chore: set up auto for versioning/release management #856
Conversation
hydrosquall
added
release
.autorc.json
Outdated
| "first-time-contributor", | ||
| "released" | ||
| ], | ||
| "onlyPublishWithReleaseLabel": true |
There was a problem hiding this comment.
@domoritz , if we remove this boolean, the library will auto-publish on every merge to master. I suggest we don't enable that until you're first happy with how the auto-version incrementing logic works (it depends on committers adhering well to git commit message guidelines).
There are other options for setting version (setting a major/minor/patch github label), or asking users to check off the appropriate checkbox in their PR description when opening the PR, but this is probably the easiest place to start.
There was a problem hiding this comment.
I was wondering about all the labels that this process added. I am pretty strict with enforcing correct pull request descriptions withs semantic commits. Can we use them to automatically set the right version? Or is the idea of the labels that they get added automatically?
There was a problem hiding this comment.
Can we use them to automatically set the right version?
I wasn't sure about the semantic commit situation in this repo because I didn't see commit-hooks. However, I think I saw some linting config in a different vega repo. Whether having good commit messages is checked by eye or tool, nteract/data-explorer#66, having manual labeling as an option is just a fallback for inaccurate messages.
The automatic labeling is based on conventional-commits, which most likely has the same behavior as the semantic-release plugin.
https://intuit.github.io/auto/docs/generated/conventional-commits
If you wanted to do the manual checkbox thing, it could be achieved with this plugin:
There was a problem hiding this comment.
Last link: if any projects have more specific labeling needs than the defaults (or different mappings in terms of what we consider major/minor), they can be customized by passing in a custom array in the config:
https://intuit.github.io/auto/docs/configuration/autorc#labels
There was a problem hiding this comment.
Here is how we ensure commit messages:
I don't want additional labels if they are not necessary.
There was a problem hiding this comment.
Oh neat I missed the semantic pull request integration! That's even more reliable than a commit hook since it doesn't depend on someone setting up local config properly. I might set that up for another project, thanks for the tip.
Regarding labels: I think we can delete the unused tags then. The other ones are optional and by default would help organize the auto-generated changelog, but are not required. I just deleted most of the added tags, with the exception of release and released since those are important for keeping track of what has been deployed.
|
Btw, I'm happy to remove the semantic-release dependency in this pull request as well. |
|
How do canary releases work if the pull request comes from external (as most prs do)? I suppose they won't happen in that case. |
Cleaned in e019c4a , undoes 18f6ca7 + d6e8e35
I think they won't run if the external person is a 1st time contributor, per https://github.blog/changelog/2021-04-22-github-actions-maintainers-must-approve-first-time-contributor-workflow-runs/, but after an initial approval, I think newcomers would have the ability to publish canaries. |
hydrosquall
changed the title
| "assets": [ | ||
| "package.json" | ||
| ], | ||
| "message": "chore(release): ${nextRelease.version}" |
There was a problem hiding this comment.
Version bumps by default look like this : nteract/data-explorer@252d43a
Secrets are not exposed to forks so not npm releases for them.
|
Ah, good to know. I guess the primary initial beneficiaries of canary builds would be project maintainers. I think this limitation makes sense as a way to reduce the risk of abuse (e.g. people spamming your NPM account with bad builds), but we can still help give people a fast feedback loop if we decide to treat Let me know if you'd like to pursue that option (adding a new branch for stable, and treating |
|
Nah, I want master to be the branch everything goes into and make releases from time to time. So, if we accept this pull request, what happens to prs from forks? Would the ci fail since the NPM token and GitHub token don't exist? How do I make a release now? I used to call a particular GitHub action to kick off a release. How do I make a release after all prs are merged? Or does a release always happen with a pull request? |
Good point. We have at least 2 options
Let me know which one you prefer.
As it's currently set up, the workflow will release every merged PR, since the action is triggered on You can check to confirm you like what the command would do on the main branch by running |
|
Let me rephrase. I am okay with canary releases with every pull request but I don't want releases where I have to promise backwards compatibility with every merged pull request. I want to manually decide when we make a release. Bonus points if I don't have to do anything locally. It would be great to document the process a little bit in the github contributing document. |
What you describe makes sense. I propose that we follow the 2 branch scheme (see https://intuit.github.io/auto/docs/generated/shipit#next-branch-default for a picture + 4 sentence description ) I did a proof of concept of what I suggest using a small test project (hydrosquall/storybook-addon-datadog-rum#9 (comment)) Here's my proposal. If it sounds good to you to try, I'll write up a doc and add it to this PR (but feel free to ask for further questions or clarification). ReasoningProblem: It's valuable to automatically release the result of every merged PR approved so maintainers don't have to manually cut releases just because a 1st time contributor opened a change. However, preserving stability within semantic ranges on the Solution:
MethodTo get the best of all worlds, I suggest we
When all open PRs made against it are closed, I also suggest we remove the Alternatives
|
hydrosquall
force-pushed
the
cameron.yick/release-setup-auto
branch
from
e019c4a
to
1a7aaba
Compare
|
Per the |
|
Thank you for explaining the process I think I like the two branches approach. For apps like the editor, we could also have two branches and auto release the stable branch (maybe call it deployed). Can you automatically disable canary releases for dependably updates? I think that's getting too noisy otherwise. Paging @kanitw and @arvind to see whether they agree and want us to adopt this approach in Vega-Lite, embed, themes, tooltips etc as well. |
hydrosquall
force-pushed
the
cameron.yick/release-setup-auto
branch
2 times, most recently
from
ef0f1ba
to
be6e0f0
Compare
hydrosquall
force-pushed
the
cameron.yick/release-setup-auto
branch
from
be6e0f0
to
f2acdcf
Compare
Good call, updated in 9e0ff6e. This will disable the canary process on all of dependabot's branches (note it will still deploy a new pre-release version still on merge.) |
hydrosquall
force-pushed
the
cameron.yick/release-setup-auto
branch
from
65c4b76
to
388c5d8
Compare
|
Updated base branch of this PR from |
auto.config.ts
Outdated
| // Follow the 2 branch deployment scheme | ||
| // https://intuit.github.io/auto/docs/generated/shipit#next-branch-default | ||
| baseBranch: "stable", // latest "official" release | ||
| prereleaseBranches: ["main"] // latest changes (subject to breaking). next, alpha, beta, and other multi-feature test branches can all be added here. |
There was a problem hiding this comment.
Haven't edited this config yet, but plan to make switch this to next after confirming it makes sense w/ @domoritz to rotate this to the default branch
There was a problem hiding this comment.
Rotating the default branch makes sense to me.
There was a problem hiding this comment.
Updated to next: 492820b
I don't have admin permissions on this repo, so I'll need your help to switch the default branch to next. I just synced next to the HEAD of master (8439cfbb45918c11ac5df65e9a516a07763478a9) so we should be ready to go.
There was a problem hiding this comment.
Looks good to me. Let's do it (please squash the commits in here when merging).
The next steps are updating the following repos with the same proess
- vega-lite-dev-config
- vega-embed
- vega-tooltip
- vega-themes
- vega-datasets
- vega-lite
And then Vega if @jheer wants it.
| jobs: | ||
| publish: | ||
| runs-on: ubuntu-latest | ||
| if: "!contains(github.event.head_commit.message, 'ci skip') && !contains(github.event.head_commit.message, 'skip ci')" |
There was a problem hiding this comment.
Do we use this right now? If not, let' remove it.
There was a problem hiding this comment.
This is necessary because auto create commits which contain ci skip) when it updates the changelog and bumps the version in the stable branch. This guard is present to prevent auto from triggering an infinite loop (creating a commit, rerunning auto, etc). (example )
https://intuit.github.io/auto/docs/build-platforms/github-actions
| plugins: [ | ||
| "npm", | ||
| "conventional-commits", | ||
| "first-time-contributor", |
There was a problem hiding this comment.
When someone contributes to a repository for the first time, it tags and thanks them in the first Changelog heading and Release Notes , and doesn't do anything if this release doesn't have any 1st time contributors.
Docs: https://intuit.github.io/auto/docs/generated/first-time-contributor
We can remove this if it wouldn't be relevant for the Vega projects, but I figured it couldn't hurt + might help with encouraging people to become ongoing contributors.
Will do! By the way, within the repository settings, we can actually require squash commits for repositories if we want to prevent accidental misclicks: https://docs.github.com/en/github/administering-a-repository/configuring-pull-request-merges/configuring-commit-squashing-for-pull-requests
Sounds good, I made a card to track the migrations. I'll move these over gradually. I remember you pointed out that some of these repos may have more elaborate build processes than others https://github.com/orgs/vega/projects/8?add_cards_query=is%3Aopen |
|
Vega-Lite will be the trickiest. Have a look at the current scripts and let me know about any questions you have. |
I found that dependabot updates often have fewer conflicts when I rebase. Maybe that's not true anymore but that's why I left support for rebase on. |
* build: add dependencies for auto versioning and release notes * chore: configure publish workflow with auto shipit * chore: ignore .env files for when running auto locally * build: remove semantic-release dependencies and config * build: add dep for magic-zero auto plugin * Revert "build: add dep for magic-zero auto plugin" This reverts commit 5eff32b. * build: disable builds for branches opened by dependabot * docs: update notes on the publishing process * build: update base branch to next Co-authored-by: Remco Haszing <[email protected]>
|
🚀 PR was released in |
Motivation
Changes
auto. This way, you get hinting/docs if editing locally.Does not remove semantic-release or related config until we confirm this is working.(It's ok)auto create-labelslocally to seed repository with library labelsTesting
auto create-labelshas been run once locally.Notes on comparison vs semantic-release
autosupports opening per-PR canary deploys rather than depending on merges to a release branch📦 Published PR as canary version:
0.94.2--canary.856.e019c4a.0✨ Test out this PR locally via: