Refactor GHAs #124
Refactor GHAs #124
Conversation
| @@ -59,5 +59,7 @@ runs: | |||
| SF_CHANGE_CASE_TEMPLATE_ID: ${{ inputs.SF_CHANGE_CASE_TEMPLATE_ID}} | |||
| SF_CHANGE_CASE_CONFIGURATION_ITEM: ${{ inputs.SF_CHANGE_CASE_CONFIGURATION_ITEM}} | |||
|
|
|||
| - run: echo "case id is ${{ steps.ctc.outputs.ctcId }}" | |||
| - run: echo "[INFO] Change Case ID is:\ $STEPS_CTC_CTCID" | |||
There was a problem hiding this comment.
Note: You need to escape the space after a : if you want it to be valid yaml. Or put it on a new line...
- run: |
echo "[INFO] Change Case ID is: $STEPS_CTC_CTCID"
| @@ -46,7 +46,9 @@ runs: | |||
| yarn tsc | |||
| yarn oclif readme \ | |||
| --no-aliases \ | |||
| --version ${{ steps.next-version.outputs.tag }} \ | |||
| --version "$STEPS_NEXT_VERSION_TAG" \ | |||
| ${{ inputs.multi == 'true' && '--multi' || '' }} \ | |||
There was a problem hiding this comment.
Expressions that render values that don't include the input are fine.
| } | ||
| } catch(err) { | ||
| core.setFailed(err) | ||
| } |
| @@ -1,22 +0,0 @@ | |||
| # This action is only needed as long as the developer site and other docs are linking to the old sfdx.pkg file and the mac signing job is only signing the old file as well. | |||
| # It can be deleted once those are updated to use the new name, sfdx-x64.pkg. | |||
There was a problem hiding this comment.
This is no longer being used
| run: sf-release dependabot:automerge --merge-method ${{ inputs.mergeMethod}} --max-version-bump ${{ inputs.maxVersionBump}} --owner $GITHUB_REPOSITORY_OWNER --repo $(basename $GITHUB_REPOSITORY) | ||
| - name: run automerge command | ||
| if: ${{ inputs.skipCI }} | ||
| run: sf-release dependabot:automerge --merge-method "$INPUTS_MERGE_METHOD" --max-version-bump "$INPUTS_MAX_VERSION_BUMP" --owner $GITHUB_REPOSITORY_OWNER --repo $(basename $GITHUB_REPOSITORY) ${{ inputs.skipCI && '--skip-ci' || '' }} |
There was a problem hiding this comment.
This diff is confusing. I turned two steps into one using a "ternaryish"
| @@ -16,8 +16,6 @@ jobs: | |||
| runs-on: static-ip-ubuntu-runners | |||
| steps: | |||
| - uses: actions/checkout@v4 | |||
| with: | |||
| token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |||
There was a problem hiding this comment.
No idea why we would need our token for this workflow. The GH_TOKEN generated for the GHA run should work fine.
| @@ -12,14 +12,14 @@ jobs: | |||
| runs-on: static-ip-ubuntu-runners | |||
| steps: | |||
| - uses: actions/checkout@v4 | |||
| with: | |||
| token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} | |||
There was a problem hiding this comment.
Same here, GH_TOKEN should work
| - uses: salesforcecli/github-workflows/.github/actions/get-json-property@main | ||
| id: packageVersion | ||
| with: | ||
| path: "package.json" | ||
| prop_path: 'devDependencies["@salesforce/dev-scripts"]' | ||
| prop_path: 'devDependencies.@salesforce/dev-scripts' |
There was a problem hiding this comment.
This changes is because I rewrote this action using javascript. I could not find any other uses of this action that used a nested value.
| env: | ||
| STEPS_PACKAGE_VERSION_PROP: ${{ steps.packageVersion.outputs.prop }} | ||
|
|
||
| - run: echo "[INFO] shouldUpdate value will be:\ ${{ !endsWith(steps.packageVersion.outputs.prop, steps.version-info.outputs.version) }}" |
There was a problem hiding this comment.
Expression will render to either true or false
| - run: npm install -g yarn-deduplicate | ||
| - run: yarn upgrade @salesforce/dev-scripts@latest | ||
| # TODO: What does this mean? Would yarnInstallWithRetries work here? | ||
| # this may fail because that's how dev-scripts does things |
There was a problem hiding this comment.
Two open questions here (TODO), would appreciate some feedback.
There was a problem hiding this comment.
TODO: Do we need this? Isn't that why we use npx?
Not sure why, yarn-deduplicate can be executed as a global binary. I can remove the call via npx.
TODO: What does this mean? Would yarnInstallWithRetries work here?
I'm pretty sure it's because of sf-install, when it updates dependencies it throws (exit code 1) and ask you to re-run yarn install, so the first yarn install continues on error to allow the second one (if the second one fails then the workflow exits):
https://github.com/forcedotcom/dev-scripts/blob/6bd069d98d14e8d1bfd629c720b8e5c87b8a45ed/bin/sf-install.js#L15
.github/workflows/externalNut.yml
Outdated
| - name: NUTs with ${{ inputs.attempts }} attempts | ||
| uses: salesforcecli/github-workflows/.github/actions/retry@main | ||
| with: | ||
| max_attempts: ${{ inputs.attempts }} | ||
| command: ${{ inputs.command }} | ||
| retry_on: error | ||
| env: | ||
| TESTKIT_EXECUTABLE_PATH: ${{ inputs.sfdxExecutablePath }} |
There was a problem hiding this comment.
I deleted the step above that sets this. I think setting it here on the env will work exactly the same.
There was a problem hiding this comment.
the previous step was supposed to set the env var only if inputs.sfdxExecutablePath was set, I'm not sure if this is equivalent since the env var could be set to an empty string or undefined and make testkit search for an invalid CLI bin, I'll test on QA to confirm.
| - name: Is published | ||
| id: is-published | ||
| run: | | ||
| RESPONSE=$(npm view .@${{ inputs.githubTag }} version --json --silent || echo "Not published") | ||
| RESPONSE=$(npm view .@$INPUTS_GITHUB_TAG version --json --silent || echo "Not published") |
There was a problem hiding this comment.
I tested this locally to make sure the env var is evaluated correctly 👍
.github/workflows/nut.yml
Outdated
| - name: NUTs with ${{ inputs.retries }} attempts | ||
| uses: salesforcecli/github-workflows/.github/actions/retry@main | ||
| with: | ||
| max_attempts: ${{ inputs.retries }} | ||
| command: ${{ inputs.command }} | ||
| retry_on: error | ||
| env: | ||
| TESTKIT_EXECUTABLE_PATH: ${{ inputs.sfdxExecutablePath }} |
There was a problem hiding this comment.
Same here (see comment above)
| @@ -20,28 +16,39 @@ on: | |||
| jobs: | |||
| macos: | |||
| env: | |||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |||
There was a problem hiding this comment.
I moved the AWS secrets to only the steps that need them. Otherwise they will be set on the env for the entire job.
| @@ -20,28 +16,39 @@ on: | |||
| jobs: | |||
| macos: | |||
| env: | |||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |||
| SFDX_HIDE_RELEASE_NOTES: true | |||
There was a problem hiding this comment.
I moved this to an org level variable https://github.com/organizations/salesforcecli/settings/variables/actions
| - uses: salesforcecli/github-workflows/.github/actions/yarnInstallWithRetries@main | ||
| # todo: download the macos tarball and pass that to the oclif pack:macos command |
There was a problem hiding this comment.
We decided this did not provide any real benefit and already never'd a ticket
| cli: | ||
| type: string | ||
| required: true | ||
| description: only needed if upload. sfdx or sf |
There was a problem hiding this comment.
No more sfdx 🎉 These inputs were removed here
| @@ -1,10 +1,6 @@ | |||
| on: | |||
There was a problem hiding this comment.
Changes in this file are the same as packUploadMac.yml. See those comments
| @@ -7,36 +7,41 @@ on: | |||
|
|
|||
| jobs: | |||
| publish: | |||
| # todo: parameterize this as input if anyone ever needs ip-restricted runner | |||
| clipkg: | ||
| type: string | ||
| description: npm package name for cli | ||
| default: "@salesforce/cli" |
There was a problem hiding this comment.
No more sfdx 🎉 These inputs were removed here
| SF_DISABLE_TELEMETRY: true | ||
| runs-on: ubuntu-20-8core | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| token: ${{ secrets.SVC_CLI_BOT_GITHUB_TOKEN }} |
There was a problem hiding this comment.
Again, not sure why we would need our token here
| STAMPY_UNSIGNED_BUCKET: ${{ secrets.STAMPY_UNSIGNED_BUCKET }} | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
| AWS_EC2_METADATA_DISABLED: true |
There was a problem hiding this comment.
Confusing diffs in this file
- Added a
name - Moved
envto the bottom for consistency - Moved
inputsandstepsto theenv
|
QA notes: ✅ getPreReleaseTag I think it's because the checkout happens after ✅ doesn't execute printing output directly does run the command: |
Refactors a lot of our GHAs to pass inputs through the
env.A lot of other random cleanup. I have added a lot of comments on this PR to help with any confusion.
@W-16223935@