From aa33f80a1a0c101bcd8a6c500bebaeb29a6f5949 Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 10:02:42 -0700 Subject: [PATCH 1/9] use mutex spike actions --- .github/workflows/pipelines-root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index c0478280..432b6cea 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -31,7 +31,7 @@ on: env: PIPELINES_CLI_VERSION: v0.10.1 - PIPELINES_ACTIONS_VERSION: v1.3.3 + PIPELINES_ACTIONS_VERSION: mutexspike BOILERPLATE_VERSION: v0.5.16 GRUNTWORK_INSTALLER_VERSION: v0.0.40 From ea6aa9f302f172ae570c7a5b09206a8f2d4198c0 Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 17:03:22 -0700 Subject: [PATCH 2/9] add cleanup step to finalize comments --- .github/workflows/pipelines-root.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 432b6cea..20bb449f 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -268,3 +268,21 @@ jobs: access_control_pull_request_url: ${{ steps.access_control_pr.outputs.pull_request_url }} PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} ORG_REPO_ADMIN_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} + + pipelines_cleanup: + name: "Pipelines Cleanup" + needs: [detect_changes, pipelines_determine, pipelines_apply_baselines] + runs-on: ${{ fromJSON(inputs.runner) }} + # GHA can't check for length, so we just check if there is an item in the 0 index + if: ${{ fromJson(needs.detect_changes.outputs.pipelines_jobs)[0].NewAccounts[0] != null && needs.pipelines_determine.outputs.delegate_management == 'true' && needs.pipelines_determine.outputs.terragrunt_command == 'run-all apply' }} + steps: + - name: Checkout Pipelines Actions + uses: actions/checkout@v4 + with: + path: pipelines-actions + repository: gruntwork-io/pipelines-actions + ref: ${{ env.PIPELINES_ACTIONS_VERSION }} + token: ${{ secrets.PIPELINES_READ_TOKEN }} + + - name: Update comment + uses: ./pipelines-actions/.github/actions/pipelines-status-update \ No newline at end of file From 309cacab8f7a259d493d008ea217d950ae1d1b0e Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 17:36:17 -0700 Subject: [PATCH 3/9] fix cleanup job --- .github/workflows/pipelines-root.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 20bb449f..4739d9d8 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -273,8 +273,6 @@ jobs: name: "Pipelines Cleanup" needs: [detect_changes, pipelines_determine, pipelines_apply_baselines] runs-on: ${{ fromJSON(inputs.runner) }} - # GHA can't check for length, so we just check if there is an item in the 0 index - if: ${{ fromJson(needs.detect_changes.outputs.pipelines_jobs)[0].NewAccounts[0] != null && needs.pipelines_determine.outputs.delegate_management == 'true' && needs.pipelines_determine.outputs.terragrunt_command == 'run-all apply' }} steps: - name: Checkout Pipelines Actions uses: actions/checkout@v4 From 69b9ca66ccf19dd7d4acd5be5e9bfee4dd381182 Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 17:37:13 -0700 Subject: [PATCH 4/9] missing dependency --- .github/workflows/pipelines-root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 4739d9d8..de21188d 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -271,7 +271,7 @@ jobs: pipelines_cleanup: name: "Pipelines Cleanup" - needs: [detect_changes, pipelines_determine, pipelines_apply_baselines] + needs: [detect_changes, pipelines_determine, pipelines_apply_baselines, pipelines_setup_delegated_repo] runs-on: ${{ fromJSON(inputs.runner) }} steps: - name: Checkout Pipelines Actions From 97dfc4ef0685eb0ef0be54b33d43e590daf82632 Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 17:41:59 -0700 Subject: [PATCH 5/9] Try another cleanup approach --- .github/workflows/pipelines-root.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index de21188d..b77a78ad 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -270,8 +270,8 @@ jobs: ORG_REPO_ADMIN_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} pipelines_cleanup: - name: "Pipelines Cleanup" - needs: [detect_changes, pipelines_determine, pipelines_apply_baselines, pipelines_setup_delegated_repo] + name: "Pipelines Matrix Cleanup" + needs: [detect_changes, pipelines_determine] runs-on: ${{ fromJSON(inputs.runner) }} steps: - name: Checkout Pipelines Actions From 9b95fc7b38245c51a541f58261d9c7921e3d8581 Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 17:46:16 -0700 Subject: [PATCH 6/9] comment why were doing this --- .github/workflows/pipelines-root.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index b77a78ad..55a48629 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -283,4 +283,8 @@ jobs: token: ${{ secrets.PIPELINES_READ_TOKEN }} - name: Update comment + # The idea here is that there is a race condition in the updating of the jobs in the matrix: + # if one job is uploading its state artifact WHILST another is downloading, then the downloader + # will miss the state update from the uploader, and if the downloader is the last job, there's nobody + # to come later and grab the uploader's update. uses: ./pipelines-actions/.github/actions/pipelines-status-update \ No newline at end of file From 874eae5212553092ccb4eaf97efd87ab32055bdf Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 17:49:19 -0700 Subject: [PATCH 7/9] add delegated too --- .github/workflows/pipelines-delegated.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/pipelines-delegated.yml b/.github/workflows/pipelines-delegated.yml index e9ddeb09..b747848b 100644 --- a/.github/workflows/pipelines-delegated.yml +++ b/.github/workflows/pipelines-delegated.yml @@ -133,3 +133,23 @@ jobs: terragrunt_command: ${{ steps.bootstrap.outputs.terragrunt_command }} additional_data: ${{ steps.bootstrap.outputs.additional_data }} child_account_id: ${{ steps.bootstrap.outputs.child_account_id }} + + pipelines_cleanup: + name: "Pipelines Matrix Cleanup" + needs: [detect_changes, pipelines_determine] + runs-on: ${{ fromJSON(inputs.runner) }} + steps: + - name: Checkout Pipelines Actions + uses: actions/checkout@v4 + with: + path: pipelines-actions + repository: gruntwork-io/pipelines-actions + ref: ${{ env.PIPELINES_ACTIONS_VERSION }} + token: ${{ secrets.PIPELINES_READ_TOKEN }} + + - name: Update comment + # The idea here is that there is a race condition in the updating of the jobs in the matrix: + # if one job is uploading its state artifact WHILST another is downloading, then the downloader + # will miss the state update from the uploader, and if the downloader is the last job, there's nobody + # to come later and grab the uploader's update. + uses: ./pipelines-actions/.github/actions/pipelines-status-update \ No newline at end of file From 1d8ab1636517ea28108bedfda48ef874961f202d Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Fri, 21 Jun 2024 18:00:08 -0700 Subject: [PATCH 8/9] whitespace --- .github/workflows/pipelines-delegated.yml | 8 ++++---- .github/workflows/pipelines-root.yml | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pipelines-delegated.yml b/.github/workflows/pipelines-delegated.yml index b747848b..848f314a 100644 --- a/.github/workflows/pipelines-delegated.yml +++ b/.github/workflows/pipelines-delegated.yml @@ -148,8 +148,8 @@ jobs: token: ${{ secrets.PIPELINES_READ_TOKEN }} - name: Update comment - # The idea here is that there is a race condition in the updating of the jobs in the matrix: - # if one job is uploading its state artifact WHILST another is downloading, then the downloader - # will miss the state update from the uploader, and if the downloader is the last job, there's nobody - # to come later and grab the uploader's update. + # The idea here is that there is a race condition in the updating of the jobs in the matrix: + # if one job is uploading its state artifact WHILST another is downloading, then the downloader + # will miss the state update from the uploader, and if the downloader is the last job, there's nobody + # to come later and grab the uploader's update. uses: ./pipelines-actions/.github/actions/pipelines-status-update \ No newline at end of file diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 55a48629..8cf96f20 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -283,8 +283,8 @@ jobs: token: ${{ secrets.PIPELINES_READ_TOKEN }} - name: Update comment - # The idea here is that there is a race condition in the updating of the jobs in the matrix: - # if one job is uploading its state artifact WHILST another is downloading, then the downloader - # will miss the state update from the uploader, and if the downloader is the last job, there's nobody - # to come later and grab the uploader's update. + # The idea here is that there is a race condition in the updating of the jobs in the matrix: + # if one job is uploading its state artifact WHILST another is downloading, then the downloader + # will miss the state update from the uploader, and if the downloader is the last job, there's nobody + # to come later and grab the uploader's update. uses: ./pipelines-actions/.github/actions/pipelines-status-update \ No newline at end of file From 84ea752fb29c0c652e530a487a37d0342c78c13c Mon Sep 17 00:00:00 2001 From: Zach Goldberg Date: Mon, 24 Jun 2024 16:59:11 -0700 Subject: [PATCH 9/9] dont need cleanup anymore --- .github/workflows/pipelines-root.yml | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/.github/workflows/pipelines-root.yml b/.github/workflows/pipelines-root.yml index 8cf96f20..432b6cea 100644 --- a/.github/workflows/pipelines-root.yml +++ b/.github/workflows/pipelines-root.yml @@ -268,23 +268,3 @@ jobs: access_control_pull_request_url: ${{ steps.access_control_pr.outputs.pull_request_url }} PIPELINES_READ_TOKEN: ${{ secrets.PIPELINES_READ_TOKEN }} ORG_REPO_ADMIN_TOKEN: ${{ secrets.ORG_REPO_ADMIN_TOKEN }} - - pipelines_cleanup: - name: "Pipelines Matrix Cleanup" - needs: [detect_changes, pipelines_determine] - runs-on: ${{ fromJSON(inputs.runner) }} - steps: - - name: Checkout Pipelines Actions - uses: actions/checkout@v4 - with: - path: pipelines-actions - repository: gruntwork-io/pipelines-actions - ref: ${{ env.PIPELINES_ACTIONS_VERSION }} - token: ${{ secrets.PIPELINES_READ_TOKEN }} - - - name: Update comment - # The idea here is that there is a race condition in the updating of the jobs in the matrix: - # if one job is uploading its state artifact WHILST another is downloading, then the downloader - # will miss the state update from the uploader, and if the downloader is the last job, there's nobody - # to come later and grab the uploader's update. - uses: ./pipelines-actions/.github/actions/pipelines-status-update \ No newline at end of file