dfinity · sasa-tomic · Jan 26, 2024 · Jan 26, 2024 · Jan 26, 2024 · Jan 26, 2024
@@ -5,13 +5,18 @@ on:
       - "main"
   pull_request:
   merge_group:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 jobs:
   bazel:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v4
-      - uses: ./.github/workflows/setup-bazel
-        name: Setup bazel
+      - uses: ./.github/workflows/manage-runner-pre
+        name: Setup runner
 
       ########################################
       # Build and test
@@ -53,18 +58,18 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Push images to GitHub Container Registry
-        if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
+        if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
         run: bazel query --noshow_progress 'kind("oci_push", ...)' | xargs -I_target bazel run _target -- --tag ${GITHUB_SHA}
 
       ########################################
       # Update k8s deployments
       ########################################
       - name: Update k8s deployments
-        if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
-        uses: ./.github/workflows/update-k8s-deployments.yml
+        if: ${{ startsWith(github.ref, 'refs/tags/v') || startsWith(github.head_ref, 'container') || startsWith(github.ref, 'refs/heads/container') || (github.ref == 'refs/heads/main') }}
+        uses: ./.github/workflows/update-k8s-deployments
 
       ########################################
-      # Optimize bazel cache by hard-linking duplicate files
+      # Clean up runner
       ########################################
-      - name: Optimize bazel cache directory before uploading
-        run: bin/optimize-bazel-cache.sh
+      - uses: ./.github/workflows/manage-runner-post
+        name: Tear down runner
@@ -0,0 +1,27 @@
+name: Setup runner
+description: Reusable action for tearing down the github runner
+
+runs:
+  using: composite
+  steps:
+    ########################################
+    # Optimize bazel cache by hard-linking duplicate files
+    ########################################
+    - name: Optimize bazel cache directory before uploading
+      run: bin/optimize-bazel-cache.sh
+
+    ########################################
+    # Save cache:
+    #
+    # Cache is saved on main only to avoid cache evictions due to github restrictions:
+    # https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache
+    ########################################
+    - name: Saving cache on main only
+      if: ${{ github.ref == 'refs/heads/main' }}
+      uses: actions/cache/save@v3
+      with: 
+        path: "~/.cache/bazel"
+        # Configure cache updates
+        # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
+        # https://github.com/actions/cache/blob/main/examples.md#---bazel
+        key: ${{ runner.os }}-bazel-${{ hashFiles('.bazelversion', '.bazelrc', 'WORKSPACE', 'WORKSPACE.bazel', 'MODULE.bazel', 'Cargo.Bazel.lock') }}
@@ -1,5 +1,5 @@
-name: Setup bazel
-description: Reusable action for setting up bazel
+name: Setup runner
+description: Reusable action for setting up the github runner
 
 runs:
   using: composite
@@ -20,7 +20,7 @@ runs:
     # Download and unpack cache
     ########################################
     - name: Mount bazel cache
-      uses: actions/cache@v3
+      uses: actions/cache/restore@v3
       with:
         path: "~/.cache/bazel"
         # Configure cache updates

@@ -1,13 +1,15 @@
 name: Update dependencies
 on:
+  workflow_dispatch:
   schedule:
     # * is a special character in YAML so you have to quote this string
-    - cron:  '30 1 * * *'
+    - cron:  '30 1 * * Mon,Wed,Fri'
 
 jobs:
   update:
     runs-on: ubuntu-20.04
     steps:
+      - uses: actions/checkout@v4
       - uses: ./.github/workflows/setup-bazel
 
       ########################################
@@ -18,25 +20,23 @@ jobs:
           python-version: "3.11"
       - uses: snok/install-poetry@v1
 
-      - name: Completely delete bazel cache then update deps
+      - name: Completely delete bazel cache and then recreate it
         run: |
           set -eExou pipefail
           #
-          # Completely delete bazel cache
-          #
-          sudo rm -rf ~/.cache/bazel/*
-          #
-          # Update dependencies
+          # Update dependencies and export files that bazel can consume
           #
           cargo update
           poetry update
           ./bin/poetry-export.sh
-          CARGO_BAZEL_REPIN=true bazel query //...
-
-      - name: Build
-        run: bazel build ...
+          #
+          # Completely delete the bazel cache and then recreate it
+          # Cache should have everything that bazel build requires, and nothing more
+          #
+          sudo rm -rf ~/.cache/bazel/*
+          CARGO_BAZEL_REPIN=true bazel build ...
 
-      - uses: stefanzweifel/git-auto-commit-action@v5
+      - uses: peter-evans/create-pull-request@v5
         with:
           commit-message: "chore: Update dependencies"
           branch: bot-update-deps
@@ -46,3 +46,15 @@ jobs:
       ########################################
       - name: Optimize bazel cache directory before uploading
         run: bin/optimize-bazel-cache.sh
+
+      ########################################
+      # Save cache only on main
+      ########################################
+      - name: Saving cache on main
+        uses: actions/cache/save@v3
+        with: 
+          path: "~/.cache/bazel"
+          # Configure cache updates
+          # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
+          # https://github.com/actions/cache/blob/main/examples.md#---bazel
+          key: ${{ runner.os }}-bazel-${{ hashFiles('.bazelversion', '.bazelrc', 'WORKSPACE', 'WORKSPACE.bazel', 'MODULE.bazel', 'Cargo.Bazel.lock') }}
@@ -0,0 +1,42 @@
+name: Update k8s deployments
+description: Reusable action for updating k8s deployments
+
+runs:
+  using: composite
+  steps:
+    - env:
+        GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }}
+      shell: bash
+      run: |
+        set -eExou pipefail
+
+        cd .git
+
+        # checkout branch
+        git clone "https://gitlab-ci-token:${GITLAB_API_TOKEN}@gitlab.com/dfinity-lab/private/k8s/k8s.git"
+
+        cd k8s
+        git config user.email "idx@dfinity.org"
+        git config user.name "IDX Automation"
+        git checkout -b "update-image-tag-${GITHUB_SHA}"
+
+        # Update the internal dashboard image refs
+        # this regex matches the first group (ie the image name) and uses \1
+        # called a back-reference to insert the first group matched, the second
+        # part is to match the 40 characters hash that we replace with the $GITHUB_SHA
+        sed -i "s~\(\([[:alpha:]]\|-\)\+\):[[:alnum:]]\{40\}~\1:${GITHUB_SHA}~g" bases/apps/mainnet-dashboard/statefulset-slack.yaml bases/apps/mainnet-dashboard/backend/base/deployment.yaml bases/apps/mainnet-dashboard/frontend/deployment.yaml
+
+        # commit changes if there are any
+        git add .
+        if git diff --cached --quiet; then
+          echo "No changes to commit."
+          exit 0
+        fi
+
+        # Push changes and create a new merge request
+        git commit -m "Updating container base image refs"
+        git push \
+          -o merge_request.create \
+          -o merge_request.title="[nomrbot] - Updating container image refs mainnet-dashboard [$GITHUB_SHA]" \
+          -o merge_request.description="Changes to the release repository - [here](https://github.com/dfinity/dre/commit/$GITHUB_SHA)" \
+          --force --set-upstream origin "update-image-tag-${GITHUB_SHA}"