ci: rc, release, tagged rc, hotfix workflows #12918
Conversation
There was a problem hiding this comment.
Did get a chance to test it? We should at least get successful tagged release using this workflow.
Major concerns:
- We should decouple CB release workflows from CCI sunset. These should be separate changes. Ability to use both systems should exists until we gain confidence in CB. In event of emergency we should be able to buy CCI credits and revert back to old systems should CB prevent us from shipping. Smooth migration must include period where both old and new system is accessible.
- The necessity of
codebuild-checkoutin release steps 2,3,4. Revised release process assumes that outcome ofbuildstep is cached including git metadata. Can we get this fixed so that checkout is necessary only in entry steps (build, build-tests-standalone? )
.circleci/config.base.yml
Outdated
| # version: 2.1 | ||
| # orbs: |
There was a problem hiding this comment.
disabling CCI should be separate PR.
There was a problem hiding this comment.
Yep, we shouldn't turn off CCI until we've done at least a couple releases using CodeBuild
.circleci/config.yml
Outdated
| # version: 2.1 | ||
|
|
||
| # this allows you to use CircleCI's dynamic configuration feature | ||
| setup: true | ||
| # # this allows you to use CircleCI's dynamic configuration feature |
| git checkout $BRANCH_NAME | ||
|
|
There was a problem hiding this comment.
We shouldn't checkout a branch every time we load this script.
Is this intentional?
| aws --profile=s3-uploader s3 cp amplify-pkg-linux-arm64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-linux-arm64-$(echo $hash).tgz | ||
| aws --profile=s3-uploader s3 cp amplify-pkg-linux-x64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-linux-x64-$(echo $hash).tgz | ||
| if [[ "$BRANCH_NAME" == "release" ]] || [[ "$BRANCH_NAME" =~ ^run-e2e-with-rc\/.* ]] || [[ "$BRANCH_NAME" =~ ^release_rc\/.* ]] || [[ "$BRANCH_NAME" =~ ^tagged-release ]]; then | ||
| aws s3 cp amplify-pkg-win-x64.tgz s3://$PKG_CLI_BUCKET_NAME/$(echo $version)/amplify-pkg-win-x64-$(echo $hash).tgz |
There was a problem hiding this comment.
Can we make a copy of this file instead? and drop non-CB version together with CCI later?
Please do this for all other .sh files where we made such assumption.
| source ./.circleci/codebuild-checkout.sh | ||
|
|
There was a problem hiding this comment.
This is unexpected.
In CCI .circleci/publish-step-1-set-versions.sh adds a commit to local repo that is NOT pushed to git.
That commit is retained in other jobs because we cache result of build step, including .git directory which preserves that information. We should not need to checkout everywhere if we we cache workspace properly.
This is concern for other files that attempt to checkout after build step.
| buildspec: codebuild_specs/release_workflows/github_release.yml | ||
| env: | ||
| compute-type: BUILD_GENERAL1_LARGE | ||
| debug-session: true |
There was a problem hiding this comment.
do we want these debug sessions ?
There was a problem hiding this comment.
this is just part of it; the other part is to manually trigger the job with debug sessions enabled & ssm enabled
Codecov Report
❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more. @@ Coverage Diff @@
## dev #12918 +/- ##
===========================================
+ Coverage 0.00% 48.56% +48.56%
===========================================
Files 1296 848 -448
Lines 149743 38131 -111612
Branches 1296 7798 +6502
===========================================
+ Hits 0 18519 +18519
+ Misses 148447 18022 -130425
- Partials 1296 1590 +294
... and 1249 files with indirect coverage changes 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
| artifacts: | ||
| files: | ||
| - 'shared-scripts.sh' |
There was a problem hiding this comment.
codebuild requires a job to output an artifact, otherwise other jobs cannot depend on it downstream
| version: 0.2 | ||
| env: | ||
| shell: bash | ||
| git-credential-helper: yes |
There was a problem hiding this comment.
how doesgit-credential-helper work ?
There was a problem hiding this comment.
only the jobs that require .git credentials should use git-credential-helper; this injects the GH credentials via the git-credential-helper https://git-scm.com/docs/gitcredentials so that things like push work. Can only be used on jobs that are manually triggered via console/api.
| # if we run into problems in the future, we should revisit this | ||
| # git reset --soft HEAD~1 | ||
| git reset --soft HEAD~1 |
There was a problem hiding this comment.
What's the goal of doing a soft reset?
There was a problem hiding this comment.
if i remember correctly; its to remove the commit that is created during publish to verdaccio step so that it doesn't affect the unified changelog step
There was a problem hiding this comment.
this shouldn't be necessary. does CCI do this ?
There was a problem hiding this comment.
or maybe it does make some sense, should we unreset after step which is affected by this ?
There was a problem hiding this comment.
I see, this unified changelog script is designed to work with staged files:
// This script is intended to be run after running `yarn publish-to-verdaccio` when all CHANGELOG file changes are staged but not committed
// It will scan all staged CHANGELOG.md files and merge them into a single UNIFIED_CHANGELOG file
Description of changes
Issue #, if available
Description of how you validated changes
Checklist
yarn testpassesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.