Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DNM (before settings changes)] auto version bumping & suggested repo settings changes #368

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[DNM (before settings changes)] auto version bumping & suggested repo settings changes #368

wants to merge 6 commits into from

Conversation

w0de
Copy link
Contributor

@w0de w0de commented Aug 15, 2024
edited
Loading

This PR should not be merged before several changes are made to the repo's settings.

Changes

  • Adds an auto-version bump job to release.yml. Uses mathieudutour/github-tag-action.
  • Adds two triggers to same workflow: on pushes to main and release branches.
  • Adds an environment: value to the Terraform Provider Release job. This makes the job a Github Deployment.
  • Adds releases documentation to README.
  • Adds yamllint step to lint job; adds permissive yamllint config; fixes some yamllint'd issues in various yamls.

Required settings changes

  • Create a new environment (Settings -> Environments) named 'terraform registry'. Set 'Deployment branches and tags' to 'Protected branches only':
Screenshot 2024-08-14 at 6 45 45 PM
  • This will restrict the Terraform Provider job from ever running - that is, deploying to 'hashicorp registry' - on an unprotected branch.
  • Set the main branch as protected (Settings -> Branches) (believe it already is).
  • Create a release branch and protect it similarly - but also restrict admins' ability to evade protection w/ a force push.

How this will change release & dev flows

In this design, every time you merge a PR with main, a new prerelease will be automatically built and deployed to the Terraform Registry (provided tests.yml passes). When you're ready to make a full release, open a PR main->release. Admins can still push their changes directly to main, but doing so should be done more judiciously.

Tag pushes can still be used to manually create a release from any branch (but deployment will fail if the branch is not protected). The auto version bump is skipped in these cases.

Some possible variations on this design

  • You may optionally enable 'Required reviewers' for the 'terraform registry' environment. This will prevent the release job from proceeding until approved.
  • We can create a prerelease branch instead of deploying main. This would allow folks to continue to commit to main - and permit manual releases from main w/ version tag - while still at least notionally locking down releases.
  • Or just use the release branch, and never deploy prereleases or releases from main or any other branch (save when a protected branch is tagged).

If any of these - or any other delta - seems better to y'all, let me know and I'll amend this patch accordingly.

@w0de w0de requested a review from ShocOne as a code owner August 15, 2024 01:19
@w0de w0de changed the title [DNM (before settings changes)] auto version bumping & suggest repo settings changes [DNM (before settings changes)] auto version bumping & suggested repo settings changes Aug 15, 2024
@w0de
Copy link
Contributor Author

w0de commented Aug 15, 2024

Also I wish I could figure out how to fix the generate test :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@williamtheaker williamtheaker williamtheaker left review comments

@ShocOne ShocOne Awaiting requested review from ShocOne ShocOne is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@w0de @williamtheaker