QA-2168: Refactor provider tests to use app version tag (semvar) (#1253)

* Refactor provider tests to use app version tag (semvar) * Add provider version to job output * Use workflow-dispatch v4.0.0 when applicable
broadinstitute · Nov 14, 2023 · 31b47ba · 31b47ba
1 parent 7e0e1da
commit 31b47ba
Show file tree

Hide file tree

Showing 4 changed files with 105 additions and 22 deletions.
diff --git a/.github/workflows/sam-build-tag-publish-and-run-tests.yaml b/.github/workflows/sam-build-tag-publish-and-run-tests.yaml
@@ -10,27 +10,27 @@ on:
       - develop
     paths-ignore: ['**.md']
 
+env:
+  BEE_CREATE_RUN_NAME: 'bee-create-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
+  BEE_DESTROY_RUN_NAME: 'bee-destroy-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
+
 jobs:
+  tag:
+    uses: ./.github/workflows/tag.yml
+    secrets: inherit
+
   sam-build-tag-publish-job:
     runs-on: ubuntu-latest
+    needs: [ tag ]
     permissions:
       contents: 'read'
       id-token: 'write'
     outputs:
       custom-version-json: ${{ steps.render-sam-version.outputs.custom-version-json }}
-      tag: ${{ steps.tag.outputs.tag }}
+      tag: ${{ needs.tag.outputs.tag }}
     steps:
       - uses: 'actions/checkout@v3'
 
-      - name: Bump the tag to a new version
-        uses: databiosphere/github-actions/actions/[email protected]
-        id: tag
-        env:
-          DEFAULT_BUMP: patch
-          GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
-          RELEASE_BRANCHES: develop
-          WITH_V: true
-
       - name: debug outputs
         run: |-
           echo "github.ref ${{ github.ref }}"
@@ -64,15 +64,15 @@ jobs:
           repo: broadinstitute/terra-github-workflows
           ref: refs/heads/main
           token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
-          inputs: '{ "repository": "${{ github.event.repository.full_name }}", "ref": "${{ steps.extract-branch.outputs.name }}", "sam-release-tag": "${{ steps.tag.outputs.tag }}" }'
+          inputs: '{ "repository": "${{ github.event.repository.full_name }}", "ref": "${{ steps.extract-branch.outputs.name }}", "sam-release-tag": "${{ needs.tag.outputs.tag }}" }'
 
       - name: Render Sam version
         id: render-sam-version
         env:
           GITHUB_CONTEXT: ${{ toJSON(github) }}
         run: |
           echo "$GITHUB_CONTEXT"
-          echo 'custom-version-json={\"sam\":{\"appVersion\":\"${{ steps.tag.outputs.tag }}\"}}' >> $GITHUB_OUTPUT
+          echo 'custom-version-json={\"sam\":{\"appVersion\":\"${{ needs.tag.outputs.tag }}\"}}' >> $GITHUB_OUTPUT
 
   prepare-configs:
     runs-on: ubuntu-latest
@@ -129,14 +129,20 @@ jobs:
           echo '${{ needs.sam-build-tag-publish-job.outputs.custom-version-json }}'
 
       - name: dispatch to terra-github-workflows
-        uses: broadinstitute/workflow-dispatch@v3
+        uses: broadinstitute/workflow-dispatch@v4.0.0
         with:
+          run-name: "${{ env.BEE_CREATE_RUN_NAME }}-${{ matrix.terra-env }}"
           workflow: bee-create
           repo: broadinstitute/terra-github-workflows
           ref: refs/heads/main
           token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
           # manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
-          inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}", "version-template": "${{ matrix.terra-env }}", "custom-version-json": "${{ needs.sam-build-tag-publish-job.outputs.custom-version-json }}" }'
+          inputs: '{
+            "run-name": "${{ env.BEE_CREATE_RUN_NAME }}-${{ matrix.terra-env }}",
+            "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}",
+            "version-template": "${{ matrix.terra-env }}",
+            "custom-version-json": "${{ needs.sam-build-tag-publish-job.outputs.custom-version-json }}"
+          }'
 
   sam-smoke-test-job:
     strategy:
@@ -242,11 +248,15 @@ jobs:
       id-token: 'write'
     steps:
       - name: dispatch to terra-github-workflows
-        uses: broadinstitute/workflow-dispatch@v3
+        uses: broadinstitute/workflow-dispatch@v4.0.0
         with:
+          run-name: "${{ env.BEE_DESTROY_RUN_NAME }}-${{ matrix.terra-env }}"
           workflow: bee-destroy
           repo: broadinstitute/terra-github-workflows
           ref: refs/heads/main
           token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
           # manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
-          inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}" }'
+          inputs: '{
+            "run-name": "${{ env.BEE_DESTROY_RUN_NAME }}-${{ matrix.terra-env }}",
+            "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}"
+          }'
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
@@ -0,0 +1,41 @@
+name: Tag
+on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      print-tag:
+        description: "Echo generated tag to console"
+        default: "true"
+        required: false
+        type: string
+    outputs:
+      tag:
+        description: "Generated tag"
+        value: ${{ jobs.tag-job.outputs.tag }}
+    secrets:
+      BROADBOT_TOKEN:
+        required: true
+
+jobs:
+  tag-job:
+    runs-on: ubuntu-latest
+    outputs:
+      tag: ${{ steps.tag.outputs.tag }}
+    steps:
+      - name: Checkout current code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.BROADBOT_TOKEN }} # this allows the push to succeed later
+      - name: Bump the tag to a new version
+        # https://github.com/DataBiosphere/github-actions/tree/master/actions/bumper
+        uses: databiosphere/github-actions/actions/[email protected]
+        id: tag
+        env:
+          DEFAULT_BUMP: patch
+          GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
+          RELEASE_BRANCHES: develop
+          WITH_V: true
+      - name: Echo generated tag to console
+        if: ${{ inputs.print-tag == 'true' }}
+        run: |
+          echo "app version tag: '${{ steps.tag.outputs.tag }}'"
diff --git a/.github/workflows/verify_consumer_pacts.yml b/.github/workflows/verify_consumer_pacts.yml
@@ -69,17 +69,28 @@ on:
 
 env:
   PACT_BROKER_URL: https://pact-broker.dsp-eng-tools.broadinstitute.org
+  CAN_I_DEPLOY_RUN_NAME: 'can-i-deploy-${{ github.event.repository.name }}-${{ github.run_id }}-${{ github.run_attempt }}'
   COURSIER_CACHE: $HOME/.cache
   SBT_CACHE: $HOME/.sbt
 
 jobs:
+  # Create a new version tag only when this workflow is triggered by a PR or merge commit.
+  # If triggered by a Pact Broker webhook, the provider version (GIT hash or release tag)
+  # is already included in the payload, making a new version tag unnecessary.
+  tag:
+    if: ${{ inputs.pb-event-type == '' }}
+    uses: ./.github/workflows/tag.yml
+    secrets: inherit
+
   verify-consumer-pact:
     runs-on: ubuntu-latest
+    needs: [ tag ]
     permissions:
       contents: 'read'
       id-token: 'write'
     outputs:
       provider-sha: ${{ steps.verification-test.outputs.provider-sha }}
+      provider-version: ${{ steps.verification-test.outputs.provider-version }}
 
     steps:
       - name: Checkout current code
@@ -129,6 +140,14 @@ jobs:
           echo "CONSUMER_BRANCH=${{ inputs.consumer-version-branch }}" >> $GITHUB_ENV
           echo "CONSUMER_SHA=${{ inputs.consumer-version-number }}" >> $GITHUB_ENV
 
+      - name: Set provider version envvar
+        run: |
+          if [[ -n "${{ needs.tag.outputs.tag }}" ]]; then
+            echo "PROVIDER_VERSION=${{ needs.tag.outputs.tag }}" >> $GITHUB_ENV
+          else
+            echo "PROVIDER_VERSION=${{ env.PROVIDER_SHA }}" >> $GITHUB_ENV
+          fi
+
       - name: Switch to appropriate branch
         run: |
           if [[ -z "${{ env.PROVIDER_BRANCH }}" ]]; then
@@ -266,6 +285,7 @@ jobs:
         id: verification-test
         run: |
           echo "provider-sha=${{ env.PROVIDER_SHA }}" >> $GITHUB_OUTPUT
+          echo "provider-version=${{ env.PROVIDER_VERSION }}" >> $GITHUB_OUTPUT
           echo "env.CHECKOUT_BRANCH=${{ env.CHECKOUT_BRANCH }} # If not empty, this reflects the branch being checked out (generated by Pact Broker)"
           echo "env.CHECKOUT_SHA=${{ env.CHECKOUT_SHA }}       # If not empty, this reflects the git commit hash of the branch being checked out (generated by Pact Broker)"
           echo "env.CURRENT_BRANCH=${{ env.CURRENT_BRANCH }}   # This reflects the branch being checked out if CHECKOUT_BRANCH is empty"
@@ -274,6 +294,7 @@ jobs:
           echo "env.PROVIDER_SHA=${{ env.PROVIDER_SHA }}       # This reflects the provider version for pact verification"
           echo "env.CONSUMER_BRANCH=${{ env.CONSUMER_BRANCH }} # This reflects the consumer branch for pact verification (generated by Pact Broker)"
           echo "env.CONSUMER_SHA=${{ env.CONSUMER_SHA }}       # This reflects the consumer version for pact verification (generated by Pact Broker)"
+          echo "env.PROVIDER_VERSION=${{ env.PROVIDER_VERSION }}  # Deprecate env.PROVIDER_SHA. This new envvar is used for migrating GIT hash to app versioning"
 
           # Refer to https://github.com/sbt/docker-sbt on this Docker image
           # Recent sbt versions use Coursier instead of Ivy for dependency management.
@@ -287,6 +308,7 @@ jobs:
                           -e PACT_PUBLISH_RESULTS=true \
                           -e PROVIDER_BRANCH=${{ env.PROVIDER_BRANCH }} \
                           -e PROVIDER_SHA=${{ env.PROVIDER_SHA }} \
+                          -e PROVIDER_VERSION=${{ env.PROVIDER_VERSION }} \
                           -e CONSUMER_NAME=${{ env.CONSUMER_NAME }} \
                           -e CONSUMER_BRANCH=${{ env.CONSUMER_BRANCH }} \
                           -e CONSUMER_SHA=${{ env.CONSUMER_SHA }} \
@@ -305,10 +327,15 @@ jobs:
     needs: [ verify-consumer-pact ]
     steps:
       - name: Dispatch to terra-github-workflows
-        uses: broadinstitute/workflow-dispatch@v3
+        uses: broadinstitute/workflow-dispatch@v4.0.0
         with:
+          run-name: "${{ env.CAN_I_DEPLOY_RUN_NAME }}"
           workflow: .github/workflows/can-i-deploy.yaml
           repo: broadinstitute/terra-github-workflows
           ref: refs/heads/main
           token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
-          inputs: '{ "pacticipant": "sam", "version": "${{ needs.verify-consumer-pact.outputs.provider-sha }}" }'
+          inputs: '{
+            "run-name": "${{ env.CAN_I_DEPLOY_RUN_NAME }}",
+            "pacticipant": "sam",
+            "version": "${{ needs.verify-consumer-pact.outputs.provider-version }}"
+          }'
diff --git a/pact4s/src/test/scala/org/broadinstitute/dsde/workbench/sam/provider/SamProviderSpec.scala b/pact4s/src/test/scala/org/broadinstitute/dsde/workbench/sam/provider/SamProviderSpec.scala
@@ -212,6 +212,8 @@ class SamProviderSpec
   // Provider branch, sha
   lazy val branch: String = sys.env.getOrElse("PROVIDER_BRANCH", "")
   lazy val gitSha: String = sys.env.getOrElse("PROVIDER_SHA", "")
+  // gitSha is deprecated, use providerVer instead
+  lazy val providerVer: String = sys.env.getOrElse("PROVIDER_VERSION", "")
   // Consumer name, bran, sha (used for webhook events only)
   lazy val consumerName: Option[String] = sys.env.get("CONSUMER_NAME")
   lazy val consumerBranch: Option[String] = sys.env.get("CONSUMER_BRANCH")
@@ -293,7 +295,7 @@ class SamProviderSpec
       )
       .withConsumerVersionSelectors(consumerVersionSelectors)
       .withAuth(BasicAuth(pactBrokerUser, pactBrokerPass))
-      .withPendingPactsEnabled(ProviderTags(gitSha))
+      .withPendingPactsEnabled(ProviderTags(providerVer))
   ).withHost("localhost")
     .withPort(8080)
     .withRequestFiltering(requestFilter)
@@ -311,9 +313,12 @@ class SamProviderSpec
     val publishResults = sys.env.getOrElse("PACT_PUBLISH_RESULTS", "false").toBoolean
     verifyPacts(
       providerBranch = if (branch.isEmpty) None else Some(Branch(branch)),
-      publishVerificationResults = if (publishResults) Some(
-        PublishVerificationResults(gitSha, ProviderTags(branch))
-      ) else None,
+      publishVerificationResults =
+        if (publishResults)
+          Some(
+            PublishVerificationResults(providerVer, ProviderTags(branch))
+          )
+        else None,
       providerVerificationOptions = Seq(
         ProviderVerificationOption.SHOW_STACKTRACE
       ).toList,