-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Workflow updates and improvements #21
Conversation
Uses latest version of SBOM tool Use real wheel version as parameter
Split up wheel upload and index update tasks Updated wheel upload task to check for existing wheels in container Added release build parameter to upload wheel
Github does not allow even reusable workflows to be in a child folder Modified workflow names to tag worfklows that can't be triggered as [auto] Fixed up workflow errors / inconsistencies
Approval step can run on ubuntu image for efficiency Modified run name to describe deployment method wheel upload does not rely on github release
@@ -8,6 +8,7 @@ env: | |||
sas_token: ${{ secrets.sas_token }} | |||
jobs: | |||
update_index: | |||
# prompt for explicit approval as this will update the index for customers | |||
environment: production |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this mean double approval when release_strategy == prod-release?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically yes - my thinking is that the pipeline will kick off the github release and upload the wheel to the extension index, but then pause for another approval before the index update.
Github workflows don't allow you to access artifacts from the UI until a workflow is 100% completed, so pausing to check the wheel in the storage account or the GH release asset is our last chance to smoke test the actual built artifact before pushing it to the extension index (for now).
description: 'Whether or not the wheel was uploaded from this workflow' | ||
value: ${{ jobs.upload_wheel.outputs.upload_success }} | ||
env: | ||
storage_container_url: https://azedgecli.blob.core.windows.net/drop |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should parameterize storage_container_url
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As in a runtime parameter, or a stored secret / environment variable?
If the second, it could be possible for us to create a secondary "environment" for the repo, and each "environment" could have separate SAS tokens / permissions for approvals / URLs for storage containers and indexes etc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right now, the latter option sounds good
Bumped the SBOM tool version in case that helps resolve the build warning, but I might need to do some SBOM debugging / comparison to further narrow down the issue if it persists. Also noting for future iterations we should try and more efficiently utilize deployment environments to keep configs/variables/paths/etc. tidy. |
This PR makes the following enhancements to our workflow setup:
[auto]
discriminator to workflows that are not triggered manuallylint
before unit tests for faster linting failuresupload_wheel
andupdate_private_index
tasks to separate reusable workflowsnone
finishes after successful build and testupload-wheel
will upload the wheel to storageprod-release
will draft a github release, upload the wheel to storage, and update the extension indexNote:
update_private_index.yml
still requires an additional approval so that we can update / edit the github release and smoke test / verify the uploaded wheel before deploying the index updateIndividual workflow notes:
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Thank you for contributing to Azure Edge tooling!
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines
Intent for Production
dev
ormain
are of production grade. Corollary to this, any merged contributions to these branches may be deployed in a public release at any given time. By checking this box, you agree and commit to the expected production quality of code.Basic expectations
pytest <project root> -vv
. Please provide evidence in the form of a screenshot showing a succesful run of tests locally OR a link to a test pipeline that has been run against the change-set..pylintrc
and.flake8
rules? Look at the CI scripts for example usage.Azure Edge CLI maintainers reserve the right to enforce any of the outlined expectations.
A PR is considered ready for review when all basic expectations have been met (or do not apply).