Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/.github/workflows/production-suite.yml

275 lines
9.2 KiB
YAML
Raw Normal View History

docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
name: Zulip production suite
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
on:
push:
github-actions: Only run production suite on production related updates. The production suite will only run if anything under puppet, scripts, and tools or any migrations are updated. The '**' glob means it includes subdirectory updates. For migrations all ~5 migrations directories are includes using the **/migrations/** pattern. The GitHub Action docs that explain the syntax: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
2020-07-17 20:27:19 +02:00
paths:
- "**/migrations/**"
- puppet/**
- requirements/**
- scripts/**
- static/**
- tools/**
- zproject/**
- yarn.lock
- .github/workflows/production-suite.yml
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
pull_request:
github-actions: Only run production suite on production related updates. The production suite will only run if anything under puppet, scripts, and tools or any migrations are updated. The '**' glob means it includes subdirectory updates. For migrations all ~5 migrations directories are includes using the **/migrations/** pattern. The GitHub Action docs that explain the syntax: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
2020-07-17 20:27:19 +02:00
paths:
- "**/migrations/**"
- puppet/**
- requirements/**
- scripts/**
- static/**
- tools/**
- zproject/**
- yarn.lock
- .github/workflows/production-suite.yml
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
defaults:
run:
shell: bash
jobs:
production_build:
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
# This job builds a release tarball from the current commit, which
# will be used for all of the following install/upgrade tests.
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
name: Bionic production build
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
runs-on: ubuntu-latest
# This docker image was created by a generated Dockerfile at:
# tools/ci/images/bionic/Dockerfile
# Bionic ships with Python 3.6.
ci: Switch to hosting the CI images under Zulip on Dockerhub.
2021-04-01 00:59:59 +02:00
container: zulip/ci:bionic
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
steps:
- name: Add required permissions
run: |
# The checkout actions doesn't clone to ~/zulip or allow
# us to use the path option to clone outside the current
# /__w/zulip/zulip directory. Since this directory is owned
# by root we need to change it's ownership to allow the
# github user to clone the code here.
# Note: /__w/ is a docker volume mounted to $GITHUB_WORKSPACE
# which is /home/runner/work/.
sudo chown -R github .
# This is the GitHub Actions specific cache directory the
# the current github user must be able to access for the
# cache action to work. It is owned by root currently.
sudo chmod -R 0777 /__w/_temp/
- uses: actions/checkout@v2
- name: Create cache directories
run: |
dirs=(/srv/zulip-{npm,venv,emoji}-cache)
sudo mkdir -p "${dirs[@]}"
sudo chown -R github "${dirs[@]}"
- name: Restore node_modules cache
uses: actions/cache@v2
with:
path: /srv/zulip-npm-cache
key: v1-yarn-deps-${{ github.job }}-${{ hashFiles('package.json') }}-${{ hashFiles('yarn.lock') }}
restore-keys: v1-yarn-deps-${{ github.job }}
- name: Restore python cache
uses: actions/cache@v2
with:
path: /srv/zulip-venv-cache
requirements: Remove Thumbor. Thumbor and tc-aws have been dragging their feet on Python 3 support for years, and even the alphas and unofficial forks we’ve been running don’t seem to be maintained anymore. Depending on these projects is no longer viable for us. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-05-07 00:38:24 +02:00
key: v1-venv-${{ github.job }}-${{ hashFiles('requirements/dev.txt') }}
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
restore-keys: v1-venv-${{ github.job }}
- name: Restore emoji cache
uses: actions/cache@v2
with:
path: /srv/zulip-emoji-cache
key: v1-emoji-${{ github.job }}-${{ hashFiles('tools/setup/emoji/emoji_map.json') }}-${{ hashFiles('tools/setup/emoji/build_emoji') }}-${{ hashFiles('tools/setup/emoji/emoji_setup_utils.py') }}-${{ hashFiles('tools/setup/emoji/emoji_names.py') }}-${{ hashFiles('package.json') }}
restore-keys: v1-emoji-${{ github.job }}
- name: Do Bionic hack
run: |
# Temporary hack till `sudo service redis-server start` gets fixes in Bionic. See
# https://chat.zulip.org/#narrow/stream/3-backend/topic/Ubuntu.20bionic.20CircleCI
sudo sed -i '/^bind/s/bind.*/bind 0.0.0.0/' /etc/redis/redis.conf
- name: Build production tarball
ci: Remove 2>&1 redirection. We had used 2>&1 to redirect stderr to stdout so it could be piped into ts, but commit dd3cdd6ec5085c25b6a9491b7e9b672ae99af442 (#17611) removed ts, so we no longer need the redirection. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 20:51:40 +02:00
run: ./tools/ci/production-build
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
- name: Upload production build artifacts for install jobs
uses: actions/upload-artifact@v2
with:
name: production-tarball
path: /tmp/production-build
github: Enable retention periods for uploaded artifacts. This prevents Zulip CI from eventually consuming large amounts of storage on one's GitHub account. I picked a longer retention period for the Puppeteer artifacts because humans look at those; the production tarballs are unlikely to be used 10 minutes after the run completes as they are just for the next stage fo the build; certainly 14 days seems ample for any debugging.
2020-11-04 01:36:23 +01:00
retention-days: 14
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
ci: Notify in zulip when a build fails in GitHub Actions. We use the circleci integration which already has a nice setup for sending messages when triggered to send the build failure notification.
2021-02-16 06:27:02 +01:00
- name: Report status
if: failure()
env:
ZULIP_BOT_KEY: ${{ secrets.ZULIP_BOT_KEY }}
run: tools/ci/send-failure-message
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
production_install:
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
# This job installs the server release tarball built above on a
# range of platforms, and does some basic health checks on the
# resulting installer Zulip server.
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
strategy:
fail-fast: false
matrix:
include:
ci: Add comments documenting building base images.
2021-04-13 19:33:47 +02:00
# Base images are built using `tools/ci/Dockerfile.template`.
# The comments at the top explain how to build and upload these images.
ci: Switch to hosting the CI images under Zulip on Dockerhub.
2021-04-01 00:59:59 +02:00
- docker_image: zulip/ci:bionic
ci: Update CI to test once with custom db name and user. Update CI to test once with a custom db name and user so we can test both scenarios of a custom dbname/user and the default "zulip".
2021-03-31 14:01:33 +02:00
name: Bionic production install with custom db name and user
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
is_bionic: true
os: bionic
ci: Update CI to test once with custom db name and user. Update CI to test once with a custom db name and user so we can test both scenarios of a custom dbname/user and the default "zulip".
2021-03-31 14:01:33 +02:00
install-command: /tmp/production-install --test-custom-db
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
ci: Switch to hosting the CI images under Zulip on Dockerhub.
2021-04-01 00:59:59 +02:00
- docker_image: zulip/ci:focal
docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
name: Focal production install
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
is_focal: true
os: focal
ci: Update CI to test once with custom db name and user. Update CI to test once with a custom db name and user so we can test both scenarios of a custom dbname/user and the default "zulip".
2021-03-31 14:01:33 +02:00
install-command: /tmp/production-install
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
ci: Switch to hosting the CI images under Zulip on Dockerhub.
2021-04-01 00:59:59 +02:00
- docker_image: zulip/ci:buster
production_suite: Add debian production install to production suite. We support Debian as an OS for setting up the Zulip server. But the CI does not run on pull request to test the setting up of the server on Debian. Hence, add the check to CI.
2021-03-25 08:37:45 +01:00
name: Buster production install
is_buster: true
os: buster
ci: Update CI to test once with custom db name and user. Update CI to test once with a custom db name and user so we can test both scenarios of a custom dbname/user and the default "zulip".
2021-03-31 14:01:33 +02:00
install-command: /tmp/production-install
production_suite: Add debian production install to production suite. We support Debian as an OS for setting up the Zulip server. But the CI does not run on pull request to test the setting up of the server on Debian. Hence, add the check to CI.
2021-03-25 08:37:45 +01:00
ci: Add Debian bullseye to production test suite.
2021-04-02 11:04:05 +02:00
- docker_image: zulip/ci:bullseye
name: Bullseye production install
is_bullseye: true
os: bullseye
ci: Update CI to test once with custom db name and user. Update CI to test once with a custom db name and user so we can test both scenarios of a custom dbname/user and the default "zulip".
2021-03-31 14:01:33 +02:00
install-command: /tmp/production-install
ci: Add Debian bullseye to production test suite.
2021-04-02 11:04:05 +02:00
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
name: ${{ matrix.name }}
container: ${{ matrix.docker_image }}
runs-on: ubuntu-latest
needs: production_build
steps:
- name: Download built production tarball
uses: actions/download-artifact@v2
with:
name: production-tarball
path: /tmp
- name: Add required permissions and setup
run: |
# This is the GitHub Actions specific cache directory the
# the current github user must be able to access for the
# cache action to work. It is owned by root currently.
sudo chmod -R 0777 /__w/_temp/
# Since actions/download-artifact@v2 loses all the permissions
# of the tarball uploaded by the upload artifact fix those.
chmod +x /tmp/production-upgrade-pg
chmod +x /tmp/production-install
chmod +x /tmp/production-verify
ci: Notify in zulip when a build fails in GitHub Actions. We use the circleci integration which already has a nice setup for sending messages when triggered to send the build failure notification.
2021-02-16 06:27:02 +01:00
chmod +x /tmp/send-failure-message
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Create cache directories
run: |
dirs=(/srv/zulip-{npm,venv,emoji}-cache)
sudo mkdir -p "${dirs[@]}"
sudo chown -R github "${dirs[@]}"
- name: Restore node_modules cache
uses: actions/cache@v2
with:
path: /srv/zulip-npm-cache
github-actions: Fix incorrect hash key in production install job. The hash keys were missing hash for package.json and yarn.lock because they were not present since we don't do a full checkout in this job. We fix this by sending over those files and generating hashes from them. I usally verify these cache keys by clicking the Restore <cache> step dropdown menu and then clicking the Run ... dropdown menu again to see the generated hash.
2020-08-03 19:58:56 +02:00
key: v1-yarn-deps-${{ matrix.os }}-${{ hashFiles('/tmp/package.json') }}-${{ hashFiles('/tmp/yarn.lock') }}
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
restore-keys: v1-yarn-deps-${{ matrix.os }}
- name: Do Bionic hack
if: ${{ matrix.is_bionic }}
run: |
# Temporary hack till `sudo service redis-server start` gets fixes in Bionic. See
# https://chat.zulip.org/#narrow/stream/3-backend/topic/Ubuntu.20bionic.20CircleCI
sudo sed -i '/^bind/s/bind.*/bind 0.0.0.0/' /etc/redis/redis.conf
- name: Install production
run: |
sudo service rabbitmq-server restart
ci: Update CI to test once with custom db name and user. Update CI to test once with a custom db name and user so we can test both scenarios of a custom dbname/user and the default "zulip".
2021-03-31 14:01:33 +02:00
sudo ${{ matrix.install-command }}
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Verify install
ci: Remove 2>&1 redirection. We had used 2>&1 to redirect stderr to stdout so it could be piped into ts, but commit dd3cdd6ec5085c25b6a9491b7e9b672ae99af442 (#17611) removed ts, so we no longer need the redirection. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 20:51:40 +02:00
run: sudo /tmp/production-verify
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Upgrade postgresql
if: ${{ matrix.is_bionic }}
ci: Remove 2>&1 redirection. We had used 2>&1 to redirect stderr to stdout so it could be piped into ts, but commit dd3cdd6ec5085c25b6a9491b7e9b672ae99af442 (#17611) removed ts, so we no longer need the redirection. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 20:51:40 +02:00
run: sudo /tmp/production-upgrade-pg
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Verify install after upgrading postgresql
if: ${{ matrix.is_bionic }}
ci: Remove 2>&1 redirection. We had used 2>&1 to redirect stderr to stdout so it could be piped into ts, but commit dd3cdd6ec5085c25b6a9491b7e9b672ae99af442 (#17611) removed ts, so we no longer need the redirection. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 20:51:40 +02:00
run: sudo /tmp/production-verify
ci: Notify in zulip when a build fails in GitHub Actions. We use the circleci integration which already has a nice setup for sending messages when triggered to send the build failure notification.
2021-02-16 06:27:02 +01:00
- name: Report status
if: failure()
env:
ZULIP_BOT_KEY: ${{ secrets.ZULIP_BOT_KEY }}
run: /tmp/send-failure-message
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
production_upgrade:
# The production upgrade job starts with a container with a
# previous Zulip release installed, and attempts to upgrade it to
# the release tarball built for the current commit being tested.
#
# This is intended to catch bugs that result in the upgrade
# process failing.
strategy:
fail-fast: false
matrix:
include:
# Base images are built using `tools/ci/Dockerfile.prod.template`.
# The comments at the top explain how to build and upload these images.
- docker_image: zulip/ci:buster-3.4
name: 3.4 Version Upgrade
is_focal: true
os: buster
name: ${{ matrix.name }}
container: ${{ matrix.docker_image }}
runs-on: ubuntu-latest
needs: production_build
steps:
- name: Download built production tarball
uses: actions/download-artifact@v2
with:
name: production-tarball
path: /tmp
- name: Add required permissions and setup
run: |
# This is the GitHub Actions specific cache directory the
# the current github user must be able to access for the
# cache action to work. It is owned by root currently.
sudo chmod -R 0777 /__w/_temp/
# Since actions/download-artifact@v2 loses all the permissions
# of the tarball uploaded by the upload artifact fix those.
chmod +x /tmp/production-upgrade
chmod +x /tmp/production-verify
chmod +x /tmp/send-failure-message
upgrade-check: Add create cache directory step. Create cache directories for the upgrade check in the production-suite.
2021-07-01 14:44:04 +02:00
- name: Create cache directories
run: |
dirs=(/srv/zulip-{npm,venv,emoji}-cache)
sudo mkdir -p "${dirs[@]}"
sudo chown -R github "${dirs[@]}"
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
- name: Upgrade production
run: sudo /tmp/production-upgrade
# TODO: We should be running production-verify here, but it
# doesn't pass yet.
#
# - name: Verify install
# run: sudo /tmp/production-verify
- name: Report status
if: failure()
env:
ZULIP_BOT_KEY: ${{ secrets.ZULIP_BOT_KEY }}
run: /tmp/send-failure-message