open-vault/.github/workflows/oss.yml

129 lines
4.9 KiB
YAML
Raw Normal View History

# Open Source Community Workflows
name: Project triage
on:
pull_request:
types: [opened, reopened]
# Runs on PRs to main
branches:
- main
issues:
types: [opened, reopened]
jobs:
add-to-projects:
# exclude internal PRs
if: github.event.pull_request.head.repo.owner.login != 'hashicorp' && ((github.event.action == 'reopened') || (github.event.action == 'opened'))
name: Add issue or PR to projects
runs-on: ubuntu-latest
steps:
- if: github.event.pull_request != null
[QT-576] Optimize build workflow (#21486) (#21601) Improve our build workflow execution time by using custom runners, improved caching and conditional Web UI builds. Runners ------- We improve our build times[0] by using larger custom runners[1] when building the UI and Vault. Caching ------- We improve Vault caching by keeping a cache for each build job. This strategy has the following properties which should result in faster build times when `go.sum` hasn't been changed from prior builds, or when a pull request is retried or updated after a prior successful build: * Builds will restore cached Go modules and Go build cache according to the Go version, platform, architecture, go tags, and hash of `go.sum` that relates to each individual build workflow. This reduces the amount of time it will take to download the cache on hits and upload the cache on misses. * Parallel build workflows won't clobber each others build cache. This results in much faster compile times after cache hits because the Go compiler can reuse the platform, architecture, and tag specific build cache that it created on prior runs. * Older modules and build cache will not be uploaded when creating a new cache. This should result in lean cache sizes on an ongoing basis. * On cache misses we will have to upload our compressed module and build cache. This will slightly extend the build time for pull requests that modify `go.sum`. Web UI ------ We no longer build the web UI in every build workflow. Instead we separate the UI building into its own workflow and cache the resulting assets. The same UI assets are restored from cache during build worklows. This strategy has the following properties: * If the `ui` directory has not changed from prior builds we'll restore `http/web_ui` from cache and skip building the UI for no reason. * We continue to use the built-in `yarn` caching functionality in `action/setup-node`. The default mode saves the `yarn` global cache. to improve UI build times if the cache has not been modified. Changes ------- * Add per platform/archicture Go module and build caching * Move UI building into a separate job and cache the result * Restore UI cache during build * Pin workflows Notes ----- [0] https://hashicorp.atlassian.net/browse/QT-578 [1] https://github.com/hashicorp/vault/actions/runs/5415830307/jobs/9844829929 Signed-off-by: Ryan Cragun <me@ryan.ec>
2023-07-05 21:19:49 +00:00
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
- if: github.event.pull_request != null
uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1
id: changes
with:
# derived from CODEOWNERS
filters: |
cryptosec:
- 'builtin/logical/pki/**'
- 'builtin/logical/ssh/**'
- 'builtin/logical/totp/**'
- 'builtin/logical/transit/**'
ecosystem:
- 'builtin/credential/aws/**'
- 'builtin/credential/github/**'
- 'builtin/credential/ldap/**'
- 'builtin/credential/okta/**'
- 'builtin/logical/aws/**'
- 'builtin/logical/cassandra/**'
- 'builtin/logical/consul/**'
- 'builtin/logical/database/**'
- 'builtin/logical/mongodb/**'
- 'builtin/logical/mssql/**'
- 'builtin/logical/mysql/**'
- 'builtin/logical/nomad/**'
- 'builtin/logical/postgresql/**'
- 'builtin/logical/rabbitmq/**'
- 'command/agent/**'
- 'plugins/**'
- 'vault/plugin_catalog.go'
- 'ui/app/components/auth-jwt.js'
- 'ui/app/routes/vault/cluster/oidc-*.js'
devex:
- 'api/**'
- 'command/**'
ui:
- 'ui/**'
- name: "Default to core board"
run: echo "PROJECT=170" >> "$GITHUB_ENV"
- if: github.event.pull_request != null && steps.changes.outputs.cryptosec == 'true'
run: echo "PROJECT=172" >> "$GITHUB_ENV"
- if: github.event.pull_request != null && steps.changes.outputs.ecosystem == 'true'
run: echo "PROJECT=169" >> "$GITHUB_ENV"
- if: github.event.pull_request != null && steps.changes.outputs.devex == 'true'
run: echo "PROJECT=176" >> "$GITHUB_ENV"
- if: github.event.pull_request != null && steps.changes.outputs.ui == 'true'
run: echo "PROJECT=171" >> "$GITHUB_ENV"
- uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0 # TSCCR: no entry for repository "actions/add-to-project"
with:
project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }}
github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }}
# example of something more complicated: deleting an issue or PR automatically (though this is done in the project workflows already)
# we have to use the GraphQL API for anything involving projects.
#
# get-project:
# name: Get project data
# runs-on: ubuntu-latest
# if: github.event.action == 'closed' || github.event.action == 'deleted'
# outputs:
# project_id: ${{ steps.get-project.outputs.project_id }}
# steps:
# - id: get-project
# name: Get project data
# env:
# GITHUB_TOKEN: ${{ secrets.TRIAGE_GITHUB_TOKEN }}
# ORGANIZATION: hashicorp
# PROJECT_NUMBER: 169
# run: |
# gh api graphql -f query='
# query($org: String!, $number: Int!) {
# organization(login: $org){
# projectV2(number: $number) {
# id
# }
# }
# }' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json
# echo "::set-output name=project_id::$(jq '.data.organization.projectV2.id' project_data.json)"
# delete-from-project:
# name: Remove issue or PR from project
# needs: [get-project]
# if: github.event.action == 'closed' || github.event.action == 'deleted'
# runs-on: ubuntu-latest
# steps:
# - name: Remove issue or PR
# env:
# GITHUB_TOKEN: ${{ secrets.TRIAGE_GITHUB_TOKEN }}
# run: |
# PROJECT_ID=${{ needs.get-project.outputs.project_id }}
# item_id=${{ github.event.issue.node_id }}
# if [ -z "$item_id" ]; then
# item_id=${{ github.event.pull_request.node_id }}
# fi
# gh api graphql -f query='
# mutation($project_id: ID!, $item_id: ID!) {
# deleteProjectV2Item(
# input: {
# projectId: $project_id
# itemId: $item_id
# }
# ) {
# deletedItemId
# }
# }' -f project_id=$PROJECT_ID -f item_id=$item_id || true