Unverified Commit 129b85d3 authored by John DiSanti's avatar John DiSanti Committed by GitHub
Browse files

Fix canary execution during prod release (#3575) 

The new canary secrets weren't being propagated from the root prod
release workflow into the CI workflow, so the canary was failing. This
PR propagates those secrets, and also makes it possible to run the full
CI workflow in a dry-run release so that it's possible to test in the
future.

----

_By submitting this pull request, I confirm that you can use, modify,
copy, and redistribute this contribution, under the terms of your
choice._
parent e1986785

.github/workflows/dry-run-release-scheduled.yml

0 → 100644
+26 −0
Original line number Diff line number Diff line 
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0



# This workflow performs a scheduled dry-run for smithy-rs release.

# When run, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.



name: Scheduled smithy-rs dry-run release

run-name: ${{ github.workflow }}

on:

  schedule:

    # Runs 00:00 UTC every day

  - cron: 0 0 * * *



jobs:

  smithy-rs-scheduled-dry-run-release:

    name: Scheduled dry-run release

    uses: ./.github/workflows/release.yml

    with:

      commit_sha: main

      dry_run: true

      skip_ci: true

    secrets:

      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}

      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/dry-run-release.yml

+12 −18
Original line number Diff line number Diff line 
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.

# SPDX-License-Identifier: Apache-2.0



# This workflow performs a dry run for smithy-rs release. It can be triggered via either cron or manually.

# When ran, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.

# This workflow performs a manual dry-run for smithy-rs release.

# When run, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.



name: Smithy-rs dry run release

run-name: ${{ github.workflow }} ${{ inputs.commit_sha == ''  && 'scheduled' || (inputs.commit_sha) }}

name: Smithy-rs dry-run release

run-name: ${{ github.workflow }}-${{ inputs.commit_sha }}

on:

  schedule:

    # Runs 00:00 UTC every day

  - cron: 0 0 * * *

  workflow_dispatch:

    inputs:

      commit_sha:
@@ -19,6 +16,11 @@ on: 
          Alternatively, you can use the name of a branch.

        required: true

        type: string

      skip_ci:

        description: Skip CI

        required: true

        type: boolean

        default: true



jobs:

  smithy-rs-manual-dry-run-release:
@@ -28,17 +30,9 @@ jobs: 
    with:

      commit_sha: ${{ inputs.commit_sha }}

      dry_run: true

      skip_ci: ${{ inputs.skip_ci }}

    secrets:

      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}



  smithy-rs-scheduled-dry-run-release:

    name: Scheduled dry run release

    if: ${{ github.event_name == 'schedule' }}

    uses: ./.github/workflows/release.yml

    with:

      commit_sha: main

      dry_run: true

    secrets:

      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}
 
      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/prod-release.yml

+3 −0
Original line number Diff line number Diff line
@@ -24,6 +24,9 @@ jobs: 
    with:

      commit_sha: ${{ inputs.commit_sha }}

      dry_run: false

      skip_ci: false

    secrets:

      RELEASE_AUTOMATION_BOT_PAT: ${{ secrets.RELEASE_AUTOMATION_BOT_PAT }}

      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN: ${{ secrets.RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN }}

      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}

.github/workflows/release.yml

+15 −2
Original line number Diff line number Diff line
@@ -24,11 +24,19 @@ on: 
        description: When true, it only produces release artifacts, but will not cut a release tag in GitHub or publish to crates.io.

        required: true

        type: boolean

      skip_ci:

        description: Skip CI when executing a release

        required: true

        type: boolean

    secrets:

      RELEASE_AUTOMATION_BOT_PAT:

        required: true

      RELEASE_AUTOMATION_BOT_CRATESIO_TOKEN:

        required: true

      CANARY_GITHUB_ACTIONS_ROLE_ARN:

        required: true

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME:

        required: true



jobs:

  check-actor-for-prod-run:
@@ -80,14 +88,19 @@ jobs: 
        retention-days: 1



  release-ci:

    name: Prerelease checks

    if: inputs.dry_run == false

    name: Pre-release checks

    # We need `always` here otherwise this job won't run if the previous job has been skipped

    # See https://samanpavel.medium.com/github-actions-conditional-job-execution-e6aa363d2867

    if: always() && inputs.skip_ci == false

    needs:

    - acquire-base-image

    uses: ./.github/workflows/ci.yml

    with:

      run_sdk_examples: false

      git_ref: ${{ inputs.commit_sha }}

    secrets:

      CANARY_GITHUB_ACTIONS_ROLE_ARN: ${{ secrets.CANARY_GITHUB_ACTIONS_ROLE_ARN }}

      CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME: ${{ secrets.CANARY_STACK_CDK_OUTPUTS_BUCKET_NAME }}



  check-semver-hazards:

    name: Check for semver hazards