From f7877ad5084a85c056a38c910c7b2cd1526cb214 Mon Sep 17 00:00:00 2001 From: Jeff Yates Date: Fri, 20 Dec 2024 16:12:44 -0600 Subject: [PATCH] [fei6062.releaseprotections.2] Fail snapshot runs if a release is happening (#2414) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary: This brings over workflow changes from Perseus that are intended to prevent trying to publish snapshots if a release is in progress. This is the first layer of protection against this, we also have a script solution that works both in automation and locally for devs that will kick in for cases where this workflow change doesn't catch it. This change looks for in-progress releases (`release.yml` runs for "Version Packages" changes) and fails the snapshot job if it finds one. This then adds a comment to the PR to indicate why the snapshot failed. Issue: FEI-6062 ## Test plan: This was already tested for Perseus and testing requires orchestrating a release job at the same time as the PR trying to do snapshots. I don't think we need to do that for this PR, but we can if folks prefer. Author: somewhatabstract Reviewers: jandrade Required Reviewers: Approved By: jandrade Checks: ⌛ Publish npm snapshot (ubuntu-latest, 20.x), ⌛ Check for .changeset entries for all changed files (ubuntu-latest, 20.x), ⌛ Prime node_modules cache for primary configuration (ubuntu-latest, 20.x), ⌛ Chromatic - Build on regular PRs / chromatic (ubuntu-latest, 20.x), ⏭️ Chromatic - Skip on Release PR (changesets), ⌛ gerald, ⏭️ dependabot Pull Request URL: https://github.com/Khan/wonder-blocks/pull/2414 --- .changeset/polite-rockets-beam.md | 2 ++ .github/workflows/node-ci-pr.yml | 52 +++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 .changeset/polite-rockets-beam.md diff --git a/.changeset/polite-rockets-beam.md b/.changeset/polite-rockets-beam.md new file mode 100644 index 000000000..a845151cc --- /dev/null +++ b/.changeset/polite-rockets-beam.md @@ -0,0 +1,2 @@ +--- +--- diff --git a/.github/workflows/node-ci-pr.yml b/.github/workflows/node-ci-pr.yml index 8c81b1b00..acd8fdcab 100644 --- a/.github/workflows/node-ci-pr.yml +++ b/.github/workflows/node-ci-pr.yml @@ -6,6 +6,12 @@ on: # draft". types: [edited, opened, synchronize, ready_for_review, reopened] +# When a new revision is pushed to a PR, cancel all in-progress CI runs for that +# PR. See https://docs.github.com/en/actions/using-jobs/using-concurrency +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + # Our jobs run like this to minimize wasting resource cycles: # 1. Prime caches for primary configuration (ubuntu on node 16). # This way the next two jobs can run in parallel but rely on this primed @@ -135,6 +141,34 @@ jobs: REF=$(git rev-parse HEAD) git checkout main git checkout $REF + + # Helper to get the URL of the current run, if we need it. + - name: Get workflow run URL + id: get-run-url + run: echo "run_url=https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" >> $GITHUB_OUTPUT + + + # We need to see if any releases are in progress. + # We do not want to try and publish anything if a publish is + # pending. We fail here, but we make sure to update the + # PR comment later. This has to come after the checkout. + - name: Check for release + id: check-release + env: + GH_TOKEN: ${{ github.token }} + run: | + # Releases are triggered by merging "Version Packages" PRs. + # So we look for instances of the release.yml workflow, with + # a title containing "Version Packages", that are in progress. + release_count=$(gh run list --workflow release.yml --json status,displayTitle --jq '[.[] | select(.status == "in_progress" and (.displayTitle | contains("Version Packages")))] | length') + echo "release_count=$release_count" >> $GITHUB_OUTPUT + if [ "$release_count" -ne 0 ]; then + echo "Error: There are $release_count releases in progress." + exit 1 + else + echo "No releases in progress." + fi + - name: Use Node.js ${{ matrix.node-version }} & Install & cache node_modules uses: Khan/actions@shared-node-cache-v2 with: @@ -153,6 +187,8 @@ jobs: # Note: these two actions are locked to the latest version that were # published when @jeremy (Jeremy Wiebe) created the original job in Perseus. - name: Find existing comment + # Even if we're failing, we want to update the comments. + if: always() uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e id: find-comment with: @@ -194,3 +230,19 @@ jobs: ## npm Snapshot: **NOT** Published 🤕 Oh noes!! We couldn't find any changesets in this PR (${{ steps.short-sha.outputs.short_sha }}). As a result, we did **not** publish an npm snapshot for you. + + - name: Create or update npm snapshot comment - failure, concurrent with release + if: failure() && steps.check-release.outputs.release_count != '0' + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 + with: + issue-number: ${{ github.event.pull_request.number }} + comment-id: ${{ steps.find-comment.outputs.comment-id }} + edit-mode: replace + body: | + # npm Snapshot: **NOT** Published + + 🤕 Oh noes!! We couldn't publish an npm snapshot for you because + there is a release in progress. Please wait for the release to + finish, then retry this workflow. + + [View the workflow run](${{ steps.get-run-url.outputs.run_url }}) \ No newline at end of file