From df6e49cd95b16b3f64b7e78ec876d5adc7b45358 Mon Sep 17 00:00:00 2001 From: Chris Darroch Date: Fri, 23 Dec 2022 20:29:36 -0800 Subject: [PATCH] .github/workflows: upgrade all Actions versions In commit b7fa3a54e4d65e5f000b30e9df41cddf1daeed41 of PR #5236 we replaced the deprecated actions/setup-ruby@v1 GitHub Action in our CI and release workflows with the current ruby/setup-ruby@v1 Action. We now update our other Actions to their respective latest versions as well: actions/checkout: v1 -> v3 actions/download-artifact: v1 -> v3 actions/setup-go: v2 -> v3 actions/upload-artifact: v1 -> v3 docker/setup-qemu-action: v1 -> v2 As of v2 of the actions/download-artifact Action, downloaded assets are not placed in a new subdirectory created with the name from the step's "name" argument, but in the current working directory instead. We want to retain the previous behaviour so we add a "path" argument with the same name as each of the macos-assets and windows-assets download steps. By default, the actions/checkout Action (as of v2) performs a Git fetch with a --depth=1 option, so a shallow clone is made. As a result, when our Makefile calls "git describe HEAD" to set its VERSION variable, no tags are available and Git responds with an error message. Many of our workflow jobs succeed despite logging that error, including the build-docker and build-docker-cross jobs in both our CI and Release workflows. (The Docker builds create upload artifacts with the correct filenames despite the lack of any tags because they rely on the Git LFS version strings in our debian/changelog file and in our binary; the rpm/build_rpms.bsh script builds a binary just to run "git-lfs version" and determine the version string from its output.) However, our workflow jobs which run the "make release" command fail outright in the absence of any Git tags, as they search for build artifacts using filenames constructed with the empty VERSION variable, such as "git-lfs-windows-amd64-.zip". When no files are found, the tar command fails, halting the job. This affects both the build-default job in our CI workflow (for Linux and macOS), and all of build-main, build-macos, and build-windows jobs in our Release workflow. To resolve this in the case of a PR or other push to a branch, we set a fetch-depth value of 0 for our actions/checkout@v3 steps, which downloads the full Git history and all tags. This is somewhat more expensive than a shallow clone, but our project's history is not excessively large. Due to the GitHub Actions bug documented in actions/checkout#882, though, this resolution is insufficient in the case of a push to a tag. At present, the actions/checkout@v3 incorrectly determines the SHA of an annotated tag to be the SHA of its associated commit, and then proceeds as if the tag had been updated on the server since the Action was started, and so rewrites the tag locally to refer to the commit SHA. This has the effect of making the local tag into a lightweight tag, which "git describe" then ignores (since we don't pass the --tags option to it). As a temporary fix for this problem, we add a step after the actions/checkout@v3 step which updates the local tag again to match the remote one. We only run this step when the pushed reference was a tag, because on a branch push it would fail as Git would refuse to update the currently checked-out branch. In our Release workflow, since it only runs on pushes to tags, we can run this step unconditionally. (We could also continue to use the default fetch-depth of 1 for the actions/checkout@v3 step, since we always subsequently fetch the relevant tag, but to be consistent and to avoid future issues once actions/checkout#882 is fixed upstream, we do not do so.) --- .github/workflows/ci.yml | 58 +++++++++++++++++++++++++++-------- .github/workflows/release.yml | 47 ++++++++++++++++++++-------- 2 files changed, 79 insertions(+), 26 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4bed1b5962..b9d805ab14 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,10 +10,17 @@ jobs: go: ['1.19.x'] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} + # We update the current tag as the checkout step turns annotated tags + # into lightweight ones by accident, breaking "git describe". + # See https://github.com/actions/checkout/issues/882 for details. - uses: ruby/setup-ruby@v1 - run: gem install asciidoctor - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - run: brew install gettext @@ -30,7 +37,7 @@ jobs: FORCE_LOCALIZE: true - run: mkdir -p bin/assets - run: find bin/releases -name "*$(uname -s | tr A-Z a-z)*" | xargs -I{} cp {} bin/assets - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3 with: name: ${{ matrix.os }} path: bin/assets @@ -41,8 +48,12 @@ jobs: go: ['1.18.x'] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 - - uses: actions/setup-go@v2 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - run: script/cibuild @@ -50,13 +61,18 @@ jobs: name: Build on Windows runs-on: windows-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} + shell: bash - uses: ruby/setup-ruby@v1 - run: gem install asciidoctor - run: Rename-Item -Path C:\msys64 -NewName msys64-tmp -Force # We move the MSYS2 installed for Ruby aside to prevent use of its Git, # which does not honour the PATH we set to our built git-lfs binary. - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: '1.19.x' - run: mkdir -p "$HOME/go/bin" @@ -99,7 +115,7 @@ jobs: shell: bash - run: mv *.exe bin/assets shell: bash - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3 with: name: windows-latest path: bin/assets @@ -110,7 +126,11 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} - run: git clone -b master https://github.com/git/git.git "$HOME/git" - run: script/build-git "$HOME/git" - run: GIT_DEFAULT_HASH=sha256 script/cibuild @@ -121,7 +141,11 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} - run: git clone -b v2.0.0 https://github.com/git/git.git "$HOME/git" - run: script/build-git "$HOME/git" - run: script/cibuild @@ -129,7 +153,11 @@ jobs: name: Build Linux packages runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} - uses: ruby/setup-ruby@v1 - run: git clone https://github.com/git-lfs/build-dockers.git "$HOME/build-dockers" - run: (cd "$HOME/build-dockers" && ./build_dockers.bsh) @@ -142,13 +170,17 @@ jobs: arch: [arm64] container: [debian_11] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + if: ${{ github.ref_type == 'tag' }} - uses: ruby/setup-ruby@v1 - run: | echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json sudo systemctl restart docker.service docker version -f '{{.Server.Experimental}}' - - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-qemu-action@v2 - run: git clone https://github.com/git-lfs/build-dockers.git "$HOME/build-dockers" - run: (cd "$HOME/build-dockers" && ./build_dockers.bsh --arch=$ARCH $CONTAINER) env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index edc7c5dd8f..c4f2b2d967 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,13 +11,20 @@ jobs: matrix: go: ['1.19.x'] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" + shell: bash + # We update the current tag as the checkout step turns annotated tags + # into lightweight ones by accident, breaking "git describe". + # See https://github.com/actions/checkout/issues/882 for details. - uses: ruby/setup-ruby@v1 - run: gem install asciidoctor - run: Rename-Item -Path C:\msys64 -NewName msys64-tmp -Force # We move the MSYS2 installed for Ruby aside to prevent use of its Git, # which does not honour the PATH we set to our built git-lfs binary. - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - run: mkdir -p "$HOME/go/bin" @@ -57,7 +64,7 @@ jobs: FORCE_LOCALIZE: true - run: env -u TMPDIR make release-windows-rebuild shell: bash - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3 with: name: windows-assets path: bin/releases @@ -68,10 +75,13 @@ jobs: matrix: go: ['1.19.x'] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" - uses: ruby/setup-ruby@v1 - run: gem install asciidoctor - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - run: brew install gettext @@ -90,7 +100,7 @@ jobs: DARWIN_DEV_USER: ${{secrets.MACOS_DEV_USER}} DARWIN_DEV_PASS: ${{secrets.MACOS_DEV_PASS}} DARWIN_CERT_ID: ${{secrets.MACOS_CERT_ID}} - - uses: actions/upload-artifact@v1 + - uses: actions/upload-artifact@v3 with: name: macos-assets path: bin/releases @@ -104,21 +114,26 @@ jobs: matrix: go: ['1.19.x'] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" - uses: ruby/setup-ruby@v1 - run: gem install asciidoctor - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go }} - run: sudo apt-get update && sudo apt-get -y install gettext libarchive-tools env: DEBIAN_FRONTEND: noninteractive - - uses: actions/download-artifact@v1 + - uses: actions/download-artifact@v3 with: name: windows-assets - - uses: actions/download-artifact@v1 + path: windows-assets + - uses: actions/download-artifact@v3 with: name: macos-assets + path: macos-assets - run: CGO_ENABLED=0 make release - run: rm -f bin/releases/*windows* bin/releases/*darwin* - run: 'find windows-assets -name "*windows*" -type f | xargs -I{} mv {} bin/releases' @@ -130,7 +145,10 @@ jobs: name: Build Linux Packages runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" - uses: ruby/setup-ruby@v1 - run: gem install packagecloud-ruby - run: git clone https://github.com/git-lfs/build-dockers.git "$HOME/build-dockers" @@ -148,14 +166,17 @@ jobs: arch: [arm64] container: [debian_11] steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - run: git fetch origin "+${GITHUB_REF}:${GITHUB_REF}" - uses: ruby/setup-ruby@v1 - run: gem install packagecloud-ruby - run: | echo '{"experimental": true}' | sudo tee /etc/docker/daemon.json sudo systemctl restart docker.service docker version -f '{{.Server.Experimental}}' - - uses: docker/setup-qemu-action@v1 + - uses: docker/setup-qemu-action@v2 - run: git clone https://github.com/git-lfs/build-dockers.git "$HOME/build-dockers" - run: (cd "$HOME/build-dockers" && ./build_dockers.bsh --arch=$ARCH $CONTAINER) env: