DR-2889: Upgrade Github actions due to Node 12 Deprecation (#1404)

* Insetad of updating the cloned action, instead use trusted third party action produced by gradle * update retry * Use github's reusable workflow structure instead of third party step comment out steps for now Uncomment for merge inherit secrets bump version switch job dependent update consolidate to one slack notification update space * update vault action version to latest update remaining vault actions * update trivy action's java and cache versions add distribution for java setup * update python client's python and node versions * Replace github-action-get-previous-tag Remove need for external library and call git command for tag Revert "[test] replace github-action-get-previous-tag" This reverts commit aa5c648. leave workspace_dispatch * [test] Slack add payload back cleanup use valid fields test other format add payload * Revert "[test] Slack" This reverts commit 36638c1. * bump slack action version * always slack notify * point checkout to v3 rather than master * Add back slack notification; Only trigger when not a workflow_call cleanup * Notify slack according to flag - Setting the default to true when triggered manually via workflow_dispatch - Setting the default to false when triggered via workflow_call as those workflows should have their own slack notification
DataBiosphere · Feb 8, 2023 · 164be35 · 164be35
1 parent e4f234c
commit 164be35
Show file tree

Hide file tree

Showing 10 changed files with 62 additions and 53 deletions.
diff --git a/.github/workflows/alpha-promotion.yaml b/.github/workflows/alpha-promotion.yaml
@@ -28,9 +28,9 @@ jobs:
           fetch-depth: 0
       - name: 'Get Previous tag'
         id: apiprevioustag
-        uses: "broadinstitute/github-action-get-previous-tag@master"
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          TAG=$(git for-each-ref --sort=-creatordate --count 1 --format="%(refname:short)" "refs/tags/")
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
       - name: 'Generate IAP token to talk to Sherlock'
         id: 'auth-iap'
         uses: google-github-actions/auth@v0
@@ -79,7 +79,7 @@ jobs:
             }"
       - name: "Notify Slack"
         if: always()
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

diff --git a/.github/workflows/alpha-tests-and-gcr-promotion.yaml b/.github/workflows/alpha-tests-and-gcr-promotion.yaml
@@ -39,7 +39,7 @@ jobs:
         git checkout ${{ steps.configuration.outputs.alpha_version_api }}
         echo "Current branch is ${{ github.ref }}"
     - name: "Import Vault Secrets for Alpha Test Runner Service Account"
-      uses: hashicorp/vault-action@v2.2.0
+      uses: hashicorp/vault-action@v2.5.0
       with:
         url: ${{ secrets.VAULT_ADDR }}
         method: approle
@@ -56,7 +56,7 @@ jobs:
 
         ./tools/cleanupPolicies.sh ${GOOGLE_CLOUD_DATA_PROJECT}
     - name: "Import Vault Secrets for Dev Service Account"
-      uses: hashicorp/vault-action@v2.2.0
+      uses: hashicorp/vault-action@v2.5.0
       with:
         url: ${{ secrets.VAULT_ADDR }}
         method: approle
@@ -109,7 +109,7 @@ jobs:
         echo "[INFO] Uploading results SUCCEEDED"
         cd ${GITHUB_WORKSPACE}/${workingDir}
     - name: "[Cherry-pick to public GCR] Import Vault Secrets for GCR Service Account"
-      uses: hashicorp/vault-action@v2.2.0
+      uses: hashicorp/vault-action@v2.5.0
       with:
         url: ${{ secrets.VAULT_ADDR }}
         method: approle
@@ -151,7 +151,7 @@ jobs:
         gcloud container images add-tag --quiet "${DEV_IMAGE}" "${PUBLIC_IMAGE}"
     - name: "Notify Slack"
       if: always()
-      uses: broadinstitute/action-slack@v3.8.0
+      uses: broadinstitute/action-slack@v3.15.0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -163,7 +163,7 @@ jobs:
         text: "Alpha Tests and GCR Promotion"
     - name: "Notify QA Slack"
       if: always()
-      uses: broadinstitute/action-slack@v3.8.0
+      uses: broadinstitute/action-slack@v3.15.0
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

diff --git a/.github/workflows/dev-image-update.yaml b/.github/workflows/dev-image-update.yaml
@@ -49,7 +49,7 @@ jobs:
           version_variable_name: version
           GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
       - name: "Publish to Artifactory"
-        uses: broadinstitute/gradle-command-action@v1
+        uses: gradle/gradle-build-action@v2
         with:
           arguments: ':datarepo-client:artifactoryPublish'
         env:
@@ -68,7 +68,7 @@ jobs:
           actions_subcommand: 'deploytagupdate'
           helm_env_prefix: dev
       - name: 'Release Candidate Container Build: Checkout tag for DataBiosphere/jade-data-repo'
-        uses: broadinstitute/retry@v2.5.1 #forked from nick-invision/retry
+        uses: broadinstitute/retry@v2.8.3 #forked from nick-fields/retry
         with:
           timeout_minutes: 1
           polling_interval_seconds: 5
@@ -91,20 +91,23 @@ jobs:
           secret_id: ${{ secrets.SECRET_ID }}
           alpharelease: ${{ steps.bumperstep.outputs.tag }}
           gcr_google_project: 'broad-jade-dev'
-      - name: "Update Version for Integration Namespaces and Helm Charts"
-        uses: broadinstitute/workflow-dispatch@v1
-        with:
-          workflow: Update API Helm Image Tags
-          token: ${{ secrets.BROADBOT_TOKEN }}
+  helm_tag_bumper:
+    needs: update_image
+    uses: ./.github/workflows/helmtagbumper.yaml
+    secrets: inherit
+  action_notify:
+    runs-on: ubuntu-latest
+    if: always()
+    needs:
+      - update_image
+      - helm_tag_bumper
+    steps:
       - name: Slack job status
-        if: always()
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         with:
           status: ${{ job.status }}
           fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
           author_name: Integration Test
-          mention: fb,muscles
-          if_mention: failure
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/helmtagbumper.yaml b/.github/workflows/helmtagbumper.yaml
@@ -1,6 +1,15 @@
 name: Update API Helm Image Tags
 on:
-  workflow_dispatch: {}
+  workflow_dispatch:
+    inputs:
+      notify-slack:
+        default: true
+        type: boolean
+  workflow_call:
+    inputs:
+      notify-slack:
+        default: false
+        type: boolean
 jobs:
 # new integration image updater
   integration_helm_tag_update:
@@ -13,9 +22,9 @@ jobs:
           ref: develop
       - name: 'Get Previous tag'
         id: apiprevioustag
-        uses: "broadinstitute/github-action-get-previous-tag@master"
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          TAG=$(git for-each-ref --sort=-creatordate --count 1 --format="%(refname:short)" "refs/tags/")
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
       - name: 'Checkout datarepo-helm-definitions repo'
         uses: actions/checkout@v3
         with:
@@ -54,7 +63,7 @@ jobs:
           SWITCH_DIRECTORIES: true
           MERGE_BRANCH: master
       - name: "Notify Slack"
-        if: always()
+        if: ${{ inputs.notify-slack && always() }}
         uses: broadinstitute/action-slack@v3.8.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -63,8 +72,6 @@ jobs:
           status: ${{ job.status }}
           fields: job,repo,message,author,took
           author_name: "[API] [datarepo-helm-definitions] Version update for Integration namespaces"
-          mention: fb,muscles
-          mention_if: failure
   datarepo_helm_chart_update:
     runs-on: ubuntu-20.04
     steps:
@@ -75,9 +82,9 @@ jobs:
           ref: develop
       - name: 'Fetch latest jade-data-repo image tag'
         id: apiprevioustag
-        uses: "broadinstitute/github-action-get-previous-tag@master"
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          TAG=$(git for-each-ref --sort=-creatordate --count 1 --format="%(refname:short)" "refs/tags/")
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
       - name: '[datarepo-helm] Checkout repo'
         uses: actions/checkout@v3
         with:
@@ -113,7 +120,7 @@ jobs:
           SWITCH_DIRECTORIES: true
           MERGE_BRANCH: master
       - name: "Notify Slack"
-        if: always()
+        if: ${{ inputs.notify-slack && always() }}
         uses: broadinstitute/action-slack@v3.8.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -122,5 +129,3 @@ jobs:
           status: ${{ job.status }}
           fields: job,repo,message,author,took
           author_name: "[API] [datarepo-helm] Version update for Helm Charts"
-          mention: fb,muscles
-          if_mention: failure
diff --git a/.github/workflows/int-and-connected-test-run.yml b/.github/workflows/int-and-connected-test-run.yml
@@ -106,7 +106,7 @@ jobs:
           path: ${{ env.CACHE_PATHS }}
           key: ${{ runner.os }}-build-connected
       - name: "Import Vault dev secrets"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -168,7 +168,7 @@ jobs:
           path: ${{ env.CACHE_PATHS }}
           key: ${{ runner.os }}-build-integration
       - name: "Import Vault dev secrets"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -281,7 +281,7 @@ jobs:
           retention-days: 10
       - name: "Notify Jade Slack on nightly test run"
         if: ${{ github.event_name == 'schedule' && always() }}
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         with:
           status: ${{ env.RUN_STATUS }}
           channel: "#jade-alerts"
@@ -290,7 +290,7 @@ jobs:
           fields: ${{ env.SLACK_FIELDS }}
       - name: "Notify QA Slack on nightly test run"
         if: ${{ github.event_name == 'schedule' && always() }}
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         with:
           status: ${{ env.RUN_STATUS }}
           channel: "#dsde-qa"

diff --git a/.github/workflows/release-python-client.yaml b/.github/workflows/release-python-client.yaml
@@ -11,17 +11,17 @@ jobs:
     name: Build and publish Python 🐍 distributions 📦 to PyPI and TestPyPI
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v3
       - name: Set up Python 3.7
-        uses: actions/setup-python@v1
+        uses: actions/setup-python@v4
         with:
           python-version: 3.7
       - name: set semver
         run: |
           CURRENT_SEMVER=$(curl -s -X GET "https://jade.datarepo-dev.broadinstitute.org/configuration" -H "accept: application/json" | jq -r '.semVer|rtrimstr("-SNAPSHOT")')
           echo "CURRENT_SEMVER=${CURRENT_SEMVER}" >> "$GITHUB_ENV"
       - name: Use Node.js ${{matrix.node-version }}
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: 14
       - name: Install openapi-generator-cli

diff --git a/.github/workflows/staging-smoke-tests.yaml b/.github/workflows/staging-smoke-tests.yaml
@@ -34,7 +34,7 @@ jobs:
           git checkout ${{ steps.configuration.outputs.staging_version }}
           echo "Current branch is ${{ github.ref }}"
       - name: "Import Vault staging secrets"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -51,7 +51,7 @@ jobs:
 
           ./tools/cleanupPolicies.sh ${GOOGLE_CLOUD_DATA_PROJECT}
       - name: "Import Vault dev secrets"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -89,7 +89,7 @@ jobs:
           cd ${GITHUB_WORKSPACE}/${workingDir}
       - name: "Notify Jade Slack"
         if: always()
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -101,7 +101,7 @@ jobs:
           fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
       - name: "Notify QA Slack"
         if: always()
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

diff --git a/.github/workflows/test-runner-on-perf.yml b/.github/workflows/test-runner-on-perf.yml
@@ -41,7 +41,7 @@ jobs:
           java-version: '17'
           cache: 'gradle'
       - name: "Import Vault perf secrets"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -59,7 +59,7 @@ jobs:
 
           ./tools/cleanupPolicies.sh ${GOOGLE_CLOUD_DATA_PROJECT}
       - name: "Import Vault dev secrets"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -138,7 +138,7 @@ jobs:
           helmfile apply
           cd ${GITHUB_WORKSPACE}/${workingDir}
       - name: "[Clear Perf Database] Import Perf Database Secret"
-        uses: hashicorp/vault-action@v2.2.0
+        uses: hashicorp/vault-action@v2.5.0
         with:
           url: ${{ secrets.VAULT_ADDR }}
           method: approle
@@ -216,7 +216,7 @@ jobs:
           google_project: broad-jade-perf
       - name: "Notify Jade Slack"
         if: always()
-        uses: broadinstitute/action-slack@v3.8.0
+        uses: broadinstitute/action-slack@v3.15.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

diff --git a/.github/workflows/trackdeploys.yaml b/.github/workflows/trackdeploys.yaml
@@ -20,9 +20,9 @@ jobs:
           ref: develop
       - name: 'Get Previous tag'
         id: apiprevioustag
-        uses: "broadinstitute/github-action-get-previous-tag@master"
-        env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          TAG=$(git for-each-ref --sort=-creatordate --count 1 --format="%(refname:short)" "refs/tags/")
+          echo "tag=${TAG}" >> $GITHUB_OUTPUT
       - name: Set up Cloud SDK
         uses: google-github-actions/setup-gcloud@v0
         with:

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -10,12 +10,13 @@ jobs:
       - uses: actions/checkout@v3
 
       # fetch JDK
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
+          distribution: 'temurin'
           java-version: '17'
 
       # set up Gradle cache
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/.gradle/caches