Skip to content

ZXCron: Promote Build Candidate #77

ZXCron: Promote Build Candidate

ZXCron: Promote Build Candidate #77

##
# Copyright (C) 2023-2024 Hedera Hashgraph, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##
name: "ZXCron: Promote Build Candidate"
on:
workflow_dispatch:
schedule:
# Runs Promote Build Candidate at 2000 hours
- cron: '0 20 * * *'
permissions:
actions: write
contents: write
statuses: write
defaults:
run:
shell: bash
env:
XTS_PASS_GREP_PATTERN: "xts-pass-*"
PROMOTED_GREP_PATTERN: "build-.{5}"
jobs:
determine-build-candidate:
name: Fetch Latest Build Candidate
runs-on: network-node-linux-medium
outputs:
build-candidate-exists: ${{ steps.find-build-candidates.outputs.build-candidate-exists }}
build-candidate-commit: ${{ steps.find-build-candidates.outputs.build-candidate-commit }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
# Checkout the latest from dev
- name: Checkout Code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: '0'
ref: main
token: ${{ secrets.GH_ACCESS_TOKEN }}
- name: Find Build Candidates
id: find-build-candidates
env:
GH_TOKEN: ${{ github.token }}
TAG_PATTERN: ${{ env.XTS_PASS_GREP_PATTERN }}
BUILD_PROMO_PATTERN: ${{ env.PROMOTED_GREP_PATTERN }}
run: |
CANDIDATE_TAG="$(git tag --list --sort=-version:refname "${TAG_PATTERN}" | head --lines 1)"
if [[ -n "${CANDIDATE_TAG}" ]]; then
set +e
CANDIDATE_COMMIT=$(git rev-list --max-count 1 ${CANDIDATE_TAG})
BUILD_PROMOTED_TAGGED=$(git tag --contains "${CANDIDATE_COMMIT}" | grep -E "${BUILD_PROMO_PATTERN}")
set -e
# Use -n; if the BUILD_PROMOTED_TAGGED flag is not empty than the commit has been tagged.
if [[ -n "${BUILD_PROMOTED_TAGGED}" ]]; then
gh run cancel ${{ github.run_id }}
fi
# Verify the commit is on main and continue
if git branch --contains "${CANDIDATE_COMMIT}" | grep --quiet main >/dev/null 2>&1; then
git push --delete origin $(git tag --list "${TAG_PATTERN}")
git tag --delete $(git tag --list "${TAG_PATTERN}")
echo "build-candidate-exists=true" >> "${GITHUB_OUTPUT}"
echo "build-candidate-commit=${CANDIDATE_COMMIT}" >> "${GITHUB_OUTPUT}"
echo "### Build Candidate Found" >> "${GITHUB_STEP_SUMMARY}"
echo "build-candidate-commit=${CANDIDATE_COMMIT}" >> "${GITHUB_STEP_SUMMARY}"
echo "build-candidate-tag=${CANDIDATE_TAG}" >> "${GITHUB_STEP_SUMMARY}"
else
gh run cancel "${{ github.run_id }}"
fi
else
gh run cancel "${{ github.run_id }}"
fi
promote-build-candidate:
name: Promote Build Candidate
runs-on: network-node-linux-medium
needs: determine-build-candidate
outputs:
build-candidate-tag: ${{ steps.tag-build-candidate.outputs.build-candidate-tag }}
if: ${{ needs.determine-build-candidate.result == 'success' && needs.determine-build-candidate.outputs.build-candidate-exists == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Checkout Tagged Code
id: checkout-tagged-code
if: ${{ needs.determine-build-candidate.outputs.build-candidate-exists == 'true' }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
fetch-depth: '0'
ref: ${{ needs.determine-build-candidate.outputs.build-candidate-commit }}
token: ${{ secrets.GH_ACCESS_TOKEN }}
- name: Import GPG Key
id: gpg_importer
uses: step-security/ghaction-import-gpg@6c8fe4d0126a59d57c21f87c9ae5dd3451fa3cca # v6.1.0
with:
git_commit_gpgsign: true
git_tag_gpgsign: true
git_user_signingkey: true
gpg_private_key: ${{ secrets.SVCS_GPG_KEY_CONTENTS }}
passphrase: ${{ secrets.SVCS_GPG_KEY_PASSPHRASE }}
- name: Tag Build Candidate
id: tag-build-candidate
env:
BUILD_INDEX: ${{ vars.XTS_BUILD_PROMOTION_INDEX }}
run: |
BUILD_TAG="$(printf "build-%05d" "${BUILD_INDEX}")"
git tag --annotate ${BUILD_TAG} --message "chore: tagging commit for build promotion"
git push --set-upstream origin --tags
echo "build-candidate-tag=${BUILD_TAG}" >> "${GITHUB_OUTPUT}"
echo "### Build Promotion Tag Information" >> "${GITHUB_STEP_SUMMARY}"
echo "build-tag=${BUILD_TAG}" >> "${GITHUB_STEP_SUMMARY}"
- name: Increment Build Promotion Index
uses: step-security/increment@f806ba7e868d0298aa216a18049c42690f0e4736 # v2.0.0
id: increment
with:
name: 'XTS_BUILD_PROMOTION_INDEX'
token: ${{ secrets.GH_ACCESS_TOKEN }}
- name: Preview Next Build
env:
NEXT_BUILD_ID: ${{ steps.increment.outputs.value }}
run: |
NEXT_BUILD_TAG="$(printf "build-%05d" "${NEXT_BUILD_ID}")"
echo "### Preview Next Build Tag" >> "${GITHUB_STEP_SUMMARY}"
echo "Next build tag is: ${NEXT_BUILD_TAG}" >> "${GITHUB_STEP_SUMMARY}"
report-promotion:
name: Report Build Promotion
runs-on: network-node-linux-medium
needs:
- determine-build-candidate
- promote-build-candidate
if: ${{ needs.promote-build-candidate.result == 'success' &&
needs.determine-build-candidate.result == 'success' &&
needs.determine-build-candidate.outputs.build-candidate-exists == 'true' }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Report Promoted Build
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
webhook: ${{ secrets.SLACK_CITR_OPERATIONS_WEBHOOK }}
webhook-type: incoming-webhook
payload-templated: true
payload: |
{
"attachments": [
{
"color": "#00FF00",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": ":grey_exclamation: Hedera Services - XTS Candidate Promoted for Single Day Performance/Longevity Tests",
"emoji": true
}
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Build Candidate Promotion Succeeded. See details below.*"
},
"fields": [
{
"type": "plain_text",
"text": "Build Candidate Commit"
},
{
"type": "plain_text",
"text": "${{ needs.determine-build-candidate.outputs.build-candidate-commit }}"
},
{
"type": "plain_text",
"text": "Promoted Build Tag"
},
{
"type": "plain_text",
"text": "${{ needs.promote-build-candidate.outputs.build-candidate-tag }}"
}
]
}
]
}
]
}
report-failure:
name: Report XTS execution failure
runs-on: network-node-linux-medium
needs:
- determine-build-candidate
- promote-build-candidate
if: ${{ (needs.determine-build-candidate.result != 'success' || needs.promote-build-candidate.result != 'success') && !cancelled() && always() }}
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: audit
- name: Report failure (PagerDuty)
run: |
curl --request 'POST' \
--url 'https://events.pagerduty.com/v2/enqueue' \
--header 'Content-Type: application/json' \
--data '{
"payload": {
"summary": "Hedera Services - eXtended Test Suite Failure",
"severity": "error",
"source": "GitHub Actions - eXtended Test Suite",
"custom_details": {
"Fetch Latest Build Candidate": "${{ needs.determine-build-candidate.result }}",
"Promote Build Candidate": "${{ needs.promote-build-candidate.result }}",
"Source Commit": "<${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}>",
"Workflow Run": "<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}>"
}
},
"routing_key": "${{ secrets.PAGERDUTY_CITR_INTEGRATION_KEY }}",
"event_action": "trigger"
}'
- name: Report failure (slack)
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
webhook: ${{ secrets.SLACK_CITR_FAILURES_WEBHOOK }}
webhook-type: incoming-webhook
payload-templated: true
payload: |
{
"attachments": [
{
"color": "#FF0000",
"blocks": [
{
"type": "header",
"text": {
"type": "plain_text",
"text": ":grey_exclamation: Hedera Services - Build Candidate Promotion Error Report",
"emoji": true
}
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Build Candidate Promotion Job Resulted in failure. See status below.*"
},
"fields": [
{
"type": "plain_text",
"text": "Fetch Latest Build Candidate"
},
{
"type": "plain_text",
"text": "${{ needs.determine-build-candidate.result }}"
},
{
"type": "plain_text",
"text": "Promote Build Candidate"
},
{
"type": "plain_text",
"text": "${{ needs.promote-build-candidate.result }}"
}
]
},
{
"type": "divider"
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Source Commit*: \n<${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}>"
}
}
]
}
]
}