Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: improve release robustness #275

Merged
merged 1 commit into from
May 24, 2024
Merged

ci: improve release robustness #275

merged 1 commit into from
May 24, 2024

Conversation

jta
Copy link
Contributor

@jta jta commented May 24, 2024

This commit reorders operations in order to reduce the scope for error in case of a CI failure.

We run the release job concurrently for each region. If any job fails, all other jobs are interrupted. This opened the possibility for the root packaged.yaml template to be uploaded, but with incorrect ACLs.

We should always copy the template with the ACL directive. This eliminates the possibility of the object existing with the incorrect permissions. Furthermore, we should only upload the template once all objects it refers to are also publicly readable. That way we ensure that if the template is accessible, it is also installable.

This commit reorders operations in order to reduce the scope for error
in case of a CI failure.

We run the release job concurrently for each region. If any job fails,
all other jobs are interrupted. This opened the possibility for the root
`packaged.yaml` template to be uploaded, but with incorrect ACLs.

We should always copy the template with the ACL directive. This
eliminates the possibility of the object existing with the incorrect
permissions. Furthermore, we should only upload the template once all
objects it refers to are also publicly readable. That way we ensure that
if the template is accessible, it is also installable.

In debugging this issue I also uncovered we were building things twice:
once for the version (e.g. `1.2.0`), and again for the tag (e.g.
`beta`). There is no reason to rebuild things a second time, all we need
is to ensure the `packaged.yaml` is placed in the correct destination.
This has the advantage of reducing build time, avoiding build
discrepancies, and ensuring the `version` embedded in the binary always
refers to a concrete version rather then tag. As a result of
"symlinking" the file, we no longer need to protect against a folder
ballooning in size over successive builds. `latest/` and `beta/` should
now only contain one file.
@jta jta marked this pull request as ready for review May 24, 2024 03:49
@jta jta merged commit 332c3e3 into main May 24, 2024
16 checks passed
@jta jta deleted the joao/release-fix branch May 24, 2024 03:49
Copy link

🎉 This PR is included in version 1.19.1-beta.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Copy link

🎉 This PR is included in version 1.19.1-beta.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Copy link

🎉 This PR is included in version 1.19.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant