From cc3993d860339f4fcf669429a9e5948755dfaa75 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 6 Jul 2023 11:23:17 +0200 Subject: [PATCH] gha: Pass event specific info from the caller workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's ensure we're not relying, on any of the called workflows, on event specific information. Right now, the two information we've been relying on are: * PR number, coming from github.event.pull_request.number * Commit hash, coming from github.event.pull_request.head.sha As we want to, in the future, add nightly jobs, which will be triggered by a different event (thus, having different fields populated), we should ensure that those are not used unless it's in the "top action" that's trigerred by the event. Signed-off-by: Fabiano FidĂȘncio --- .../build-kata-static-tarball-amd64.yaml | 7 +++-- .../build-kata-static-tarball-arm64.yaml | 7 +++-- .../build-kata-static-tarball-s390x.yaml | 7 +++-- .github/workflows/ci-on-push.yaml | 27 +++++++++++++------ .github/workflows/payload-after-push.yaml | 9 +++++++ .../publish-kata-deploy-payload-amd64.yaml | 5 +++- .../publish-kata-deploy-payload-arm64.yaml | 5 +++- .../publish-kata-deploy-payload-s390x.yaml | 5 +++- .github/workflows/run-k8s-tests-on-aks.yaml | 10 +++++-- .github/workflows/run-k8s-tests-on-sev.yaml | 5 +++- .github/workflows/run-k8s-tests-on-snp.yaml | 5 +++- .github/workflows/run-k8s-tests-on-tdx.yaml | 5 +++- .github/workflows/run-metrics.yaml | 5 +++- 13 files changed, 79 insertions(+), 23 deletions(-) diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index b5c7584fee..419db1b64a 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -13,6 +13,9 @@ on: required: false type: string default: no + commit-hash: + required: false + type: string jobs: build-asset: @@ -60,7 +63,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} @@ -88,7 +91,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index 1fc9817331..2ad97a0ba4 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -9,6 +9,9 @@ on: required: false type: string default: no + commit-hash: + required: false + type: string jobs: build-asset: @@ -41,7 +44,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -72,7 +75,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index 58186ab8ca..cf28310336 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -9,6 +9,9 @@ on: required: false type: string default: no + commit-hash: + required: false + type: string jobs: build-asset: @@ -37,7 +40,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} fetch-depth: 0 # This is needed in order to keep the commit ids history - name: Build ${{ matrix.asset }} run: | @@ -69,7 +72,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-artifacts uses: actions/download-artifact@v3 with: diff --git a/.github/workflows/ci-on-push.yaml b/.github/workflows/ci-on-push.yaml index 9f7c82eaf6..8a7aa96732 100644 --- a/.github/workflows/ci-on-push.yaml +++ b/.github/workflows/ci-on-push.yaml @@ -12,23 +12,28 @@ on: - synchronize - reopened - labeled +env: + COMMIT_HASH: ${{ github.event.pull_request.head.sha }} + PR_NUMBER: ${{ github.event.pull_requesst.number }} jobs: build-kata-static-tarball-amd64: if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: - tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.event.pull_request.head.sha }} + tarball-suffix: -${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }} + commit-hash: ${{ env.COMMIT_HASH }} publish-kata-deploy-payload-amd64: if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: - tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.event.pull_request.head.sha }} + tarball-suffix: -${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }} registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + tag: ${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }}-amd64 + commit-hash: ${{ env.COMMIT_HASH }} secrets: inherit run-k8s-tests-on-aks: @@ -38,7 +43,8 @@ jobs: with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + tag: ${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }}-amd64 + commit-hash: ${{ env.COMMIT_HASH }} secrets: inherit run-k8s-tests-on-sev: @@ -48,7 +54,8 @@ jobs: with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + tag: ${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }}-amd64 + commit-hash: ${{ env.COMMIT_HASH }} run-k8s-tests-on-snp: if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} @@ -57,7 +64,9 @@ jobs: with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + tag: ${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }}-amd64 + pr-number: ${{ env.PR_NUMBER }} + commit-hash: ${{ env.COMMIT_HASH }} run-k8s-tests-on-tdx: if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} @@ -66,11 +75,13 @@ jobs: with: registry: ghcr.io repo: ${{ github.repository_owner }}/kata-deploy-ci - tag: ${{ github.event.pull_request.number }}-${{ github.event.pull_request.head.sha }}-amd64 + tag: ${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }}-amd64 + commit-hash: ${{ env.COMMIT_HASH }} run-metrics-tests: if: ${{ contains(github.event.pull_request.labels.*.name, 'ok-to-test') }} needs: build-kata-static-tarball-amd64 uses: ./.github/workflows/run-metrics.yaml with: - tarball-suffix: -${{ github.event.pull_request.number}}-${{ github.event.pull_request.head.sha }} + tarball-suffix: -${{ env.PR_NUMBER }}-${{ env.COMMIT_HASH }}-amd64 + commit-hash: ${{ env.COMMIT_HASH }} diff --git a/.github/workflows/payload-after-push.yaml b/.github/workflows/payload-after-push.yaml index 97bb309b17..31c0b70bfc 100644 --- a/.github/workflows/payload-after-push.yaml +++ b/.github/workflows/payload-after-push.yaml @@ -5,22 +5,28 @@ on: - main - stable-* +env: + COMMIT_HASH: $GITHUB_REF + jobs: build-assets-amd64: uses: ./.github/workflows/build-kata-static-tarball-amd64.yaml with: + commit-hash: ${{ env.COMMIT_HASH }} push-to-registry: yes secrets: inherit build-assets-arm64: uses: ./.github/workflows/build-kata-static-tarball-arm64.yaml with: + commit-hash: ${{ env.COMMIT_HASH }} push-to-registry: yes secrets: inherit build-assets-s390x: uses: ./.github/workflows/build-kata-static-tarball-s390x.yaml with: + commit-hash: ${{ env.COMMIT_HASH }} push-to-registry: yes secrets: inherit @@ -28,6 +34,7 @@ jobs: needs: build-assets-amd64 uses: ./.github/workflows/publish-kata-deploy-payload-amd64.yaml with: + commit-hash: ${{ env.COMMIT_HASH }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-amd64 @@ -37,6 +44,7 @@ jobs: needs: build-assets-arm64 uses: ./.github/workflows/publish-kata-deploy-payload-arm64.yaml with: + commit-hash: ${{ env.COMMIT_HASH }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-arm64 @@ -46,6 +54,7 @@ jobs: needs: build-assets-s390x uses: ./.github/workflows/publish-kata-deploy-payload-s390x.yaml with: + commit-hash: ${{ env.COMMIT_HASH }} registry: quay.io repo: kata-containers/kata-deploy-ci tag: kata-containers-s390x diff --git a/.github/workflows/publish-kata-deploy-payload-amd64.yaml b/.github/workflows/publish-kata-deploy-payload-amd64.yaml index 91c7a0612d..b5ba900d85 100644 --- a/.github/workflows/publish-kata-deploy-payload-amd64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-amd64.yaml @@ -14,6 +14,9 @@ on: tag: required: true type: string + commit-hash: + required: false + type: string jobs: kata-payload: @@ -21,7 +24,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/publish-kata-deploy-payload-arm64.yaml b/.github/workflows/publish-kata-deploy-payload-arm64.yaml index c4fd324775..6c35ed8a31 100644 --- a/.github/workflows/publish-kata-deploy-payload-arm64.yaml +++ b/.github/workflows/publish-kata-deploy-payload-arm64.yaml @@ -14,6 +14,9 @@ on: tag: required: true type: string + commit-hash: + required: false + type: string jobs: kata-payload: @@ -25,7 +28,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/publish-kata-deploy-payload-s390x.yaml b/.github/workflows/publish-kata-deploy-payload-s390x.yaml index 2a0ea8071d..ee7fa3fd78 100644 --- a/.github/workflows/publish-kata-deploy-payload-s390x.yaml +++ b/.github/workflows/publish-kata-deploy-payload-s390x.yaml @@ -14,6 +14,9 @@ on: tag: required: true type: string + commit-hash: + required: false + type: string jobs: kata-payload: @@ -25,7 +28,7 @@ jobs: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-kata-tarball uses: actions/download-artifact@v3 diff --git a/.github/workflows/run-k8s-tests-on-aks.yaml b/.github/workflows/run-k8s-tests-on-aks.yaml index a39c2bbcda..d8658270a8 100644 --- a/.github/workflows/run-k8s-tests-on-aks.yaml +++ b/.github/workflows/run-k8s-tests-on-aks.yaml @@ -11,6 +11,12 @@ on: tag: required: true type: string + pr-number: + required: true + type: string + commit-hash: + required: false + type: string jobs: run-k8s-tests: @@ -31,13 +37,13 @@ jobs: DOCKER_REGISTRY: ${{ inputs.registry }} DOCKER_REPO: ${{ inputs.repo }} DOCKER_TAG: ${{ inputs.tag }} - GH_PR_NUMBER: ${{ github.event.pull_request.number }} + GH_PR_NUMBER: ${{ inputs.pr-number }} KATA_HOST_OS: ${{ matrix.host_os }} KATA_HYPERVISOR: ${{ matrix.vmm }} steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: Download Azure CLI run: bash tests/integration/gha-run.sh install-azure-cli diff --git a/.github/workflows/run-k8s-tests-on-sev.yaml b/.github/workflows/run-k8s-tests-on-sev.yaml index 52ab7f9558..3fc4ca835d 100644 --- a/.github/workflows/run-k8s-tests-on-sev.yaml +++ b/.github/workflows/run-k8s-tests-on-sev.yaml @@ -11,6 +11,9 @@ on: tag: required: true type: string + commit-hash: + required: false + type: string jobs: run-k8s-tests: @@ -29,7 +32,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: Run tests timeout-minutes: 30 diff --git a/.github/workflows/run-k8s-tests-on-snp.yaml b/.github/workflows/run-k8s-tests-on-snp.yaml index 535c6de6dd..8aa1763d20 100644 --- a/.github/workflows/run-k8s-tests-on-snp.yaml +++ b/.github/workflows/run-k8s-tests-on-snp.yaml @@ -11,6 +11,9 @@ on: tag: required: true type: string + commit-hash: + required: false + type: string jobs: run-k8s-tests: @@ -29,7 +32,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: Run tests timeout-minutes: 30 diff --git a/.github/workflows/run-k8s-tests-on-tdx.yaml b/.github/workflows/run-k8s-tests-on-tdx.yaml index 886b1c0268..ccbc16db79 100644 --- a/.github/workflows/run-k8s-tests-on-tdx.yaml +++ b/.github/workflows/run-k8s-tests-on-tdx.yaml @@ -11,6 +11,9 @@ on: tag: required: true type: string + commit-hash: + required: false + type: string jobs: run-k8s-tests: @@ -29,7 +32,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: Run tests timeout-minutes: 30 diff --git a/.github/workflows/run-metrics.yaml b/.github/workflows/run-metrics.yaml index d8b8c3976c..f55c0b3dd1 100644 --- a/.github/workflows/run-metrics.yaml +++ b/.github/workflows/run-metrics.yaml @@ -5,6 +5,9 @@ on: tarball-suffix: required: false type: string + commit-hash: + required: false + type: string jobs: run-metrics: @@ -20,7 +23,7 @@ jobs: steps: - uses: actions/checkout@v3 with: - ref: ${{ github.event.pull_request.head.sha }} + ref: ${{ inputs.commit-hash }} - name: get-kata-tarball uses: actions/download-artifact@v3