diff --git a/.github/workflows/changelog.yaml b/.github/workflows/changelog.yaml index b1100542fcd5..1befea5cc6b1 100644 --- a/.github/workflows/changelog.yaml +++ b/.github/workflows/changelog.yaml @@ -10,12 +10,12 @@ permissions: jobs: generate_changelog: + name: Generate changelog + if: github.repository == 'argoproj/argo-workflows' permissions: contents: write # for peter-evans/create-pull-request to create branch pull-requests: write # for peter-evans/create-pull-request to create a PR - if: github.repository == 'argoproj/argo-workflows' runs-on: ubuntu-latest - name: Generate changelog steps: - uses: actions/checkout@v4 with: diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index e6073753a16b..a8dd8bb06748 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -29,14 +29,15 @@ jobs: cache: true - run: make test STATIC_FILES=false GOTEST='go test -p 20 -covermode=atomic -coverprofile=coverage.out' # engineers just ignore this in PRs, so lets not even run it - - run: bash <(curl -s https://codecov.io/bash) + - name: Upload coverage report if: github.ref == 'refs/heads/master' + run: bash <(curl -s https://codecov.io/bash) argoexec-image: name: argoexec-image + # needs: [ lint ] runs-on: ubuntu-latest timeout-minutes: 10 - # needs: [ lint ] steps: - uses: actions/checkout@v4 - uses: docker/setup-buildx-action@v3 @@ -49,7 +50,8 @@ jobs: target: argoexec cache-from: type=gha cache-to: type=gha,mode=max - - uses: actions/upload-artifact@v3 + - name: Upload + uses: actions/upload-artifact@v3 with: name: argoexec path: /tmp/argoexec_image.tar @@ -57,9 +59,9 @@ jobs: e2e-tests: name: E2E Tests + needs: [ argoexec-image ] runs-on: ubuntu-latest timeout-minutes: 30 - needs: [ argoexec-image ] env: KUBECONFIG: /home/runner/.kubeconfig strategy: @@ -96,22 +98,23 @@ jobs: install_k3s_version: v1.25.11-k3s1 profile: minimal steps: - - name: Install socat - # needed by Kubernetes v1.25 + - name: Install socat (needed by Kubernetes v1.25) run: sudo apt-get -y install socat - uses: actions/checkout@v4 - uses: actions/setup-go@v4 with: go-version: "1.21" cache: true - - uses: actions/setup-java@v3 + - name: Install Java for the SDK if: ${{matrix.test == 'test-java-sdk'}} + uses: actions/setup-java@v3 with: java-version: '8' distribution: adopt cache: maven - - uses: actions/setup-python@v4 + - name: Install Python for the SDK if: ${{matrix.test == 'test-python-sdk'}} + uses: actions/setup-python@v4 with: python-version: '3.x' cache: pip @@ -129,13 +132,13 @@ jobs: echo " user:" >> $KUBECONFIG echo " token: xxxxxx" >> $KUBECONFIG until kubectl cluster-info ; do sleep 10s ; done - - uses: actions/download-artifact@v3 - name: Download argoexec image + - name: Download argoexec image + uses: actions/download-artifact@v3 with: name: argoexec path: /tmp - - run: docker load < /tmp/argoexec_image.tar - name: Load argoexec image + - name: Load argoexec image + run: docker load < /tmp/argoexec_image.tar - name: Set-up /etc/hosts run: | echo '127.0.0.1 dex' | sudo tee -a /etc/hosts @@ -143,58 +146,61 @@ jobs: echo '127.0.0.1 postgres' | sudo tee -a /etc/hosts echo '127.0.0.1 mysql' | sudo tee -a /etc/hosts echo '127.0.0.1 azurite' | sudo tee -a /etc/hosts - - run: make install PROFILE=${{matrix.profile}} STATIC_FILES=false - name: Install manifests - - run: make controller kit STATIC_FILES=false - name: Build controller - - run: make cli STATIC_FILES=false + - name: Install manifests + run: make install PROFILE=${{matrix.profile}} STATIC_FILES=false + - name: Build controller + run: make controller kit STATIC_FILES=false + - name: Build CLI + run: make cli STATIC_FILES=false if: ${{matrix.test == 'test-api' || matrix.test == 'test-cli' || matrix.test == 'test-java-sdk' || matrix.test == 'test-python-sdk'}} - name: Build CLI - - run: make start PROFILE=${{matrix.profile}} AUTH_MODE=client STATIC_FILES=false LOG_LEVEL=info API=${{matrix.test == 'test-api' || matrix.test == 'test-cli' || matrix.test == 'test-java-sdk' || matrix.test == 'test-python-sdk'}} UI=false > /tmp/argo.log 2>&1 & - name: Start controller/API - - run: make wait API=${{matrix.test == 'test-api' || matrix.test == 'test-cli' || matrix.test == 'test-java-sdk' || matrix.test == 'test-python-sdk'}} + - name: Start controller/API + run: make start PROFILE=${{matrix.profile}} AUTH_MODE=client STATIC_FILES=false LOG_LEVEL=info API=${{matrix.test == 'test-api' || matrix.test == 'test-cli' || matrix.test == 'test-java-sdk' || matrix.test == 'test-python-sdk'}} UI=false > /tmp/argo.log 2>&1 & + - name: Wait for controller to be up + run: make wait API=${{matrix.test == 'test-api' || matrix.test == 'test-cli' || matrix.test == 'test-java-sdk' || matrix.test == 'test-python-sdk'}} timeout-minutes: 5 - name: Wait for controller to be up - name: Run tests ${{matrix.test}} run: make ${{matrix.test}} E2E_SUITE_TIMEOUT=20m STATIC_FILES=false - - if: ${{ failure() }} - name: MinIO/MySQL deployment + + # failure debugging below + - name: Failure debug - describe MinIO/MySQL deployment + if: ${{ failure() }} run: | set -eux kubectl get deploy kubectl describe deploy - - if: ${{ failure() }} - name: MinIO/MySQL pods + - name: Failure debug - describe MinIO/MySQL pods + if: ${{ failure() }} run: | set -eux kubectl get pods -l '!workflows.argoproj.io/workflow' kubectl describe pods -l '!workflows.argoproj.io/workflow' - - if: ${{ failure() }} - name: MinIO/MySQL logs + - name: Failure debug - MinIO/MySQL logs + if: ${{ failure() }} run: kubectl logs -l '!workflows.argoproj.io/workflow' --prefix - - if: ${{ failure() }} - name: Controller/API logs + - name: Failure debug - Controller/API logs + if: ${{ failure() }} run: | [ -e /tmp/argo.log ] && cat /tmp/argo.log - if: ${{ failure() }} - name: Workflows + name: Failure debug - describe Workflows run: | set -eux kubectl get wf kubectl describe wf - - if: ${{ failure() }} - name: Workflow pods + - name: Failure debug - describe Workflow pods + if: ${{ failure() }} run: | set -eux kubectl get pods -l workflows.argoproj.io/workflow kubectl describe pods -l workflows.argoproj.io/workflow - - if: ${{ failure() }} - name: Wait container logs + - name: Failure debug - Wait container logs + if: ${{ failure() }} run: kubectl logs -c wait -l workflows.argoproj.io/workflow --prefix + codegen: name: Codegen - runs-on: ubuntu-latest needs: [ tests ] + runs-on: ubuntu-latest timeout-minutes: 20 env: GOPATH: /home/runner/go @@ -214,21 +220,24 @@ jobs: sudo find /usr/local/include -type f | xargs sudo chmod a+r sudo find /usr/local/include -type d | xargs sudo chmod a+rx ls /usr/local/include/google/protobuf/ - - run: | + - name: Pull OpenAPI Generator CLI Docker image + run: | docker pull openapitools/openapi-generator-cli:v5.4.0 & docker pull openapitools/openapi-generator-cli:v5.2.1 & - - name: Create links + - name: Create symlinks run: | mkdir -p /home/runner/go/src/github.com/argoproj ln -s "$PWD" /home/runner/go/src/github.com/argoproj/argo-workflows - run: make codegen -B STATIC_FILES=false - - run: git diff --exit-code + # if codegen makes changes that are not in the PR, fail the build + - name: Check if codegen made changes not present in the PR + run: git diff --exit-code lint: name: Lint - runs-on: ubuntu-latest needs: [ tests, codegen ] - timeout-minutes: 15 + runs-on: ubuntu-latest + timeout-minutes: 15 # must be strictly greater than the timeout in .golancgi.yml env: GOPATH: /home/runner/go steps: @@ -238,7 +247,9 @@ jobs: go-version: "1.21" cache: true - run: make lint STATIC_FILES=false - - run: git diff --exit-code + # if lint makes changes that are not in the PR, fail the build + - name: Check if lint made changes not present in the PR + run: git diff --exit-code ui: name: UI diff --git a/.github/workflows/dependabot-reviewer.yml b/.github/workflows/dependabot-reviewer.yml index 97dd12d6fac2..0dfb799f0e6a 100644 --- a/.github/workflows/dependabot-reviewer.yml +++ b/.github/workflows/dependabot-reviewer.yml @@ -7,11 +7,11 @@ permissions: jobs: review: - runs-on: ubuntu-latest + if: ${{ github.actor == 'dependabot[bot]' && github.repository == 'argoproj/argo-workflows'}} permissions: pull-requests: write contents: write - if: ${{ github.actor == 'dependabot[bot]' && github.repository == 'argoproj/argo-workflows'}} + runs-on: ubuntu-latest steps: - name: Dependabot metadata id: metadata @@ -27,4 +27,4 @@ jobs: run: gh pr merge --auto --squash "$PR_URL" env: PR_URL: ${{github.event.pull_request.html_url}} - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} \ No newline at end of file + GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} diff --git a/.github/workflows/gh-pages.yaml b/.github/workflows/docs.yaml similarity index 77% rename from .github/workflows/gh-pages.yaml rename to .github/workflows/docs.yaml index 012bee362a58..a7bdc95e022d 100644 --- a/.github/workflows/gh-pages.yaml +++ b/.github/workflows/docs.yaml @@ -30,17 +30,21 @@ jobs: with: node-version: "19" # Use the same make target both locally and on CI to make it easier to debug failures. - - run: make docs + - name: Build & Lint docs + run: make docs # If markdownlint fixes issues, files will be changed. If so, fail the build. - - run: git diff --exit-code + - name: Check if markdownlint --fix made changes + run: git diff --exit-code # Upload the site so reviewers see it. - - uses: actions/upload-artifact@v3 + - name: Upload Docs Site + uses: actions/upload-artifact@v3 with: name: docs path: site if-no-files-found: error - - uses: peaceiris/actions-gh-pages@v3 + - name: Publish to GH Pages (when on master) if: github.repository == 'argoproj/argo-workflows' && github.ref == 'refs/heads/master' + uses: peaceiris/actions-gh-pages@v3 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_branch: gh-pages diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml index 2f69d1a1310d..806f0185412e 100644 --- a/.github/workflows/pr.yaml +++ b/.github/workflows/pr.yaml @@ -12,6 +12,7 @@ jobs: title-check: runs-on: ubuntu-latest steps: - - uses: amannn/action-semantic-pull-request@v5 + - name: Check PR Title's semantic conformance + uses: amannn/action-semantic-pull-request@v5 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/sdks.yaml b/.github/workflows/sdks.yaml index 0be8d3f6f1b4..38f9773bd82a 100644 --- a/.github/workflows/sdks.yaml +++ b/.github/workflows/sdks.yaml @@ -8,13 +8,13 @@ permissions: contents: read jobs: - sdk: + sdks: + name: Publish SDKs + if: github.repository == 'argoproj/argo-workflows' permissions: packages: write # for publishing packages contents: write # for creating releases - if: github.repository == 'argoproj/argo-workflows' runs-on: ubuntu-latest - name: Publish SDK strategy: matrix: name: diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml index c98eaef54890..efb873056987 100644 --- a/.github/workflows/snyk.yml +++ b/.github/workflows/snyk.yml @@ -14,18 +14,20 @@ jobs: # we do not scan images here, they're scanned here: https://app.snyk.io/org/argoproj/projects golang: + name: Scan Go deps if: github.repository == 'argoproj/argo-workflows' runs-on: ubuntu-latest env: SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} steps: - uses: actions/checkout@v4 - - name: Run Snyk to check for vulnerabilities + - name: Run Snyk to check for Go vulnerabilities uses: snyk/actions/golang@master with: args: --severity-threshold=high node: + name: Scan Node deps if: github.repository == 'argoproj/argo-workflows' runs-on: ubuntu-latest env: @@ -38,7 +40,7 @@ jobs: cache: yarn cache-dependency-path: ui/yarn.lock - run: yarn --cwd ui install - - name: Run Snyk to check for vulnerabilities + - name: Run Snyk to check for Node vulnerabilities uses: snyk/actions/node@master with: args: --file=ui/package.json --severity-threshold=high