Fix build system not updating dependencies when they change (#90)

* Increase jitter when testing the timer to account for system variances * When validating builds, always use the dependency image fingerprint. * Fix fingerprint build arg never making it onto the docker image for validation * Ensure that deployed instances aren't running in development mode. * Integrate with version 0.1.1 of common-build-scripts * Update bootstrap-dev-local.sh so that build scripts are installed for new developers. Remove a bunch of unnecessary stuff from the bootstrap script. * Clean up some cruft. * Ensure all references to the build-scripts use the new canonical install location. Includes a minor refactor of some github actions snippets. * [Bot] Update version to 1.2.1 Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
UWIT-IAM · Aug 27, 2021 · 8f63f92 · 8f63f92
1 parent 8c49bde
commit 8f63f92
Show file tree

Hide file tree

Showing 27 changed files with 128 additions and 135 deletions.
diff --git a/.github/scripts/install-build-scripts.sh b/.github/scripts/install-build-scripts.sh
diff --git a/.github/steps/create-release/push-release-image.sh b/.github/steps/create-release/push-release-image.sh
@@ -0,0 +1,16 @@
+
+if [[ "${GITHUB_REF}" == "refs/heads/main" ]]
+then
+  docker pull $pr_image
+else
+  docker pull $testing_image
+  docker tag $testing_image $pr_image
+fi
+docker tag $pr_image $release_image
+
+if [[ "${GITHUB_REF}" == 'refs/heads/main' ]]
+then
+  docker push $release_image
+else
+  echo "Not pushing $release_image in dry-run mode."
+fi
diff --git a/.github/steps/deploy/canvas.json b/.github/steps/deploy/canvas.json
@@ -1,5 +1,5 @@
 {
-  "description": "${{ qualifier }} Deploy husky-directory version '${{ version }}' to ${{ stage }}.",
+  "description": "${{ qualifier }} Deploy husky-directory version '${{ version }}' to ${{ stage }}",
   "channel": "${{ slack_channel }}",
   "steps": [
     {

diff --git a/.github/steps/deploy/configure-canvas.sh b/.github/steps/deploy/configure-canvas.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-source ${BUILD_SCRIPTS_DIR}/sources/github-actions.sh
+source ./.build-scripts/sources/github-actions.sh
 
 canvas=$(${STEP_SCRIPTS}/get_slack_notification.sh \
   -b canvas \

diff --git a/.github/steps/deploy/get_slack_notification.sh b/.github/steps/deploy/get_slack_notification.sh
@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 
-source $BUILD_SCRIPTS_DIR/sources/slack.sh
-BUILD_SCRIPTS_DIR=${BUILD_SCRIPTS_DIR:-/tmp/build-scripts}
+source ./.build-scripts/sources/slack.sh
 ACTOR=${GITHUB_ACTOR}
 SLACK_CHANNEL='#cloud-native-directory'
 

diff --git a/.github/steps/pull-request/create-pr-tag.sh b/.github/steps/pull-request/create-pr-tag.sh
@@ -1,16 +1,6 @@
 #!/usr/bin/env bash
 
-if ! source "${BUILD_SCRIPTS_DIR}/sources/github-actions.sh"
-then
-  echo "You must install common-build-scripts and set "
-  echo "the BUILD_SCRIPTS_DIR environment variable."
-  echo "Try: "
-  echo "    export BUILD_SCRIPT_DIR=/tmp/build-scripts"
-  echo "    ./.github/scripts/install-build-scripts.sh"
-  echo "and then run this script again."
-  echo
-  exit 1
-fi
+source ./.build-scripts/sources/github-actions.sh
 
 function print_help {
    cat <<EOF

diff --git a/.github/steps/scheduled-maintenance/configure-environment.sh b/.github/steps/scheduled-maintenance/configure-environment.sh
@@ -1,7 +1,9 @@
 #!/usr/bin/env bash
 set -x
 
-./.github/scripts/install-build-scripts.sh
+workspace=${GITHUB_WORKSPACE:-.}
+
+${GITHUB_WORKSPACE}/scripts/install-build-scripts.sh
 
 POETRY_VERSION_GUIDANCE=${POETRY_VERSION_GUIDANCE:-patch}
 

diff --git a/.github/steps/scheduled-maintenance/context-vars.src.sh b/.github/steps/scheduled-maintenance/context-vars.src.sh
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
-source $BUILD_SCRIPTS_DIR/sources/slack.sh
-source $BUILD_SCRIPTS_DIR/sources/github-actions.sh
+source ./.build-scripts/sources/slack.sh
+source ./.build-scripts/sources/github-actions.sh
 
 BASE_IMAGE=${BASE_IMAGE_REPO}
 APP_IMAGE=${APP_IMAGE_REPO}

diff --git a/.github/steps/scheduled-maintenance/create-pull-request.sh b/.github/steps/scheduled-maintenance/create-pull-request.sh
@@ -4,7 +4,7 @@ pr_body="Beep boop! I'm a bot, here to make sure your dependencies are up to dat
 pr_body+="Everything looks good, I just need your approval to merge this "
 pr_body+="change in to your main branch!"
 
-source $BUILD_SCRIPTS_DIR/sources/github-actions.sh
+source ./.build-scripts/sources/github-actions.sh
 
 gh pr create \
   -B main \

diff --git a/.github/steps/scheduled-maintenance/slack-notification.json b/.github/steps/scheduled-maintenance/slack-notification.json
@@ -1,5 +1,5 @@
 {
-  "channel": "#iam-bot-sandbox",
+  "channel": "#iam-bots",
   "description": "UW Directory Scheduled Maintenance",
   "status": "in progress",
   "steps": [

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -7,7 +7,7 @@ on:
       - '*.md'
 
 env:
-  BUILD_SCRIPTS_DIR: /tmp/build-scripts
+  STEP_SCRIPTS: ${{ github.workspace }}/.github/steps/create-release
 
 jobs:
   create-release:
@@ -18,52 +18,45 @@ jobs:
       max-parallel: 1
     steps:
       - uses: actions/checkout@v2
-      - run: ${{ github.workspace }}/.github/scripts/install-build-scripts.sh
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        name: Install common-build-scripts to ${{ env.BUILD_SCRIPTS_DIR }}
-      - name: Python Poetry Action
+
+      - run: ./scripts/install-build-scripts.sh
+        name: Install UWIT-IAM/common-build-scripts
+
+      - name: Install poetry
         uses: abatilo/[email protected]
+
       - uses: google-github-actions/[email protected]
         with:
           project_id: ${{ secrets.IAM_GCR_REPO }}
           service_account_key: ${{ secrets.GCR_TOKEN }}
           export_default_credentials: true
           credentials_file_path: /tmp/gcloud.json
         name: Bootstrap gcloud
+
       - run: gcloud auth configure-docker gcr.io
+
       - run: echo ::set-output name=version::$(poetry version -s)
         id: get-version
         name: Get merged version
+
       - run: ./scripts/pre-push.sh --headless --no-commit
         name: Validate build
+
       - name: Actions Ecosystem Action Get Merged Pull Request
         uses: actions-ecosystem/[email protected]
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
         id: pr
-      - name: Push release tag
+
+      - name: Tag and push release image
         env:
           pr_image: gcr.io/${{ secrets.IAM_GCR_REPO }}/husky-directory:pull-request-${{ steps.pr.outputs.number }}
           release_image: gcr.io/${{ secrets.IAM_GCR_REPO }}/husky-directory:${{ steps.get-version.outputs.version }}
           # When using the dry-run branch, there is no PR to draw from, so we hard-code
           # a known-good image.
           testing_image: gcr.io/${{ secrets.IAM_GCR_REPO }}/husky-directory:1.0.1
-        run: |
-          if [[ "${{ github.ref }}" == "refs/heads/main" ]]
-          then
-            docker pull $pr_image
-          else
-            docker pull $testing_image
-            docker tag $testing_image $pr_image
-          fi
-          docker tag $pr_image $release_image
-          if [[ '${{ github.ref }}' == 'refs/heads/main' ]]
-          then
-            docker push $release_image
-          else
-            echo "Not pushing $release_image in dry-run mode."
-          fi
+        run: ${STEP_SCRIPTS}/push-release-image.sh
+
       - name: Create release ${{ steps.get-version.outputs.version }}
         uses: ncipollo/release-action@v1
         with:

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -3,6 +3,8 @@ on:
     branches:
       - dry-run-deploy
   release:
+    types:
+      - released
   workflow_dispatch:
     inputs:
       cluster:
@@ -20,7 +22,6 @@ on:
           prod will source from eval).
 
 env:
-  BUILD_SCRIPTS_DIR: /tmp/build-scripts
   SLACK_BOT_TOKEN: ${{ secrets.ACTIONS_SLACK_BOT_TOKEN }}
   DRY_RUN: false
   STEP_SCRIPTS: ${{ github.workspace }}/.github/steps/deploy
@@ -33,11 +34,9 @@ jobs:
       max-parallel: 1
     steps:
       - uses: actions/checkout@v2
-      - run: ${{ github.workspace }}/.github/scripts/install-build-scripts.sh
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: ./scripts/install-build-scripts.sh
         name: Install common-build-scripts
-      - uses: google-github-actions/[email protected].0
+      - uses: google-github-actions/[email protected].1
         with:
           project_id: ${{ secrets.GCR_REPO }}
           service_account_key: ${{ secrets.GCR_TOKEN }}
@@ -46,26 +45,33 @@ jobs:
       # When pushing from a merge to main, we'll always deploy the latest
       # created release to dev.
       - if: github.event_name == 'release'
-        run: echo "target_version=$(basename $GITHUB_REF)" >> $GITHUB_ENV
+        run: |
+          source ./.build-scripts/sources/github-actions.sh
+          set_env target_version "$(basename $GITHUB_REF)"
         name: Configure new release deployment
 
       # When performing an automated dry run from a push, we will be running using
       # the basic default command of: ./deploy-sh --dry-run --target-cluster dev
       - if: github.event_name == 'push' && github.ref == 'refs/heads/dry-run-deploy'
         run: |
-          echo 'DRY_RUN=true' >> $GITHUB_ENV
-          echo 'deployment_qualifier=[DRY-RUN]' >> $GITHUB_ENV
+          source ./.build-scripts/sources/github-actions.sh
+          set_env DRY_RUN true
+          set_env deployment_qualifier "[DRY-RUN]"
         name: Configure dry run deployment
 
       # When pushing from the Github UI, we will fill in the values
       # provided by the user.
       - if: github.event_name == 'workflow_dispatch'
         run: |
-          echo "DRY_RUN=${{ github.event.inputs.dry-run }}" >> $GITHUB_ENV
-          echo "target_cluster=${{ github.event.inputs.cluster }}" >> $GITHUB_ENV
-          echo "target_version=${{ github.event.inputs.version }}" >> $GITHUB_ENV
-          echo "rfc_number=${{ github.event.inputs.rfc }}" >> $GITHUB_ENV
-          echo "deployment_qualifier=[RFC-${{ github.event.inputs.rfc }}]" >> $GITHUB_ENV
+          source ./.build-scripts/sources/github-actions.sh
+          set_env DRY_RUN "${{ github.event.inputs.dry-run }}"
+          set_env target_cluster "${{ github.event.inputs.cluster }}"
+          set_env target_version "${{ github.event.inputs.version }}"
+          set_env rfc_number "${{ github.event.inputs.rfc }}"
+          if [[ -n "${{ github.event.inputs.rfc }}" ]]
+          then
+            set_env deployment_qualifier "[RFC-${{ github.event.inputs.rfc }}]"
+          fi
         id: configure-env
         name: Configure manual deployment
 
@@ -80,7 +86,7 @@ jobs:
 
       - name: Update env with promotion version
         run: |
-          source ${BUILD_SCRIPTS_DIR}/sources/github-actions.sh
+          source ./.build-scripts/sources/github-actions.sh
           set_env target_version '${{ steps.configure-promotion.outputs.target-version }}'
         if: '! env.target_version'
 
@@ -96,9 +102,10 @@ jobs:
         name: Create slack notification canvas
 
       - run: |
-          echo "SLACK_CANVAS_ID=${{ steps.create-canvas.outputs.canvas-id }}" >> $GITHUB_ENV
-          echo "CURRENT_STEP=deploy" >> $GITHUB_ENV
-          echo "NEXT_STEP=validate-deployment" >> $GITHUB_ENV
+          source ./.build-scripts/sources/github-actions.sh
+          set_env SLACK_CANVAS_ID "${{ steps.create-canvas.outputs.canvas-id }}"
+          set_env CURRENT_STEP deploy
+          set_env NEXT_STEP validate-deployment
         name: Set up slack notification env
 
       - uses: uwit-iam/actions/[email protected]
@@ -118,8 +125,9 @@ jobs:
           step-status: succeeded, in progress
         name: Update canvas and progress to ${{ env.NEXT_STEP }}
       - run: |
-          echo "CURRENT_STEP=$NEXT_STEP" >> $GITHUB_ENV
-          echo "NEXT_STEP=" >> $GITHUB_ENV
+          source ./.build-scripts/sources/github-actions.sh
+          set_env CURRENT_STEP $NEXT_STEP
+          set_env NEXT_STEP ""
         name: Update canvas steps in env
 
       - uses: uwit-iam/actions/[email protected]

diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
@@ -23,16 +23,21 @@ jobs:
     steps:
       - name: Python Poetry Action
         uses: abatilo/[email protected]
+
       - uses: uwit-iam/actions/[email protected]
         id: guidance
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
+
       - uses: actions/checkout@v2
         with:
           ref: ${{ github.event.pull_request.base.ref }}
+
       - run: echo ::set-output name=version::$(poetry version -s)
         id: get-version
+
       - uses: actions/checkout@v2
+
       - name: Update PR version to base_version+guidance
         env:
           BASE_VERSION: ${{ steps.get-version.outputs.version }}
@@ -46,6 +51,7 @@ jobs:
             echo ::set-output name=new-version::$new_version
           fi
         id: update-version
+
       - if: steps.update-version.outputs.new-version
         uses: EndBug/[email protected]
         env:
@@ -55,24 +61,28 @@ jobs:
           default_author: github_actions
           push: true
           message: "[Bot] Update version to ${{ env.version }}"
+
   validate-image-quality:
     needs: [update-pr-branch-version]
     runs-on: ubuntu-latest
     env:
-      BUILD_SCRIPTS_DIR: /tmp/build-scripts
       APP_VERSION: ${{ needs.update-pr-branch-version.outputs.new-version }}
     steps:
       - uses: actions/checkout@v2
+
       - run: |
           ./.github/scripts/gcr-login.sh
-          ./.github/scripts/install-build-scripts.sh
+          ./scripts/install-build-scripts.sh
         id: configure
+
       - name: Run validation checks and tests
         run: ./scripts/pre-push.sh --headless --version $APP_VERSION
         id: run-validations
+
       - name: Push tag for pull request
         run: ${STEP_SCRIPTS}/create-pr-tag.sh -s ${{ steps.run-validations.outputs.image }}
         id: create-pr-tag
+
       - uses: mshick/add-pr-comment@v1
         env:
           PR_TAG: ${{ steps.create-pr-tag.outputs.image }}