Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/.github/workflows/production-suite.yml

333 lines
12 KiB
YAML
Raw Normal View History

docs: Fix more capitalization issues. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2020-10-23 02:43:28 +02:00
name: Zulip production suite
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
on:
ci: Avoid duplicate GitHub Actions runs for push, pull_request. We’ve always been running CI on both push events and pull_request events, which means it runs twice for commits that are pushed to a pull request. Filter the push events by branch name. Add the workflow_dispatch event in case developers want to manually run CI on some other branch that isn’t a pull request. https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 23:57:53 +02:00
push:
branches: ["*.x", chat.zulip.org, main]
tags: ["*"]
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
pull_request:
github-actions: Only run production suite on production related updates. The production suite will only run if anything under puppet, scripts, and tools or any migrations are updated. The '**' glob means it includes subdirectory updates. For migrations all ~5 migrations directories are includes using the **/migrations/** pattern. The GitHub Action docs that explain the syntax: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
2020-07-17 20:27:19 +02:00
paths:
ci: Adjust when production suite is run. We make a few adjustments: * We now run full CI whenever pushing to master. It's cheap enough that it's worth getting accurate signal. * We now don't run production tests on PRs for changes to JavaScript/CSS in static/ that don't also affect the webpack configuration. * We sort the list of paths that trigger tests.
2021-07-30 23:52:10 +02:00
- .github/workflows/production-suite.yml
github-actions: Only run production suite on production related updates. The production suite will only run if anything under puppet, scripts, and tools or any migrations are updated. The '**' glob means it includes subdirectory updates. For migrations all ~5 migrations directories are includes using the **/migrations/** pattern. The GitHub Action docs that explain the syntax: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
2020-07-17 20:27:19 +02:00
- "**/migrations/**"
ci: Run production tests when files mentioning zilencer are changed. Production installs do not use the zilencer application, but the tests do include it; as such, changes to any files which reference zilencer are more likely to pass tests but fail production installs. Run production tests when those files are changed.
2021-10-20 23:55:54 +02:00
- manage.py
dependencies: Switch to pnpm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 19:52:59 +01:00
- pnpm-lock.yaml
github-actions: Only run production suite on production related updates. The production suite will only run if anything under puppet, scripts, and tools or any migrations are updated. The '**' glob means it includes subdirectory updates. For migrations all ~5 migrations directories are includes using the **/migrations/** pattern. The GitHub Action docs that explain the syntax: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
2020-07-17 20:27:19 +02:00
- puppet/**
- requirements/**
- scripts/**
- tools/**
webpack: Move webpack configuration to web. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-24 02:20:53 +01:00
- web/babel.config.js
- web/postcss.config.js
web: Move web app to ‘web’ directory. Ever since we started bundling the app with webpack, there’s been less and less overlap between our ‘static’ directory (files belonging to the frontend app) and Django’s interpretation of the ‘static’ directory (files served directly to the web). Split the app out to its own ‘web’ directory outside of ‘static’, and remove all the custom collectstatic --ignore rules. This makes it much clearer what’s actually being served to the web, and what’s being bundled by webpack. It also shrinks the release tarball by 3%. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-22 23:03:47 +01:00
- web/third/**
webpack: Move webpack configuration to web. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-24 02:20:53 +01:00
- web/webpack.config.ts
ci: Run production tests when files mentioning zilencer are changed. Production installs do not use the zilencer application, but the tests do include it; as such, changes to any files which reference zilencer are more likely to pass tests but fail production installs. Run production tests when those files are changed.
2021-10-20 23:55:54 +02:00
- zerver/worker/queue_processors.py
- zerver/lib/push_notifications.py
- zerver/decorator.py
ci: Adjust when production suite is run. We make a few adjustments: * We now run full CI whenever pushing to master. It's cheap enough that it's worth getting accurate signal. * We now don't run production tests on PRs for changes to JavaScript/CSS in static/ that don't also affect the webpack configuration. * We sort the list of paths that trigger tests.
2021-07-30 23:52:10 +02:00
- zproject/**
ci: Avoid duplicate GitHub Actions runs for push, pull_request. We’ve always been running CI on both push events and pull_request events, which means it runs twice for commits that are pushed to a pull request. Filter the push events by branch name. Add the workflow_dispatch event in case developers want to manually run CI on some other branch that isn’t a pull request. https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 23:57:53 +02:00
workflow_dispatch:
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
ci: Replace cancel-previous-runs job with concurrency configuration. Using ‘github.head_ref || github.run_id’ makes this only cancel in-progress jobs for pull_request events. https://docs.github.com/en/actions/using-jobs/using-concurrency Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-05 01:14:47 +02:00
concurrency:
group: "${{ github.workflow }}-${{ github.head_ref || github.run_id }}"
cancel-in-progress: true
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
defaults:
run:
shell: bash
ci: Limit GitHub token permissions for workflows. This limits the ability for an Action to do mischief with this token. Fixes #22786. Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2022-08-30 02:12:55 +02:00
permissions:
contents: read
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
jobs:
production_build:
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
# This job builds a release tarball from the current commit, which
# will be used for all of the following install/upgrade tests.
Remove Debian 10 support. As a consequence: • Bump minimum supported Python version to 3.8. • Move Vagrant environment to Ubuntu 20.04, which has Python 3.8. • Move CI frontend tests to Ubuntu 20.04. • Move production build test to Ubuntu 20.04. • Move 3.4 upgrade test to Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-19 03:18:48 +02:00
name: Ubuntu 20.04 production build
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
runs-on: ubuntu-latest
ci: Update outdated comments to generated Dockerfiles. These were missed in the doc updates in d78723b6e876, which were for behavior changes in 16067bc4fc5c.
2021-11-05 23:35:39 +01:00
# Docker images are built from 'tools/ci/Dockerfile'; the comments at
# the top explain how to build and upload these images.
Remove Debian 10 support. As a consequence: • Bump minimum supported Python version to 3.8. • Move Vagrant environment to Ubuntu 20.04, which has Python 3.8. • Move CI frontend tests to Ubuntu 20.04. • Move production build test to Ubuntu 20.04. • Move 3.4 upgrade test to Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-19 03:18:48 +02:00
# Ubuntu 20.04 ships with Python 3.8.10.
container: zulip/ci:focal
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
steps:
- name: Add required permissions
run: |
# The checkout actions doesn't clone to ~/zulip or allow
# us to use the path option to clone outside the current
# /__w/zulip/zulip directory. Since this directory is owned
# by root we need to change it's ownership to allow the
# github user to clone the code here.
# Note: /__w/ is a docker volume mounted to $GITHUB_WORKSPACE
# which is /home/runner/work/.
sudo chown -R github .
# This is the GitHub Actions specific cache directory the
# the current github user must be able to access for the
# cache action to work. It is owned by root currently.
sudo chmod -R 0777 /__w/_temp/
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
- uses: actions/checkout@v3
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
- name: Create cache directories
run: |
dependencies: Switch to pnpm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 19:52:59 +01:00
dirs=(/srv/zulip-{venv,emoji}-cache)
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
sudo mkdir -p "${dirs[@]}"
sudo chown -R github "${dirs[@]}"
dependencies: Switch to pnpm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 19:52:59 +01:00
- name: Restore pnpm store
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
uses: actions/cache@v3
Revert "ci: Remove actions/cache@v2 steps from run due to failures." This reverts commit ae24fe69ed6f386240147ebbcecf4cf7696997ed. The problem was fixed by GitHub. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-29 23:03:12 +02:00
with:
ci: Fix pnpm store path for GitHub Actions. This would ordinarily be determined by running ‘pnpm store path’, but pnpm is not installed yet at that point. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-31 18:53:44 +02:00
path: /__w/.pnpm-store
dependencies: Switch to pnpm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 19:52:59 +01:00
key: v1-pnpm-store-focal-${{ hashFiles('pnpm-lock.yaml') }}
Revert "ci: Remove actions/cache@v2 steps from run due to failures." This reverts commit ae24fe69ed6f386240147ebbcecf4cf7696997ed. The problem was fixed by GitHub. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-29 23:03:12 +02:00
- name: Restore python cache
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
uses: actions/cache@v3
Revert "ci: Remove actions/cache@v2 steps from run due to failures." This reverts commit ae24fe69ed6f386240147ebbcecf4cf7696997ed. The problem was fixed by GitHub. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-29 23:03:12 +02:00
with:
path: /srv/zulip-venv-cache
key: v1-venv-focal-${{ hashFiles('requirements/dev.txt') }}
restore-keys: v1-venv-focal
- name: Restore emoji cache
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
uses: actions/cache@v3
Revert "ci: Remove actions/cache@v2 steps from run due to failures." This reverts commit ae24fe69ed6f386240147ebbcecf4cf7696997ed. The problem was fixed by GitHub. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-29 23:03:12 +02:00
with:
path: /srv/zulip-emoji-cache
key: v1-emoji-focal-${{ hashFiles('tools/setup/emoji/emoji_map.json') }}-${{ hashFiles('tools/setup/emoji/build_emoji') }}-${{ hashFiles('tools/setup/emoji/emoji_setup_utils.py') }}-${{ hashFiles('tools/setup/emoji/emoji_names.py') }}-${{ hashFiles('package.json') }}
restore-keys: v1-emoji-focal
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
- name: Build production tarball
ci: Remove 2>&1 redirection. We had used 2>&1 to redirect stderr to stdout so it could be piped into ts, but commit dd3cdd6ec5085c25b6a9491b7e9b672ae99af442 (#17611) removed ts, so we no longer need the redirection. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 20:51:40 +02:00
run: ./tools/ci/production-build
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
- name: Upload production build artifacts for install jobs
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
uses: actions/upload-artifact@v3
github-actions: Add bionic production build job. All the steps are same from circleci except two steps: 1. The 'Add permissions ...' step is Actions specific as explained in comments. 2. The step that used upload-artifacts is Actions verison of presist_to_workspace. Finally, I should note the duplication in this and zulip-ci workflow. There are three reason this is not a problem: 1. It will be messy to mush this into zulip-ci workflow only for benefit of un-duplicating the env and cache restore steps. 2. We needs this on its own workflow if we want to only run it when production related dependencies are updated. 3. I don't see us updating the duplicated steps between both workflow. Circle CI config is prefect example for this; nothing is changed except for adding or updating steps which are not duplicated.
2020-07-08 02:20:01 +02:00
with:
name: production-tarball
path: /tmp/production-build
ci: Reduce production suite tarball retention from 14 days to 1. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-02-16 10:04:39 +01:00
retention-days: 1
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
ci: Fix pnpm store path for GitHub Actions. This would ordinarily be determined by running ‘pnpm store path’, but pnpm is not installed yet at that point. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-31 18:53:44 +02:00
- name: Verify pnpm store path
run: |
set -x
path="$(pnpm store path)"
[[ "$path" == /__w/.pnpm-store/* ]]
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
- name: Generate failure report string
id: failure_report_string
ci: Only report failures to CZO on branch pushes. Targeted fix for regression introduced in #23719 wherein failure reports were attempted for all CI failures, including those from forked pull requests, which don't have access to Actions Secrets. Since undefined Secrets are empty strings at interpolation time [^1], the underlying `send-message` Action was being called with no API Key, causing a failure in the failure handler. This fix is, per discussion in both a comment on #23719 and later on CZO [^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being an empty string that had been in the shell script as it is more explicit in its intent. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets [^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 23:10:11 +01:00
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
run: tools/ci/generate-failure-message >> $GITHUB_OUTPUT
- name: Report status to CZO
ci: Only report failures to CZO on branch pushes. Targeted fix for regression introduced in #23719 wherein failure reports were attempted for all CI failures, including those from forked pull requests, which don't have access to Actions Secrets. Since undefined Secrets are empty strings at interpolation time [^1], the underlying `send-message` Action was being called with no API Key, causing a failure in the failure handler. This fix is, per discussion in both a comment on #23719 and later on CZO [^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being an empty string that had been in the shell script as it is more explicit in its intent. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets [^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 23:10:11 +01:00
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
uses: zulip/github-actions-zulip/send-message@v1
with:
api-key: ${{ secrets.ZULIP_BOT_KEY }}
email: "github-actions-bot@chat.zulip.org"
organization-url: "https://chat.zulip.org"
to: "automated testing"
topic: ${{ steps.failure_report_string.outputs.topic }}
type: "stream"
content: ${{ steps.failure_report_string.outputs.content }}
ci: Notify in zulip when a build fails in GitHub Actions. We use the circleci integration which already has a nice setup for sending messages when triggered to send the build failure notification.
2021-02-16 06:27:02 +01:00
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
production_install:
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
# This job installs the server release tarball built above on a
# range of platforms, and does some basic health checks on the
# resulting installer Zulip server.
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
strategy:
fail-fast: false
matrix:
include:
ci: Update outdated comments, documentation and gitignore. Use of `Dockerfile.template` and generated `tools/ci/images/` was removed in 16067bc4fc5c.
2021-07-22 21:33:39 +02:00
# Docker images are built from 'tools/ci/Dockerfile'; the comments at
# the top explain how to build and upload these images.
ci: Switch to hosting the CI images under Zulip on Dockerhub.
2021-04-01 00:59:59 +02:00
- docker_image: zulip/ci:focal
ci: Rename focal job to describe all it does.
2023-05-05 04:35:16 +02:00
name: Ubuntu 20.04 production install and PostgreSQL upgrade with pgroonga
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
os: focal
ci: Stop trying to pull out the default extra-args. This was preventing the 20.04 install from actually happening, as GitHub was folding the two into one configuration.
2023-05-05 04:17:59 +02:00
extra-args: ""
install: Resupport Ubuntu 22.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-16 00:45:07 +01:00
- docker_image: zulip/ci:jammy
name: Ubuntu 22.04 production install
os: jammy
ci: Stop trying to pull out the default extra-args. This was preventing the 20.04 install from actually happening, as GitHub was folding the two into one configuration.
2023-05-05 04:17:59 +02:00
extra-args: ""
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
ci: Add Debian bullseye to production test suite.
2021-04-02 11:04:05 +02:00
- docker_image: zulip/ci:bullseye
Remove Debian 10 support. As a consequence: • Bump minimum supported Python version to 3.8. • Move Vagrant environment to Ubuntu 20.04, which has Python 3.8. • Move CI frontend tests to Ubuntu 20.04. • Move production build test to Ubuntu 20.04. • Move 3.4 upgrade test to Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-19 03:18:48 +02:00
name: Debian 11 production install with custom db name and user
ci: Add Debian bullseye to production test suite.
2021-04-02 11:04:05 +02:00
os: bullseye
ci: Fix custom database name test. Caught by actionlint. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-08-31 02:01:32 +02:00
extra-args: --test-custom-db
ci: Add Debian bullseye to production test suite.
2021-04-02 11:04:05 +02:00
install: Support Debian 12. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-05-10 23:20:46 +02:00
- docker_image: zulip/ci:bookworm
name: Debian 12 production install
os: bookworm
extra-args: ""
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
name: ${{ matrix.name }}
ci: Use an init process to reap defunct processes. When Github Actions run in Docker, the default pid 1 entrypoint is `tail -f /dev/null`. PID 1 is responsible for propagating signals to its children, and calling `waitpid()` on defunct processes; `tail` does not do these things. This results in zombie processes piling up inside the container, which is not an issue in most contexts. However, it affects `start-stop-daemon`, which hangs when stopping daemon processes, as they are never reaped. This appears in CI as `/etc/init.d/supervisor restart` never being able to succeed. Run the docker container with `--init`, which spawns a `/sbin/docker-init` PID 1 to handle the job of an init process.
2021-07-22 21:35:27 +02:00
container:
image: ${{ matrix.docker_image }}
options: --init
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
runs-on: ubuntu-latest
needs: production_build
steps:
- name: Download built production tarball
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
uses: actions/download-artifact@v3
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
with:
name: production-tarball
path: /tmp
- name: Add required permissions and setup
run: |
# This is the GitHub Actions specific cache directory the
# the current github user must be able to access for the
# cache action to work. It is owned by root currently.
sudo chmod -R 0777 /__w/_temp/
# Since actions/download-artifact@v2 loses all the permissions
# of the tarball uploaded by the upload artifact fix those.
chmod +x /tmp/production-upgrade-pg
ci: Test pgroonga installation.
2021-11-19 02:04:30 +01:00
chmod +x /tmp/production-pgroonga
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
chmod +x /tmp/production-install
chmod +x /tmp/production-verify
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
chmod +x /tmp/generate-failure-message
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Create cache directories
run: |
dependencies: Switch to pnpm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 19:52:59 +01:00
dirs=(/srv/zulip-{venv,emoji}-cache)
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
sudo mkdir -p "${dirs[@]}"
sudo chown -R github "${dirs[@]}"
- name: Install production
ci: Do not pre-install rabbitmq-server in Docker images. Before Zulip 4.9, the Zulip install process left any already-installed rabbitmq with whatever nodename it had previously configured. Wince this encodes the name of the host when it was installed, this does not function well with containers. Leave rabbitmq-server uninstalled, which lets the Zulip installation process set the nodename to `localhost`, which ensures that it is usable across container restarts.
2021-11-29 22:53:18 +01:00
run: sudo /tmp/production-install ${{ matrix.extra-args }}
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Verify install
puppet: process_fts_updates connects as nagios (or provided username). It should not use the configured zulip username, but should instead pull from the login user (likely `nagios`), or an explicit alternate provided PostgreSQL username. Failure to do so results in Nagios failures because the `nagios` login does not have permissions to authenticated the `zulip` PostgreSQL user. This requires CI changes, as the install tests install as the `zulip` login username, which allowed Nagios tests to pass previously; with the custom database and username, however, they must be passed to process_fts_updates explicitly when validating the install.
2021-12-14 05:23:23 +01:00
run: sudo /tmp/production-verify ${{ matrix.extra-args }}
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
ci: Test pgroonga installation.
2021-11-19 02:04:30 +01:00
- name: Install pgroonga
ci: Test upgrade-postgresql on Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-09 03:50:07 +01:00
if: ${{ matrix.os == 'focal' }}
ci: Test pgroonga installation.
2021-11-19 02:04:30 +01:00
run: sudo /tmp/production-pgroonga
- name: Verify install after installing pgroonga
ci: Test upgrade-postgresql on Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-09 03:50:07 +01:00
if: ${{ matrix.os == 'focal' }}
puppet: process_fts_updates connects as nagios (or provided username). It should not use the configured zulip username, but should instead pull from the login user (likely `nagios`), or an explicit alternate provided PostgreSQL username. Failure to do so results in Nagios failures because the `nagios` login does not have permissions to authenticated the `zulip` PostgreSQL user. This requires CI changes, as the install tests install as the `zulip` login username, which allowed Nagios tests to pass previously; with the custom database and username, however, they must be passed to process_fts_updates explicitly when validating the install.
2021-12-14 05:23:23 +01:00
run: sudo /tmp/production-verify ${{ matrix.extra-args }}
ci: Test pgroonga installation.
2021-11-19 02:04:30 +01:00
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Upgrade postgresql
ci: Test upgrade-postgresql on Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-09 03:50:07 +01:00
if: ${{ matrix.os == 'focal' }}
ci: Remove 2>&1 redirection. We had used 2>&1 to redirect stderr to stdout so it could be piped into ts, but commit dd3cdd6ec5085c25b6a9491b7e9b672ae99af442 (#17611) removed ts, so we no longer need the redirection. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-03-29 20:51:40 +02:00
run: sudo /tmp/production-upgrade-pg
github-actions: Add bionic and focal production install jobs. We remove the "Do memcached hack" step from CircleCI when migrating this job because a fix has been made upstream.
2020-07-16 21:34:01 +02:00
- name: Verify install after upgrading postgresql
ci: Test upgrade-postgresql on Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2021-11-09 03:50:07 +01:00
if: ${{ matrix.os == 'focal' }}
puppet: process_fts_updates connects as nagios (or provided username). It should not use the configured zulip username, but should instead pull from the login user (likely `nagios`), or an explicit alternate provided PostgreSQL username. Failure to do so results in Nagios failures because the `nagios` login does not have permissions to authenticated the `zulip` PostgreSQL user. This requires CI changes, as the install tests install as the `zulip` login username, which allowed Nagios tests to pass previously; with the custom database and username, however, they must be passed to process_fts_updates explicitly when validating the install.
2021-12-14 05:23:23 +01:00
run: sudo /tmp/production-verify ${{ matrix.extra-args }}
ci: Notify in zulip when a build fails in GitHub Actions. We use the circleci integration which already has a nice setup for sending messages when triggered to send the build failure notification.
2021-02-16 06:27:02 +01:00
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
- name: Generate failure report string
id: failure_report_string
ci: Only report failures to CZO on branch pushes. Targeted fix for regression introduced in #23719 wherein failure reports were attempted for all CI failures, including those from forked pull requests, which don't have access to Actions Secrets. Since undefined Secrets are empty strings at interpolation time [^1], the underlying `send-message` Action was being called with no API Key, causing a failure in the failure handler. This fix is, per discussion in both a comment on #23719 and later on CZO [^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being an empty string that had been in the shell script as it is more explicit in its intent. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets [^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 23:10:11 +01:00
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
ci: Run generate-failure-message from the right path. This was broken by commit 3a0620a40c2b1d22ecd7ff65e8ab0c7a604d5e5f (#23719). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-09 21:46:10 +01:00
run: /tmp/generate-failure-message >> $GITHUB_OUTPUT
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
- name: Report status to CZO
ci: Only report failures to CZO on branch pushes. Targeted fix for regression introduced in #23719 wherein failure reports were attempted for all CI failures, including those from forked pull requests, which don't have access to Actions Secrets. Since undefined Secrets are empty strings at interpolation time [^1], the underlying `send-message` Action was being called with no API Key, causing a failure in the failure handler. This fix is, per discussion in both a comment on #23719 and later on CZO [^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being an empty string that had been in the shell script as it is more explicit in its intent. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets [^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 23:10:11 +01:00
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
uses: zulip/github-actions-zulip/send-message@v1
with:
api-key: ${{ secrets.ZULIP_BOT_KEY }}
email: "github-actions-bot@chat.zulip.org"
organization-url: "https://chat.zulip.org"
to: "automated testing"
topic: ${{ steps.failure_report_string.outputs.topic }}
type: "stream"
content: ${{ steps.failure_report_string.outputs.content }}
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
production_upgrade:
# The production upgrade job starts with a container with a
# previous Zulip release installed, and attempts to upgrade it to
# the release tarball built for the current commit being tested.
#
# This is intended to catch bugs that result in the upgrade
# process failing.
strategy:
fail-fast: false
matrix:
include:
ci: Test upgrades from the minimum of each major version, not the max.
2022-07-16 02:34:09 +02:00
# Docker images are built from 'tools/ci/Dockerfile.prod'; the comments at
ci: Update outdated comments to generated Dockerfiles. These were missed in the doc updates in d78723b6e876, which were for behavior changes in 16067bc4fc5c.
2021-11-05 23:35:39 +01:00
# the top explain how to build and upload these images.
ci: Test upgrades from the minimum of each major version, not the max.
2022-07-16 02:34:09 +02:00
- docker_image: zulip/ci:focal-3.2
name: 3.2 Version Upgrade
Remove Debian 10 support. As a consequence: • Bump minimum supported Python version to 3.8. • Move Vagrant environment to Ubuntu 20.04, which has Python 3.8. • Move CI frontend tests to Ubuntu 20.04. • Move production build test to Ubuntu 20.04. • Move 3.4 upgrade test to Ubuntu 20.04. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-04-19 03:18:48 +02:00
os: focal
ci: Test upgrades from the minimum of each major version, not the max.
2022-07-16 02:34:09 +02:00
- docker_image: zulip/ci:bullseye-4.2
name: 4.2 Version Upgrade
ci: Test upgrades from the latest minor release.
2021-11-25 06:33:52 +01:00
os: bullseye
ci: Test upgrades from the minimum of each major version, not the max.
2022-07-16 02:34:09 +02:00
- docker_image: zulip/ci:bullseye-5.0
name: 5.0 Version Upgrade
ci: Test upgrades from 3.x, 4.x and 5.x.
2022-04-02 09:01:11 +02:00
os: bullseye
ci: Switch 6.0 production to be on Ubuntu 22.04. This causes us to cover all of our supported operating systems, and Ubuntu 22.04 support was originally added in Zulip Server 6.0.
2024-01-05 21:53:14 +01:00
- docker_image: zulip/ci:jammy-6.0
ci: Test upgrades from Zulip Server 6.0.
2022-11-28 20:46:10 +01:00
name: 6.0 Version Upgrade
ci: Switch 6.0 production to be on Ubuntu 22.04. This causes us to cover all of our supported operating systems, and Ubuntu 22.04 support was originally added in Zulip Server 6.0.
2024-01-05 21:53:14 +01:00
os: jammy
ci: Add a test for upgrading from 7.0. We build this image on bookworm, for diversity.
2023-11-29 22:25:02 +01:00
- docker_image: zulip/ci:bookworm-7.0
name: 7.0 Version Upgrade
os: bookworm
ci: Test upgrades from Zulip Server 8.0.
2024-01-05 17:32:30 +01:00
- docker_image: zulip/ci:bookworm-8.0
name: 8.0 Version Upgrade
os: bookworm
ci: Test upgrades from the latest minor release.
2021-11-25 06:33:52 +01:00
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
name: ${{ matrix.name }}
ci: Use an init process to reap defunct processes. When Github Actions run in Docker, the default pid 1 entrypoint is `tail -f /dev/null`. PID 1 is responsible for propagating signals to its children, and calling `waitpid()` on defunct processes; `tail` does not do these things. This results in zombie processes piling up inside the container, which is not an issue in most contexts. However, it affects `start-stop-daemon`, which hangs when stopping daemon processes, as they are never reaped. This appears in CI as `/etc/init.d/supervisor restart` never being able to succeed. Run the docker container with `--init`, which spawns a `/sbin/docker-init` PID 1 to handle the job of an init process.
2021-07-22 21:35:27 +02:00
container:
image: ${{ matrix.docker_image }}
options: --init
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
runs-on: ubuntu-latest
needs: production_build
steps:
- name: Download built production tarball
ci: Update GitHub Actions dependencies. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-07-06 00:16:38 +02:00
uses: actions/download-artifact@v3
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
with:
name: production-tarball
path: /tmp
- name: Add required permissions and setup
run: |
# This is the GitHub Actions specific cache directory the
# the current github user must be able to access for the
# cache action to work. It is owned by root currently.
sudo chmod -R 0777 /__w/_temp/
# Since actions/download-artifact@v2 loses all the permissions
# of the tarball uploaded by the upload artifact fix those.
chmod +x /tmp/production-upgrade
chmod +x /tmp/production-verify
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
chmod +x /tmp/generate-failure-message
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
upgrade-check: Add create cache directory step. Create cache directories for the upgrade check in the production-suite.
2021-07-01 14:44:04 +02:00
- name: Create cache directories
run: |
dependencies: Switch to pnpm. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-20 19:52:59 +01:00
dirs=(/srv/zulip-{venv,emoji}-cache)
upgrade-check: Add create cache directory step. Create cache directories for the upgrade check in the production-suite.
2021-07-01 14:44:04 +02:00
sudo mkdir -p "${dirs[@]}"
sudo chown -R github "${dirs[@]}"
ci: Temporarily upgrade postgresql-client-common before upgrading. This works around a failure in the current postgresql-client-common and postgresql-client-15 packages; it exists primarily to improve the signal on our CI builds, as the failure is a real failure caused by the package upgrade process.
2023-09-15 15:39:38 +02:00
- name: Temporarily bootstrap PostgreSQL upgrades
# https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/postgres.20client.20upgrade.20failures/near/1640444
# On Debian, there is an ordering issue with post-install maintainer
# scripts when postgresql-client-common is upgraded at the same time as
# postgresql-client and postgresql-client-15. Upgrade just
# postgresql-client-common first, so the main upgrade process can
# succeed. This is a _temporary_ work-around to improve CI signal, as
# the failure does represent a real failure that production systems may
# encounter.
run: sudo apt-get update && sudo apt-get install -y --only-upgrade postgresql-client-common
ci: Add prod upgrade step to prod suite. This adds a check in the current production suite of CI that upgrades a previous release of zulip server with a newer one. Fixes #18346.
2021-06-07 09:12:58 +02:00
- name: Upgrade production
run: sudo /tmp/production-upgrade
# TODO: We should be running production-verify here, but it
# doesn't pass yet.
#
# - name: Verify install
# run: sudo /tmp/production-verify
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
- name: Generate failure report string
id: failure_report_string
ci: Only report failures to CZO on branch pushes. Targeted fix for regression introduced in #23719 wherein failure reports were attempted for all CI failures, including those from forked pull requests, which don't have access to Actions Secrets. Since undefined Secrets are empty strings at interpolation time [^1], the underlying `send-message` Action was being called with no API Key, causing a failure in the failure handler. This fix is, per discussion in both a comment on #23719 and later on CZO [^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being an empty string that had been in the shell script as it is more explicit in its intent. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets [^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 23:10:11 +01:00
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
ci: Run generate-failure-message from the right path. This was broken by commit 3a0620a40c2b1d22ecd7ff65e8ab0c7a604d5e5f (#23719). Signed-off-by: Anders Kaseorg <anders@zulip.com>
2023-03-09 21:46:10 +01:00
run: /tmp/generate-failure-message >> $GITHUB_OUTPUT
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
- name: Report status to CZO
ci: Only report failures to CZO on branch pushes. Targeted fix for regression introduced in #23719 wherein failure reports were attempted for all CI failures, including those from forked pull requests, which don't have access to Actions Secrets. Since undefined Secrets are empty strings at interpolation time [^1], the underlying `send-message` Action was being called with no API Key, causing a failure in the failure handler. This fix is, per discussion in both a comment on #23719 and later on CZO [^2], prefered to restoring the prior guard against ZULIP_BOT_KEY being an empty string that had been in the shell script as it is more explicit in its intent. [^1]: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-using-secrets [^2]: https://chat.zulip.org/#narrow/stream/43-automated-testing/topic/all.20branches.20failing/near/1475246
2022-12-06 23:10:11 +01:00
if: ${{ failure() && github.repository == 'zulip/zulip' && github.event_name == 'push' }}
tools: Reimplement CI failure script without using CircleCI endpoint. Using curl to POST to the CircleCI workflow endpoint on CZO: - Doesn't work on zulip/zulip@main (CZO runs a revert) - Sets a bad example for other orgs - Robs us of an opportunity to dogfood our own zulip/github-actions-zulip Refactor the Actions workflows in this repo to report failure states using the Zulip Action, and reimplement the related helper scripts in Python, since they'd previously mostly shelled out to Python anyway.
2022-12-01 05:51:52 +01:00
uses: zulip/github-actions-zulip/send-message@v1
with:
api-key: ${{ secrets.ZULIP_BOT_KEY }}
email: "github-actions-bot@chat.zulip.org"
organization-url: "https://chat.zulip.org"
to: "automated testing"
topic: ${{ steps.failure_report_string.outputs.topic }}
type: "stream"
content: ${{ steps.failure_report_string.outputs.content }}