Automate the creation of release tags #1666
Conversation
Signed-off-by: Zelin Hao <[email protected]>
Codecov Report
@@ Coverage Diff @@
## main #1666 +/- ##
============================================
+ Coverage 94.62% 94.76% +0.14%
- Complexity 14 17 +3
============================================
Files 164 169 +5
Lines 3459 3518 +59
Branches 21 26 +5
============================================
+ Hits 3273 3334 +61
+ Misses 183 181 -2
Partials 3 3
Continue to review full report at Codecov.
|
| echo "Creating $version release tag for $componetsNumber components in ths manifest" | ||
|
|
||
| withCredentials([usernamePassword(credentialsId: "${GITHUB_BOT_TOKEN_NAME}", usernameVariable: 'GITHUB_USER', passwordVariable: 'GITHUB_TOKEN')]) { | ||
| for (component in componentsName) { |
There was a problem hiding this comment.
I think its better to add try catch and check if the tag already exists. Some components cut the tag beforehand.
There was a problem hiding this comment.
Agreed and probably can also check whether the existing tag has the correct commitid.
There was a problem hiding this comment.
I added a check below: If certain tag is existing in the current repo, we will just simply delete it and replace with the new one with the commit ID from the manifest.
There was a problem hiding this comment.
Not sure if we should delete or skip it. @dblock any thoughts on this?
There was a problem hiding this comment.
I would skip it with a note if it's identical (someone did the right thing and manually created the tag, it's ok), and fail if the existing tag doesn't match (someone created the wrong tag, let's find out loudly).
There was a problem hiding this comment.
@zelinh Can you work with the team to come up with an effort estimate to move the shell code with groovy? I would prefer to go that route if its a quick effort.
There was a problem hiding this comment.
I dislike the implementation in shell a lot, but with the rule of thumb that this is better than what we had (manual process) I vote to merge this as is.
There was a problem hiding this comment.
Changed the implementation here and remove shell block as much as possible.
There was a problem hiding this comment.
I would skip it with a note if it's identical (someone did the right thing and manually created the tag, it's ok), and fail if the existing tag doesn't match (someone created the wrong tag, let's find out loudly).
Hi @dblock What do you think about hard fail at the end rather than failing the entire workflow before all components are parsed?
Right now this just fails the workflow and until that component fixes the tag we cannot re-run. How about go and finish the workflow and hard fail at the end if there is a mismatch?
There was a problem hiding this comment.
More elaboration on the current status: when some component already cut the tag with different commit from the commit in the distribution manifest, the current workflow will fail immediately and ask user to fix it until it matches.
Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: Zelin Hao <[email protected]>
| } | ||
| } | ||
| parameters { | ||
| string( |
There was a problem hiding this comment.
As an idea, this job could take a version number without a build ID, because the URL for the manifest for a well-known version should be known. Or it could take a URL to the manifest. This avoids the need to download anything from S3. It's no big deal though.
There was a problem hiding this comment.
Getting the manifest URL will still need the build ID, otherwise we will need to take the manifest URL as the parameter input. I think essentially both way are the same, good for either way.
There was a problem hiding this comment.
Also, We are bundling this manifest with the released artifact as well. Does it makes sense to download from publicly downloadable link
Example: https://artifacts.opensearch.org/releases/bundle/opensearch/1.2.4/opensearch-1.2.4-linux-x64.tar.gz
We can download from public url , unzip and use the manifest. In that case just the version is required. It also makes sure we are using the manifest for released artifact
There was a problem hiding this comment.
I liked this idea of using this public link for transparency purpose. Just make sure few things:
This release artifacts matches the build ID that we will be using for each release right?
Also I actually uses the builds manifest instead of the dist manifest from link like https://ci.opensearch.org/ci/dbc/distribution-build-opensearch/$version/$build_number/linux/x64/build/opensearch/manifest.yml; using the dist manifest from the release artifacts will not include some components that won't redistribute anything (e.g. common-util). So we will still need to manually tag for them.
There was a problem hiding this comment.
The build manifest contains all components:
- name: common-utils
repository: https://github.com/opensearch-project/common-utils.git
ref: main
commit_id: 361db4ce3933fe902773df1266fc32cf6b0098bb
artifacts:
maven:
- maven/org/opensearch/common-utils/maven-metadata.xml
I think we should add common-utils into the dist manifest as well, even though it has no redistributable binaries, #1703.
There was a problem hiding this comment.
We can use the manifest directly from released artifact now. Would recommend to use that instead of build id. In that case just the version is required to retrieve the manifest.
Thanks!
Signed-off-by: Zelin Hao <[email protected]>
| @@ -1,6 +1,9 @@ | |||
| lib = library(identifier: 'jenkins@20211123', retriever: legacySCM(scm)) | |||
|
|
|||
| pipeline { | |||
| options { | |||
| timeout(time: 2, unit: 'HOURS') | |||
There was a problem hiding this comment.
How long does this job take, in your tests?
There was a problem hiding this comment.
It depends on multiple things: the number of components the manifest includes, the size of contents for each repo, github fetching time, etc.. I tested with only three components and it normally took around 2 mins.
There was a problem hiding this comment.
Then let's change the timeout to be 30mins?
There was a problem hiding this comment.
I think the timeout here is the max time this job possibly takes. I would like to have this longer just in case. Shouldn't be a big deal IMO.
There was a problem hiding this comment.
2 hr is a ok time range, I normally have 2x 3x time for max range.
There was a problem hiding this comment.
3x for 10min is 30mins
There was a problem hiding this comment.
We won't know if this takes 10 mins or 30 mins or even more. I believe 2 hours should be an acceptable range.
There was a problem hiding this comment.
So, if we say the timeout is 2hrs, we are expecting this job to run for an 1hr atleast?
It's not a blocker for me, but timeouts should be visited carefully as they are the failsafe that unblock nodes in case a job is stuck.
| agent { | ||
| docker { | ||
| label 'Jenkins-Agent-al2-x64-c54xlarge-Docker-Host' | ||
| image 'opensearchstaging/ci-runner:centos7-x64-arm64-jdkmulti-node10.24.1-cypress6.9.1-20211130' |
There was a problem hiding this comment.
Try to see if you can use alpine:latest instead of this full ledge image for testing.
Since this is literally a git command pipeline.
There was a problem hiding this comment.
Eh, seems like you need aws cli as well.
There was a problem hiding this comment.
If we used the public manifest URL then we wouldn't need aws cli, see comment below.
Signed-off-by: Zelin Hao <[email protected]>
… variable Signed-off-by: Zelin Hao <[email protected]>
| } | ||
| } | ||
| parameters { | ||
| string( |
There was a problem hiding this comment.
The build manifest contains all components:
- name: common-utils
repository: https://github.com/opensearch-project/common-utils.git
ref: main
commit_id: 361db4ce3933fe902773df1266fc32cf6b0098bb
artifacts:
maven:
- maven/org/opensearch/common-utils/maven-metadata.xml
I think we should add common-utils into the dist manifest as well, even though it has no redistributable binaries, #1703.
| agent { | ||
| docker { | ||
| label 'Jenkins-Agent-al2-x64-c54xlarge-Docker-Host' | ||
| image 'opensearchstaging/ci-runner:centos7-x64-arm64-jdkmulti-node10.24.1-cypress6.9.1-20211130' |
There was a problem hiding this comment.
If we used the public manifest URL then we wouldn't need aws cli, see comment below.
| echo "Creating $version release tag for $componetsNumber components in ths manifest" | ||
|
|
||
| withCredentials([usernamePassword(credentialsId: "${GITHUB_BOT_TOKEN_NAME}", usernameVariable: 'GITHUB_USER', passwordVariable: 'GITHUB_TOKEN')]) { | ||
| for (component in componentsName) { |
There was a problem hiding this comment.
I dislike the implementation in shell a lot, but with the rule of thumb that this is better than what we had (manual process) I vote to merge this as is.
@zelinh - Can you create an issue to look into this in the future? Thank you! |
Signed-off-by: Zelin Hao <[email protected]>
…ases. Signed-off-by: Zelin Hao <[email protected]>
| def push_url = "https://$GITHUB_TOKEN@" + repo.minus('https://') | ||
| echo "Tagging $component at $commitID ..." | ||
|
|
||
| dir (component) { |
There was a problem hiding this comment.
This is much better than before! Thanks!
Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: Zelin Hao <[email protected]>
Signed-off-by: Zelin Hao <[email protected]>
There was a problem hiding this comment.
Worked with @zelinh to add library related shMock commands as a part of lib tester. This removes all the mocks from the library test and job test. It also eliminates the need for the user to write shMock if they intend to use this library.
@zelinh - Approving the PR. However, I would revisit the timeout. I feel under no circumstance it would take 2 hrs, or even 1hr. It just blocks the node unnecessarily and therefore can be reduced
Thanks!
There was a problem hiding this comment.
Unblocking this PR merge. @zelinh is working on #1666 (comment)
Please feel free to merge if that is coming in another PR.
Thanks!
|
Issue is created to use public release manifest here #1710. Will be pushing this from another PR. |
Signed-off-by: Zelin Hao [email protected]
Description
Create the release tag for plugins from the distribution-build manifest based on the version and build_id.
This workflow will fetch the commit_id from the manifest for each plugin and create the GitHub tag based on that, which could avoid discrepancies of using different commit id from release.
Issues Resolved
#378
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.