Enable Outside Collaborators to run test suite before PR's are review…

…ed / merged (#2557) * test-pr.yml: Drop use of secrets to enable outside collaborators to test their code in a PR * Set Version: 1.0.666 * .github/workflows: Rework release workflow process, introduce use of a 'release' branch, tagging releases in master and moving release file tracking to 'release'. --------- Co-authored-by: devops <[email protected]>
runtimeverification · Aug 9, 2024 · 0b75078 · 0b75078
1 parent ef64079
commit 0b75078
Show file tree

Hide file tree

Showing 4 changed files with 204 additions and 141 deletions.
diff --git a/.github/workflows/master-push.yml b/.github/workflows/master-push.yml
@@ -1,4 +1,4 @@
-name: 'Master Push'
+name: 'Bump Version and Start Release Job'
 on:
   push:
     branches:
@@ -8,123 +8,35 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-
-  nix-cache:
-    name: 'Populate Nix Cache'
-    strategy:
-      matrix:
-        include:
-          - runner: normal
-          - runner: macos-13
-          - runner: ARM64
-    runs-on: ${{ matrix.runner }}
-    steps:
-      - name: 'Check out code'
-        uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.push.head.sha }}
-          fetch-depth: 0
-      - name: 'Upgrade bash'
-        if: ${{ contains(matrix.os, 'macos') }}
-        run: brew install bash
-      - name: 'Install Nix'
-        if: ${{ matrix.runner == 'macos-13' }}
-        uses: cachix/install-nix-action@v19
-        with:
-          install_url: https://releases.nixos.org/nix/nix-2.13.3/install
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-      - name: 'Install Cachix'
-        if: ${{ matrix.runner == 'macos-13' }}
-        uses: cachix/cachix-action@v12
-        with:
-          name: k-framework
-          signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
-          skipPush: true
-      - name: 'Build and cache KEVM'
-        uses: workflow/[email protected]
-        env:
-          GC_DONT_GC: 1
-          CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PUBLIC_TOKEN }}'
-        with:
-          packages: jq
-          script: |
-            kevm=$(nix build --extra-experimental-features 'nix-command flakes' .#kevm --json | jq -r '.[].outputs | to_entries[].value')
-            drv=$(nix-store --query --deriver ${kevm})
-            nix-store --query --requisites --include-outputs ${drv} | cachix push k-framework
-
-  make-release:
-    name: 'Cut Release'
+  version-bump:
+    name: 'Version Bump'
     runs-on: ubuntu-latest
-    needs: nix-cache
     steps:
       - name: 'Check out code'
         uses: actions/checkout@v4
         with:
-          ref: ${{ github.event.push.head.sha }}
+          # fetch-depth 0 means deep clone the repo
           fetch-depth: 0
-      - name: 'Make release'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          ref: ${{ github.event.pull_request.head.sha }}
+      - name: 'Configure GitHub user'
         run: |
-          set -x
-          VERSION=v$(cat package/version)
-          gh release create ${VERSION} --target ${{ github.sha }}
-      - name: 'Update dependents'
+          git config user.name rv-jenkins
+          git config user.email [email protected]
+      - name: 'Update version'
         run: |
           set -x
-          VERSION=$(cat package/version)
-          curl --fail                                                          \
-            -X POST                                                            \
-            -H "Accept: application/vnd.github+json"                           \
-            -H "Authorization: Bearer ${{ secrets.JENKINS_GITHUB_PAT }}"       \
-            -H "X-GitHub-Api-Version: 2022-11-28"                              \
-            https://api.github.com/repos/runtimeverification/devops/dispatches \
-            -d '{"event_type":"on-demand-test","client_payload":{"repo":"runtimeverification/evm-semantics","version":"'${VERSION}'"}}'
-
-  gh-pages:
-    name: 'Publish GH Pages'
-    runs-on: ubuntu-latest
-    needs: make-release
-    steps:
-      - name: 'Check out gh-pages'
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: true
-          ref: ${{ github.event.push.head.sha }}
-      - run: |
-         git config --global user.email '[email protected]'
-         git config --global user.name  'RV DevOps'
-      - name: 'Publish gh-pages'
-        run: |
-          git checkout -B gh-pages
-          cd web
-          npm install
-          npm run build
-          npm run build-sitemap
-          cd -
-          mv web/public_content ./
-          rm -rf $(find . -maxdepth 1 -not -name public_content -a -not -name .git -a -not -name .gitmodules -a -not -path . -a -not -path .. -a -not -name CNAME)
-          mv public_content/* ./
-          rm -rf public_content
-          git add ./
-          git commit -m 'gh-pages: Updated the website'
-          git merge --strategy ours origin/gh-pages --allow-unrelated-histories
-          git push origin gh-pages
-      - name: 'Post failure to channel'
-        if: failure()
-        uses: slackapi/[email protected]
-        with:
-          channel-id: "#kevm-notifications"
-          slack-message: "Failed to create KEVM release: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-        env:
-            SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
-      - name: 'Post success to channel'
-        if: success()
-        uses: slackapi/[email protected]
-        with:
-          channel-id: "#kevm-notifications"
-          slack-message: "Created KEVM release: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-        env:
-            SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          git checkout -B release origin/release
+          old_master="$(git merge-base origin/master origin/release)"
+          new_master="$(git rev-parse origin/master)"
+          if git diff --exit-code ${old_master} ${new_master} -- package/version; then
+            git merge --no-edit origin/master
+            ./package/version.sh bump
+          else
+            git merge --no-edit --strategy-option=theirs origin/master
+          fi
+          ./package/version.sh sub
+          if git add --update && git commit --no-edit --allow-empty --message "Set Version: $(cat package/version)"; then
+            git push origin release
+            git tag "release-$(cat package/version)" origin/master
+            git push origin "release-$(cat package/version)"
+          fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,179 @@
+name: 'Release'
+on:
+  push:
+    branches:
+      - 'release'
+concurrency:
+  group: ${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  draft-release:
+    name: 'Draft Release'
+    runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.make-release.outputs.version }}
+    steps:
+      - name: 'Check out code'
+        uses: actions/checkout@v4
+      - name: 'Make release'
+        id: 'make-release'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -x
+          VERSION=v$(cat package/version)
+          gh release create ${VERSION}                  \
+            --repo runtimeverification/evm-semantics  \
+            --draft                                     \
+            --title ${VERSION}                          \
+            --target ${{ github.sha }}
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+
+  nix-cache:
+    name: 'Populate Nix Cache'
+    strategy:
+      matrix:
+        include:
+          - runner: normal
+          - runner: macos-13
+          - runner: ARM64
+    runs-on: ${{ matrix.runner }}
+    needs: draft-release
+    steps:
+      - name: 'Check out code'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.push.head.sha }}
+          fetch-depth: 0
+      - name: 'Upgrade bash'
+        if: ${{ contains(matrix.os, 'macos') }}
+        run: brew install bash
+      - name: 'Install Nix'
+        if: ${{ matrix.runner == 'macos-13' }}
+        uses: cachix/install-nix-action@v19
+        with:
+          install_url: https://releases.nixos.org/nix/nix-2.13.3/install
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: 'Install Cachix'
+        if: ${{ matrix.runner == 'macos-13' }}
+        uses: cachix/cachix-action@v12
+        with:
+          name: k-framework
+          signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
+          skipPush: true
+      - name: 'Build KEVM'
+        run: |
+          GC_DONT_GC=1 nix build --extra-experimental-features 'nix-command flakes' --print-build-logs
+      - name: 'Test KEVM'
+        run: |
+          GC_DONT_GC=1 nix build --extra-experimental-features 'nix-command flakes' --print-build-logs .#kevm-test
+      - name: 'Push KEVM'
+        uses: workflow/[email protected]
+        env:
+          GC_DONT_GC: 1
+          CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_PUBLIC_TOKEN }}'
+        with:
+          packages: jq
+          script: |
+            kevm=$(nix build --extra-experimental-features 'nix-command flakes' .#kevm --json | jq -r '.[].outputs | to_entries[].value')
+            drv=$(nix-store --query --deriver ${kevm})
+            nix-store --query --requisites --include-outputs ${drv} | cachix push k-framework
+      - name: 'On failure, delete drafted release'
+        if: failure()
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -x
+          VERSION=v$(cat package/version)
+          gh release delete ${VERSION}                  \
+            --repo runtimeverification/evm-semantics  \
+            --yes                                       \
+            --cleanup-tag
+      - name: 'Post failure to channel'
+        if: failure()
+        uses: slackapi/[email protected]
+        with:
+          channel-id: "#kevm-notifications"
+          slack-message: "Failed to create KEVM release: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+        env:
+            SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+
+  make-release:
+    name: 'Cut Release'
+    runs-on: ubuntu-latest
+    needs: [draft-release, nix-cache]
+    steps:
+      - name: 'Check out code'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.push.head.sha }}
+          fetch-depth: 0
+      - name: 'Make release'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -x
+          VERSION=v$(cat package/version)
+          gh release edit ${VERSION}                    \
+            --repo runtimeverification/evm-semantics  \
+            --draft=false
+      - name: 'Update dependents'
+        run: |
+          set -x
+          VERSION=$(cat package/version)
+          curl --fail                                                          \
+            -X POST                                                            \
+            -H "Accept: application/vnd.github+json"                           \
+            -H "Authorization: Bearer ${{ secrets.JENKINS_GITHUB_PAT }}"       \
+            -H "X-GitHub-Api-Version: 2022-11-28"                              \
+            https://api.github.com/repos/runtimeverification/devops/dispatches \
+            -d '{"event_type":"on-demand-test","client_payload":{"repo":"runtimeverification/evm-semantics","version":"'${VERSION}'"}}'
+
+  gh-pages:
+    name: 'Publish GH Pages'
+    runs-on: ubuntu-latest
+    needs: [make-release]
+    steps:
+      - name: 'Check out gh-pages'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          submodules: true
+          ref: ${{ github.event.push.head.sha }}
+      - run: |
+         git config --global user.email '[email protected]'
+         git config --global user.name  'rv-jenkins'
+      - name: 'Publish gh-pages'
+        run: |
+          git checkout -B gh-pages
+          cd web
+          npm install
+          npm run build
+          npm run build-sitemap
+          cd -
+          mv web/public_content ./
+          rm -rf $(find . -maxdepth 1 -not -name public_content -a -not -name .git -a -not -name .gitmodules -a -not -path . -a -not -path .. -a -not -name CNAME)
+          mv public_content/* ./
+          rm -rf public_content
+          git add ./
+          git commit -m 'gh-pages: Updated the website'
+          git merge --strategy ours origin/gh-pages --allow-unrelated-histories
+          git push origin gh-pages
+      - name: 'Post failure to channel'
+        if: failure()
+        uses: slackapi/[email protected]
+        with:
+          channel-id: "#kevm-notifications"
+          slack-message: "Failed to create KEVM release: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+        env:
+            SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+      - name: 'Post success to channel'
+        if: success()
+        uses: slackapi/[email protected]
+        with:
+          channel-id: "#kevm-notifications"
+          slack-message: "Created KEVM release: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+        env:
+            SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml
@@ -8,33 +8,6 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-
-  version-bump:
-    name: 'Version Bump'
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'Check out code'
-        uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.JENKINS_GITHUB_PAT }}
-          # fetch-depth 0 means deep clone the repo
-          fetch-depth: 0
-          ref: ${{ github.event.pull_request.head.sha }}
-      - name: 'Configure GitHub user'
-        run: |
-          git config user.name devops
-          git config user.email [email protected]
-      - name: 'Update version'
-        run: |
-          og_version=$(git show origin/${GITHUB_BASE_REF}:package/version)
-          ./package/version.sh bump ${og_version}
-          ./package/version.sh sub
-          new_version=$(cat package/version)
-          sed --in-place "s/^VERSION: Final = '.*'$/VERSION: Final = '${new_version}'/" kevm-pyk/src/kevm_pyk/__init__.py
-          git add --update && git commit --message "Set Version: ${new_version}" || true
-      - name: 'Push updates'
-        run: git push origin HEAD:${GITHUB_HEAD_REF}
-
   kevm-pyk-code-quality-checks:
     name: 'Code Quality Checks'
     runs-on: ubuntu-latest
@@ -194,7 +167,6 @@ jobs:
         uses: cachix/cachix-action@v14
         with:
           name: k-framework
-          authToken: ${{ secrets.CACHIX_PUBLIC_TOKEN }}
       - name: 'Build KEVM'
         run: GC_DONT_GC=1 nix build --extra-experimental-features 'nix-command flakes' --print-build-logs
       - name: 'Test KEVM'

diff --git a/package/version.sh b/package/version.sh
@@ -9,7 +9,7 @@ version_file="package/version"
 
 version_bump() {
     local version release_commit version_major version_minor version_patch new_version current_version current_version_major current_version_minor current_version_patch
-    version="$1" ; shift
+    version="$(cat ${version_file})"
     version_major="$(echo ${version} | cut --delimiter '.' --field 1)"
     version_minor="$(echo ${version} | cut --delimiter '.' --field 2)"
     version_patch="$(echo ${version} | cut --delimiter '.' --field 3)"