Beejones/initial release management #299
Conversation
.github/workflows/ci.yml
Outdated
| uses: ./.github/workflows/system-tests.yml | ||
| secrets: |
There was a problem hiding this comment.
Is there a reason we changed this?
| permissions: | ||
| contents: write | ||
| actions: write | ||
| checks: write |
There was a problem hiding this comment.
Are we sure we need all these checks?
There was a problem hiding this comment.
I am planning to test this.
.github/workflows/release.yml
Outdated
| tests: | ||
| name: Tests | ||
| uses: ./.github/workflows/ci.yml | ||
| secrets: |
There was a problem hiding this comment.
Should we just have secrets: inherit?
There was a problem hiding this comment.
Tried that first and it
.github/workflows/release.yml
Outdated
| run: | | ||
| echo "## Release Notes" > RELEASE_NOTES.md | ||
| echo "" >> RELEASE_NOTES.md | ||
| PRS=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ |
There was a problem hiding this comment.
Another way we could do this is enforce squash and merge on PRs and then inspect the commit history
This will catch changes done directly to main
.github/workflows/release.yml
Outdated
| upload_url: ${{ steps.create_release.outputs.upload_url }} | ||
| asset_path: ./RELEASE_NOTES.md | ||
| asset_name: RELEASE_NOTES.md | ||
| asset_content_type: text/markdown |
There was a problem hiding this comment.
Should we also include constitution files? Names actions/kms.js
There was a problem hiding this comment.
it is all in the sources in zip file
| @@ -13,9 +13,13 @@ on: | |||
| inputs: | |||
| test: | |||
| type: string | |||
| secrets: | |||
.github/workflows/system-test.yml
Outdated
| @@ -36,22 +40,18 @@ jobs: | |||
| - name: Checkout | |||
| uses: actions/checkout@v4 | |||
|
|
|||
There was a problem hiding this comment.
I think you have some merge conflicts here
| @@ -7,6 +7,11 @@ permissions: | |||
| on: | |||
| workflow_dispatch: | |||
| workflow_call: | |||
| secrets: | |||
.github/workflows/system-tests.yml
Outdated
| @@ -27,7 +32,9 @@ jobs: | |||
| test: | |||
| name: ${{ '' }} | |||
| needs: discover-tests | |||
| secrets: inherit # pragma: allowlist secret | |||
| secrets: | |||
There was a problem hiding this comment.
Why not secrets: inherit?
| @@ -40,14 +44,10 @@ jobs: | |||
| env: | |||
| GH_TOKEN: ${{ github.token }} | |||
| run: ./scripts/tools/install-deps.sh | |||
|
|
|||
|
|
|||
| - name: Log into Azure | |||
| uses: azure/login@v2 | |||
| with: | |||
There was a problem hiding this comment.
You've deleted a bunch of comments that you asked me to add originally, have you changed your mind?
There was a problem hiding this comment.
accidental delete. Thanks for catching
Add Release Management to KMS
We add a GitHub workflow which calls CI to do a full test first. Next, push assets to the referenced tag including: