fix: fix release flow --- .github/workflows/release.yml | 49 ++++++++++++++++++----------------- 1 file changed, 25 insertions(+), 24 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05ffa21..32f43fa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,10 +8,6 @@ on: branches: - main - develop - pull_request: - types: [closed] - branches: - - main jobs: on-success: @@ -107,42 +103,47 @@ jobs: release: runs-on: ubuntu-latest - if: ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} + # if: ${{ github.ref_name == 'main' }} needs: on-success steps: - - name: check pull_request title - uses: actions-ecosystem/action-regex-match@v2 - id: regex-match + # - name: check pull_request title + # uses: actions-ecosystem/action-regex-match@v2 + # id: regex-match + # with: + # text: ${{ github.event.pull_request.title }} + # regex: "^(\\d+\\.\\d+\\.\\d+)$" + - name: retrive github script context + uses: actions/github-script@v6 with: - text: ${{ github.event.pull_request.title }} - regex: "^(\\d+\\.\\d+\\.\\d+)$" + script: | + core.info(JSON.stringify(context.payload)) - name: checkout - if: ${{ steps.regex-match.outputs.match != '' }} + # if: ${{ steps.regex-match.outputs.match != '' }} uses: actions/checkout@v4 - name: download artifacts - if: ${{ steps.regex-match.outputs.match != ''}} + # if: ${{ steps.regex-match.outputs.match != ''}} uses: actions/download-artifact@v3 with: path: /tmp/rpxy - name: make tar.gz of assets - if: ${{ steps.regex-match.outputs.match != ''}} + # if: ${{ steps.regex-match.outputs.match != ''}} run: | mkdir /tmp/assets cd /tmp/rpxy for i in ./*; do sh -c "cd $i && tar zcvf $i.tar.gz $i && mv $i.tar.gz /tmp/assets/"; done ls -lha /tmp/assets - - name: release - if: ${{ steps.regex-match.outputs.match != ''}} - uses: softprops/action-gh-release@v1 - with: - files: /tmp/assets/*.tar.gz - name: ${{ github.event.pull_request.title }} - tag_name: ${{ github.event.pull_request.title }} - body: ${{ github.event.pull_request.body }} - draft: true - prerelease: false - generate_release_notes: true + # - name: release + # if: ${{ steps.regex-match.outputs.match != ''}} + # uses: softprops/action-gh-release@v1 + # with: + # files: /tmp/assets/*.tar.gz + # name: ${{ github.event.pull_request.title }} + # tag_name: ${{ github.event.pull_request.title }} + # body: ${{ github.event.pull_request.body }} + # draft: true + # prerelease: false + # generate_release_notes: true From 84e67638d46d5c523b62aa58556ef3a1fc4cb71f Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 13 Oct 2023 00:03:26 +0900 Subject: [PATCH 7/8] fix: release actions using repository dispatch [ci skip] --- .github/workflows/docker_build_push.yml | 45 ++++++++++++++-------- .github/workflows/release.yml | 50 ++++++++++++------------- 2 files changed, 53 insertions(+), 42 deletions(-) diff --git a/.github/workflows/docker_build_push.yml b/.github/workflows/docker_build_push.yml index 566d205..b320a84 100644 --- a/.github/workflows/docker_build_push.yml +++ b/.github/workflows/docker_build_push.yml @@ -1,11 +1,12 @@ -name: Build and publish docker +name: Build and publish docker, and trigger release on: push: branches: - "develop" - - "main" pull_request: - types: [synchronize, opened] + types: [closed] + branches: + - main env: GHCR: ghcr.io @@ -15,6 +16,7 @@ env: jobs: build_and_push: runs-on: ubuntu-latest + if: ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }} strategy: fail-fast: false matrix: @@ -119,19 +121,19 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Nightly build test on amd64 for pull requests - if: ${{ github.event_name == 'pull_request' }} - uses: docker/build-push-action@v5 - with: - context: . - build-args: ${{ matrix.build-args }} - push: false - build-contexts: ${{ matrix.build-contexts }} - file: ${{ matrix.dockerfile }} - cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} - cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} - platforms: linux/amd64 - labels: ${{ steps.meta.outputs.labels }} + # - name: Nightly build test on amd64 for pull requests + # if: ${{ github.event_name == 'pull_request' }} + # uses: docker/build-push-action@v5 + # with: + # context: . + # build-args: ${{ matrix.build-args }} + # push: false + # build-contexts: ${{ matrix.build-contexts }} + # file: ${{ matrix.dockerfile }} + # cache-from: type=gha,scope=rpxy-nightly-${{ matrix.target }} + # cache-to: type=gha,mode=max,scope=rpxy-nightly-${{ matrix.target }} + # platforms: linux/amd64 + # labels: ${{ steps.meta.outputs.labels }} - name: Nightly build and push from develop branch if: ${{ (github.ref_name == 'develop') && (github.event_name == 'push') }} @@ -167,3 +169,14 @@ jobs: cache-to: type=gha,mode=max,scope=rpxy-latest-${{ matrix.target }} platforms: ${{ matrix.platforms }} labels: ${{ steps.meta.outputs.labels }} + + dispatch_release_event: + runs-on: ubuntu-latest + if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }} + needs: build_and_push + steps: + - name: Repository dispatch for release + uses: peter-evans/repository-dispatch@v2 + with: + event-type: release-event + client-payload: '{"ref": "${{ github.ref }}", "sha": "${{ github.sha }}", "pull_request": { "title": "${{ github.event.pull_request.title }}", "body": "${{ github.event.pull_request.body }}", "number": "${{ github.event.pull_request.number }}", "head": "${{ github.event.pull_request.head.ref }}", "base": "${{ github.event.pull_request.base.ref}}"}}' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 32f43fa..93ab549 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,11 +8,14 @@ on: branches: - main - develop + repository_dispatch: + types: + - release-event jobs: on-success: runs-on: ubuntu-latest - if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'pull_request' }} + if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'repositry_dispatch' }} strategy: fail-fast: false matrix: @@ -103,47 +106,42 @@ jobs: release: runs-on: ubuntu-latest - # if: ${{ github.ref_name == 'main' }} + if: ${{ github.event_name == 'repository_dispatch' }} needs: on-success steps: - # - name: check pull_request title - # uses: actions-ecosystem/action-regex-match@v2 - # id: regex-match - # with: - # text: ${{ github.event.pull_request.title }} - # regex: "^(\\d+\\.\\d+\\.\\d+)$" - - name: retrive github script context - uses: actions/github-script@v6 + - name: check pull_request title + uses: kaisugi/action-regex-match@v1.0.0 + id: regex-match with: - script: | - core.info(JSON.stringify(context.payload)) + text: ${{ github.event.client_payload.pull_request.title }} + regex: "^(\\d+\\.\\d+\\.\\d+)$" - name: checkout - # if: ${{ steps.regex-match.outputs.match != '' }} + if: ${{ steps.regex-match.outputs.match != '' }} uses: actions/checkout@v4 - name: download artifacts - # if: ${{ steps.regex-match.outputs.match != ''}} + if: ${{ steps.regex-match.outputs.match != ''}} uses: actions/download-artifact@v3 with: path: /tmp/rpxy - name: make tar.gz of assets - # if: ${{ steps.regex-match.outputs.match != ''}} + if: ${{ steps.regex-match.outputs.match != ''}} run: | mkdir /tmp/assets cd /tmp/rpxy for i in ./*; do sh -c "cd $i && tar zcvf $i.tar.gz $i && mv $i.tar.gz /tmp/assets/"; done ls -lha /tmp/assets - # - name: release - # if: ${{ steps.regex-match.outputs.match != ''}} - # uses: softprops/action-gh-release@v1 - # with: - # files: /tmp/assets/*.tar.gz - # name: ${{ github.event.pull_request.title }} - # tag_name: ${{ github.event.pull_request.title }} - # body: ${{ github.event.pull_request.body }} - # draft: true - # prerelease: false - # generate_release_notes: true + - name: release + if: ${{ steps.regex-match.outputs.match != ''}} + uses: softprops/action-gh-release@v1 + with: + files: /tmp/assets/*.tar.gz + name: ${{ github.event.client_payload.pull_request.title }} + tag_name: ${{ github.event.client_payload.pull_request.title }} + body: ${{ github.event.client_payload.pull_request.body }} + draft: true + prerelease: false + generate_release_notes: true From d247bd8ff9a3e4c01362459158dfc47ded5784f0 Mon Sep 17 00:00:00 2001 From: Jun Kurihara Date: Fri, 13 Oct 2023 00:13:41 +0900 Subject: [PATCH 8/8] fix: shift_left [ci skip] --- .github/workflows/shift_left.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/shift_left.yml b/.github/workflows/shift_left.yml index 32f526c..48e0c18 100644 --- a/.github/workflows/shift_left.yml +++ b/.github/workflows/shift_left.yml @@ -1,6 +1,9 @@ name: ShiftLeft Scan -on: push +on: + push: + pull_request: + types: [synchronize, opened] jobs: Scan-Build: