From 4d90ed5c3b0cb791093df65765b134d5a9d8d0fd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=BAben=20Fonseca?= <fonseka@gmail.com>
Date: Wed, 19 Oct 2022 10:47:11 +0200
Subject: [PATCH 1/3] chore(github-actions): remove unused v1 workflows
---
.github/workflows/on_release_notes.yml | 2 +-
.github/workflows/publish_layer.yml | 86 ----------------
.github/workflows/publish_v2_layer.yml | 30 +++---
.github/workflows/rebuild_latest_docs.yml | 4 +-
.../workflows/reusable_deploy_layer_stack.yml | 99 -------------------
.../reusable_update_v2_layer_arn_docs.yml | 2 +-
.github/workflows/v2_on_push_docs.yml | 2 +
.github/workflows/v2_rebuild_latest_docs.yml | 2 +
8 files changed, 22 insertions(+), 205 deletions(-)
delete mode 100644 .github/workflows/publish_layer.yml
delete mode 100644 .github/workflows/reusable_deploy_layer_stack.yml
diff --git a/.github/workflows/on_release_notes.yml b/.github/workflows/on_release_notes.yml
index 2b431defff0..a980238c0ef 100644
--- a/.github/workflows/on_release_notes.yml
+++ b/.github/workflows/on_release_notes.yml
@@ -30,7 +30,7 @@ on:
inputs:
version_to_publish:
description: "Version to be released in PyPi, Docs, and Lambda Layer, e.g. v1.26.4"
- default: v1.26.4
+ default: v2.0.0
required: true
skip_pypi:
description: "Skip publishing to PyPi as it can't publish more than once. Useful for semi-failed releases"
diff --git a/.github/workflows/publish_layer.yml b/.github/workflows/publish_layer.yml
deleted file mode 100644
index 564cbfad9de..00000000000
--- a/.github/workflows/publish_layer.yml
+++ /dev/null
@@ -1,86 +0,0 @@
-name: Deploy layer to all regions
-
-permissions:
- id-token: write
- contents: read
-
-on:
- workflow_dispatch:
- inputs:
- latest_published_version:
- description: "Latest PyPi published version to rebuild latest docs for, e.g. v1.22.0"
- default: "v1.22.0"
- required: true
- workflow_run:
- workflows: ["Publish to PyPi"]
- types:
- - completed
-
-jobs:
- build-layer:
- runs-on: ubuntu-latest
- if: ${{ (github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch') }}
- defaults:
- run:
- working-directory: ./layer
- steps:
- - name: checkout
- uses: actions/checkout@v3
- with:
- fetch-depth: 0
- - name: Install poetry
- run: pipx install poetry
- - name: Setup Node.js
- uses: actions/setup-node@v3
- with:
- node-version: "16.12"
- - name: Setup python
- uses: actions/setup-python@v4
- with:
- python-version: "3.9"
- cache: "pip"
- - name: Resolve and install project dependencies
- # CDK spawns system python when compiling stack
- # therefore it ignores both activated virtual env and cached interpreter by GH
- run: |
- poetry export --format requirements.txt --output requirements.txt
- pip install -r requirements.txt
- - name: Set release notes tag
- run: |
- RELEASE_INPUT=${{ inputs.latest_published_version }}
- LATEST_TAG=$(git describe --tag --abbrev=0)
- RELEASE_TAG_VERSION=${RELEASE_INPUT:-$LATEST_TAG}
- echo "RELEASE_TAG_VERSION=${RELEASE_TAG_VERSION:1}" >> $GITHUB_ENV
- - name: install cdk and deps
- run: |
- npm install -g aws-cdk@2.29.0
- cdk --version
- - name: CDK build
- run: cdk synth --context version=$RELEASE_TAG_VERSION -o cdk.out
- - name: zip output
- run: zip -r cdk.out.zip cdk.out
- - name: Archive CDK artifacts
- uses: actions/upload-artifact@v3
- with:
- name: cdk-layer-artefact
- path: layer/cdk.out.zip
-
- deploy-beta:
- needs:
- - build-layer
- uses: ./.github/workflows/reusable_deploy_layer_stack.yml
- secrets: inherit
- with:
- stage: "BETA"
- artefact-name: "cdk-layer-artefact"
- environment: "layer-beta"
-
- deploy-prod:
- needs:
- - deploy-beta
- uses: ./.github/workflows/reusable_deploy_layer_stack.yml
- secrets: inherit
- with:
- stage: "PROD"
- artefact-name: "cdk-layer-artefact"
- environment: "layer-prod"
diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml
index 77f1f9dc627..4d26ce58a92 100644
--- a/.github/workflows/publish_v2_layer.yml
+++ b/.github/workflows/publish_v2_layer.yml
@@ -10,10 +10,10 @@ on:
latest_published_version:
description: "Latest PyPi published version to rebuild latest docs for, e.g. v2.0.0"
required: true
- # workflow_run:
- # workflows: ["Publish to PyPi"]
- # types:
- # - completed
+ workflow_run:
+ workflows: ["Publish to PyPi"]
+ types:
+ - completed
jobs:
build-layer:
@@ -74,8 +74,7 @@ jobs:
path: layer/cdk.out.zip
deploy-beta:
- needs:
- - build-layer
+ needs: build-layer
uses: ./.github/workflows/reusable_deploy_v2_layer_stack.yml
secrets: inherit
with:
@@ -84,16 +83,15 @@ jobs:
environment: "layer-beta"
latest_published_version: ${{ inputs.latest_published_version }}
- # deploy-prod:
- # needs:
- # - deploy-beta
- # uses: ./.github/workflows/reusable_deploy_layer_stack.yml
- # secrets: inherit
- # with:
- # stage: "PROD"
- # artefact-name: "cdk-layer-artefact"
- # environment: "layer-prod"
- # latest_published_version: ${{ inputs.latest_published_version }}
+ deploy-prod:
+ needs: deploy-beta
+ uses: ./.github/workflows/reusable_deploy_v2_layer_stack.yml
+ secrets: inherit
+ with:
+ stage: "PROD"
+ artefact-name: "cdk-layer-artefact"
+ environment: "layer-prod"
+ latest_published_version: ${{ inputs.latest_published_version }}
deploy-sar-beta:
needs: build-layer
diff --git a/.github/workflows/rebuild_latest_docs.yml b/.github/workflows/rebuild_latest_docs.yml
index eb995d95a12..1e8333d4540 100644
--- a/.github/workflows/rebuild_latest_docs.yml
+++ b/.github/workflows/rebuild_latest_docs.yml
@@ -10,8 +10,8 @@ on:
workflow_dispatch:
inputs:
latest_published_version:
- description: "Latest PyPi published version to rebuild latest docs for, e.g. v1.26.7"
- default: "v1.28.0"
+ description: "Latest PyPi published version to rebuild latest docs for, e.g. v2.0.0"
+ default: "v2.0.0"
required: true
jobs:
diff --git a/.github/workflows/reusable_deploy_layer_stack.yml b/.github/workflows/reusable_deploy_layer_stack.yml
deleted file mode 100644
index 20d69b9c814..00000000000
--- a/.github/workflows/reusable_deploy_layer_stack.yml
+++ /dev/null
@@ -1,99 +0,0 @@
-name: Deploy cdk stack
-
-permissions:
- id-token: write
- contents: read
-
-on:
- workflow_call:
- inputs:
- stage:
- description: "Deployment stage (BETA, PROD)"
- required: true
- type: string
- artefact-name:
- description: "CDK Layer Artefact name to download"
- required: true
- type: string
- environment:
- description: "GitHub Environment to use for encrypted secrets"
- required: true
- type: string
-
-jobs:
- deploy-cdk-stack:
- runs-on: ubuntu-latest
- environment: ${{ inputs.environment }}
- defaults:
- run:
- working-directory: ./layer
- strategy:
- fail-fast: false
- matrix:
- region:
- [
- "af-south-1",
- "eu-central-1",
- "us-east-1",
- "us-east-2",
- "us-west-1",
- "us-west-2",
- "ap-east-1",
- "ap-south-1",
- "ap-northeast-1",
- "ap-northeast-2",
- "ap-southeast-1",
- "ap-southeast-2",
- "ca-central-1",
- "eu-west-1",
- "eu-west-2",
- "eu-west-3",
- "eu-south-1",
- "eu-north-1",
- "sa-east-1",
- "ap-southeast-3",
- "ap-northeast-3",
- "me-south-1",
- ]
- steps:
- - name: checkout
- uses: actions/checkout@v3
- - name: Install poetry
- run: pipx install poetry
- - name: aws credentials
- uses: aws-actions/configure-aws-credentials@v1
- with:
- aws-region: ${{ matrix.region }}
- role-to-assume: ${{ secrets.AWS_LAYERS_ROLE_ARN }}
- - name: Setup Node.js
- uses: actions/setup-node@v3
- with:
- node-version: "16.12"
- - name: Setup python
- uses: actions/setup-python@v4
- with:
- python-version: "3.9"
- cache: "pip"
- - name: Resolve and install project dependencies
- # CDK spawns system python when compiling stack
- # therefore it ignores both activated virtual env and cached interpreter by GH
- run: |
- poetry export --format requirements.txt --output requirements.txt
- pip install -r requirements.txt
- - name: install cdk and deps
- run: |
- npm install -g aws-cdk@2.29.0
- cdk --version
- - name: install deps
- run: poetry install
- - name: Download artifact
- uses: actions/download-artifact@v3
- with:
- name: ${{ inputs.artefact-name }}
- path: layer
- - name: unzip artefact
- run: unzip cdk.out.zip
- - name: CDK Deploy Layer
- run: cdk deploy --app cdk.out --context region=${{ matrix.region }} 'LayerStack' --require-approval never --verbose
- - name: CDK Deploy Canary
- run: cdk deploy --app cdk.out --context region=${{ matrix.region}} --parameters DeployStage="${{ inputs.stage }}" 'CanaryStack' --require-approval never --verbose
diff --git a/.github/workflows/reusable_update_v2_layer_arn_docs.yml b/.github/workflows/reusable_update_v2_layer_arn_docs.yml
index 857c8001bf9..ea13a63f64a 100644
--- a/.github/workflows/reusable_update_v2_layer_arn_docs.yml
+++ b/.github/workflows/reusable_update_v2_layer_arn_docs.yml
@@ -12,7 +12,7 @@ permissions:
contents: write
env:
- BRANCH: v2
+ BRANCH: develop
jobs:
publish_v2_layer_arn:
diff --git a/.github/workflows/v2_on_push_docs.yml b/.github/workflows/v2_on_push_docs.yml
index d70fedbc6c5..7e02b88aa46 100644
--- a/.github/workflows/v2_on_push_docs.yml
+++ b/.github/workflows/v2_on_push_docs.yml
@@ -1,5 +1,7 @@
name: Docs v2
+# Maintenance: to be removed after we merge v2 into develop
+
on:
workflow_dispatch:
# push:
diff --git a/.github/workflows/v2_rebuild_latest_docs.yml b/.github/workflows/v2_rebuild_latest_docs.yml
index 6d833cc3fef..3c86110bdad 100644
--- a/.github/workflows/v2_rebuild_latest_docs.yml
+++ b/.github/workflows/v2_rebuild_latest_docs.yml
@@ -1,5 +1,7 @@
name: V2 Rebuild latest docs
+# Maintenance: to be removed after we merge v2 into develop
+
on:
workflow_dispatch:
From 569859e9f896d766d6f42bef02802fd8e9b13bd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=BAben=20Fonseca?= <fonseka@gmail.com>
Date: Wed, 19 Oct 2022 16:21:06 +0200
Subject: [PATCH 2/3] fix: hardened release scripts to only run on v2
---
.github/workflows/on_release_notes.yml | 9 +++++++++
.github/workflows/publish_v2_layer.yml | 11 ++++++-----
2 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/.github/workflows/on_release_notes.yml b/.github/workflows/on_release_notes.yml
index a980238c0ef..8d6754b88a0 100644
--- a/.github/workflows/on_release_notes.yml
+++ b/.github/workflows/on_release_notes.yml
@@ -25,7 +25,9 @@ env:
on:
release:
+ # We can't filter by tag here, so we filter later on the first job
types: [published]
+
workflow_dispatch:
inputs:
version_to_publish:
@@ -45,6 +47,7 @@ on:
jobs:
release:
+ if: ${{ startsWith(github.ref, 'refs/tags/v2') }}
environment: release
runs-on: ubuntu-latest
permissions:
@@ -121,6 +124,12 @@ jobs:
alias: latest
detached_mode: true
+ publish_layer:
+ needs: release
+ uses: ./.github/workflows/publish_v2_layer.yml
+ with:
+ latest_published_version: ${{ needs.release.outputs.RELEASE_VERSION }}
+
post_release:
needs: release
permissions:
diff --git a/.github/workflows/publish_v2_layer.yml b/.github/workflows/publish_v2_layer.yml
index 4d26ce58a92..738dd0bead1 100644
--- a/.github/workflows/publish_v2_layer.yml
+++ b/.github/workflows/publish_v2_layer.yml
@@ -10,15 +10,16 @@ on:
latest_published_version:
description: "Latest PyPi published version to rebuild latest docs for, e.g. v2.0.0"
required: true
- workflow_run:
- workflows: ["Publish to PyPi"]
- types:
- - completed
+ workflow_call:
+ inputs:
+ latest_published_version:
+ type: string
+ description: "Latest PyPi published version to rebuild latest docs for, e.g. v2.0.0"
+ required: true
jobs:
build-layer:
runs-on: ubuntu-latest
- if: ${{ (github.event.workflow_run.conclusion == 'success') || (github.event_name == 'workflow_dispatch') }}
defaults:
run:
working-directory: ./layer
From dd3f19d98058bb1b10c4fce7c5ba8f5022d6c97c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=BAben=20Fonseca?= <fonseka@gmail.com>
Date: Wed, 19 Oct 2022 16:22:47 +0200
Subject: [PATCH 3/3] fix: remove useless scripts
---
.github/workflows/v2_on_push_docs.yml | 38 --------------------
.github/workflows/v2_rebuild_latest_docs.yml | 16 ---------
2 files changed, 54 deletions(-)
delete mode 100644 .github/workflows/v2_on_push_docs.yml
delete mode 100644 .github/workflows/v2_rebuild_latest_docs.yml
diff --git a/.github/workflows/v2_on_push_docs.yml b/.github/workflows/v2_on_push_docs.yml
deleted file mode 100644
index 7e02b88aa46..00000000000
--- a/.github/workflows/v2_on_push_docs.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-name: Docs v2
-
-# Maintenance: to be removed after we merge v2 into develop
-
-on:
- workflow_dispatch:
-# push:
-# branches:
-# - v2
-# paths:
-# - "docs/**"
-# - "mkdocs.yml"
-# - "examples/**"
-
-jobs:
- changelog:
- permissions:
- contents: write
- uses: ./.github/workflows/reusable_publish_changelog.yml
-
- release-docs:
- needs: changelog
- permissions:
- contents: write
- pages: write
- uses: ./.github/workflows/reusable_publish_docs.yml
- with:
- version: v2
- alias: alpha
-# Maintenance: Only necessary in repo migration
-# - name: Create redirect from old docs
-# run: |
-# git checkout gh-pages
-# test -f 404.html && echo "Redirect already set" && exit 0
-# git checkout develop -- 404.html
-# git add 404.html
-# git commit -m "chore: set docs redirect" --no-verify
-# git push origin gh-pages -f
diff --git a/.github/workflows/v2_rebuild_latest_docs.yml b/.github/workflows/v2_rebuild_latest_docs.yml
deleted file mode 100644
index 3c86110bdad..00000000000
--- a/.github/workflows/v2_rebuild_latest_docs.yml
+++ /dev/null
@@ -1,16 +0,0 @@
-name: V2 Rebuild latest docs
-
-# Maintenance: to be removed after we merge v2 into develop
-
-on:
- workflow_dispatch:
-
-jobs:
- release-docs:
- permissions:
- contents: write
- pages: write
- uses: ./.github/workflows/reusable_publish_docs.yml
- with:
- version: v2
- alias: alpha