Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: ensure we store the versions as gh variables #1405

Merged
merged 1 commit into from
Nov 6, 2024
Merged

ci: ensure we store the versions as gh variables #1405

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 12 additions & 12 deletions .github/workflows/ci-cd-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,15 +69,15 @@ jobs:

store-infra-version:
name: Store Latest Deployed Infra Version as GitHub Variable
runs-on: ubuntu-latest
needs: [deploy-infra, get-current-version]
if: ${{ needs.deploy-infra.result == 'success' }}
env:
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_INFRA_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
steps:
- name: Set GitHub variable for latest deployed infra version
run: |
gh variable set LATEST_DEPLOYED_INFRA_VERSION --body "${{ needs.get-current-version.outputs.version }}" --env prod --repo ${{ github.repository }}

dry-run-deploy-apps:
name: Dry run deploy apps to prod
Expand Down Expand Up @@ -129,15 +129,15 @@ jobs:

store-apps-version:
name: Store Latest Deployed Apps Version as GitHub Variable
runs-on: ubuntu-latest
needs: [deploy-apps, get-current-version]
if: ${{ needs.deploy-apps.result == 'success' }}
env:
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_APPS_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: prod
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
steps:
- name: Set GitHub variable for latest deployed apps version
run: |
gh variable set LATEST_DEPLOYED_APPS_VERSION --body "${{ needs.get-current-version.outputs.version }}" --env prod --repo ${{ github.repository }}

deploy-slack-notifier:
name: Deploy slack notifier (prod)
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/ci-cd-staging.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,15 @@ jobs:

store-infra-version:
name: Store Latest Deployed Infra Version as GitHub Variable
runs-on: ubuntu-latest
needs: [deploy-infra, get-current-version]
if: ${{ needs.deploy-infra.result == 'success' }}
env:
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_INFRA_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: staging
secrets:
Comment on lines +55 to +60
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Workflow improvements needed for better reliability

The reusable workflow lacks timeout configuration and explicit error handling. While environment protection is in place for staging (with branch policies), the workflow could be more robust.

  • Add timeout-minutes to the store-variable job in .github/workflows/workflow-store-github-env-variable.yml
  • Consider adding error handling by wrapping the variable set command in a conditional check
  • The current implementation correctly uses environment contexts and required inputs

Example fix for the reusable workflow:

jobs:
  store-variable:
    timeout-minutes: 5  # Prevent hanging jobs
    name: Store GitHub Environment Variable
    runs-on: ubuntu-latest
    environment: ${{ inputs.environment }}
🔗 Analysis chain

LGTM with suggestions for enhanced reliability.

The transition to a reusable workflow for storing GitHub variables is a good improvement for maintainability.

Consider these enhancements:

  1. Add a timeout to prevent hanging jobs: timeout-minutes: 5
  2. Add error handling by checking the workflow status in downstream jobs
  3. Verify environment protection rules are in place for the staging environment variables
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify environment protection rules for staging
gh api -H "Accept: application/vnd.github+json" \
  /repos/digdir/dialogporten/environments/staging \
  --jq '.protection_rules[]'

Length of output: 195

Script:

#!/bin/bash
# Get more details about the branch protection rules
gh api -H "Accept: application/vnd.github+json" \
  /repos/digdir/dialogporten/environments/staging \
  --jq '.'

Length of output: 629

Script:

#!/bin/bash
# Check the reusable workflow for timeout and error handling
cat .github/workflows/workflow-store-github-env-variable.yml

Length of output: 1137

Script:

#!/bin/bash
# Check if there are any other jobs depending on store-infra-version
rg "needs.*store-infra-version" .github/workflows/ -A 5

Length of output: 57

GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
steps:
- name: Set GitHub variable for latest deployed infra version
run: |
gh variable set LATEST_DEPLOYED_INFRA_VERSION --body "${{ needs.get-current-version.outputs.version }}" --env staging --repo ${{ github.repository }}

publish:
name: Build and publish docker images
Expand Down Expand Up @@ -95,15 +95,15 @@ jobs:

store-apps-version:
name: Store Latest Deployed Apps Version as GitHub Variable
runs-on: ubuntu-latest
needs: [deploy-apps, get-current-version]
if: ${{ needs.deploy-apps.result == 'success' }}
env:
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_APPS_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: staging
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
steps:
- name: Set GitHub variable for latest deployed apps version
run: |
gh variable set LATEST_DEPLOYED_APPS_VERSION --body "${{ needs.get-current-version.outputs.version }}" --env staging

deploy-slack-notifier:
name: Deploy slack notifier (staging)
Expand Down
24 changes: 12 additions & 12 deletions .github/workflows/ci-cd-yt01.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,15 +61,15 @@ jobs:

store-infra-version:
name: Store Latest Deployed Infra Version as GitHub Variable
runs-on: ubuntu-latest
needs: [deploy-infra, get-current-version]
if: ${{ needs.deploy-infra.result == 'success' }}
env:
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_INFRA_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: yt01
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
steps:
- name: Set GitHub variable for latest deployed infra version
run: |
gh variable set LATEST_DEPLOYED_INFRA_VERSION --body "${{ needs.get-current-version.outputs.version }}" --env yt01 --repo ${{ github.repository }}

deploy-apps:
name: Deploy apps to yt01
Expand Down Expand Up @@ -97,15 +97,15 @@ jobs:

store-apps-version:
name: Store Latest Deployed Apps Version as GitHub Variable
runs-on: ubuntu-latest
needs: [deploy-apps, get-current-version]
if: ${{ needs.deploy-apps.result == 'success' }}
env:
uses: ./.github/workflows/workflow-store-github-env-variable.yml
with:
variable_name: LATEST_DEPLOYED_APPS_VERSION
variable_value: ${{ needs.get-current-version.outputs.version }}
environment: yt01
secrets:
GH_TOKEN: ${{ secrets.RELEASE_VERSION_STORAGE_PAT }}
steps:
- name: Set GitHub variable for latest deployed apps version
run: |
gh variable set LATEST_DEPLOYED_APPS_VERSION --body "${{ needs.get-current-version.outputs.version }}" --env yt01 --repo ${{ github.repository }}

deploy-slack-notifier:
name: Deploy slack notifier (yt01)
Expand Down
39 changes: 39 additions & 0 deletions .github/workflows/workflow-store-github-env-variable.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
name: Store GitHub Environment Variable

on:
workflow_call:
inputs:
variable_name:
required: true
type: string
description: "Name of the variable to store"
variable_value:
required: true
type: string
description: "Value to store in the variable"
environment:
required: true
type: string
description: "GitHub environment to store the variable in"
secrets:
GH_TOKEN:
required: true
description: "GitHub token with permission to set variables"

jobs:
store-variable:
name: Store GitHub Environment Variable
runs-on: ubuntu-latest
environment: ${{ inputs.environment }}
steps:
- name: Checkout
uses: actions/checkout@v4

- name: Set GitHub variable
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
gh variable set ${{ inputs.variable_name }} \
--body "${{ inputs.variable_value }}" \
--env ${{ inputs.environment }} \
--repo ${{ github.repository }}
Comment on lines +32 to +39
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add error handling and validation.

The current implementation could benefit from these improvements:

  1. Add error handling for the gh CLI command
  2. Validate that the variable was set successfully

Consider this enhanced implementation:

   - name: Set GitHub variable
     env:
       GH_TOKEN: ${{ secrets.GH_TOKEN }}
     run: |
+      if ! command -v gh &> /dev/null; then
+        echo "Error: GitHub CLI not found"
+        exit 1
+      fi
+
       gh variable set ${{ inputs.variable_name }} \
         --body "${{ inputs.variable_value }}" \
         --env ${{ inputs.environment }} \
         --repo ${{ github.repository }}
+
+      # Verify the variable was set
+      if ! gh variable list --env ${{ inputs.environment }} | grep -q "^${{ inputs.variable_name }} "
+      then
+        echo "Error: Failed to verify variable was set"
+        exit 1
+      fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Set GitHub variable
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
gh variable set ${{ inputs.variable_name }} \
--body "${{ inputs.variable_value }}" \
--env ${{ inputs.environment }} \
--repo ${{ github.repository }}
- name: Set GitHub variable
env:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
if ! command -v gh &> /dev/null; then
echo "Error: GitHub CLI not found"
exit 1
fi
gh variable set ${{ inputs.variable_name }} \
--body "${{ inputs.variable_value }}" \
--env ${{ inputs.environment }} \
--repo ${{ github.repository }}
# Verify the variable was set
if ! gh variable list --env ${{ inputs.environment }} | grep -q "^${{ inputs.variable_name }} "
then
echo "Error: Failed to verify variable was set"
exit 1
fi

Loading