New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GitHub Action #974
Comments
What would be the point of breaking down semantic-release into multiple pieces that could run individually? semantic-release is already modular thanks to plugins: https://github.com/semantic-release/semantic-release/blob/multi-branches/docs/usage/plugins.md Instead a GitHub action could be one that runs when all CI pass (is that possible by the way?) and that just run The workflow you describe is already possible via the config Breaking down semantic-release into multiple piece as you suggest would be quite complex to do and make us loose a lot of features. Currently the each plugins are orchestrated and called by the core and there is some dependencies, for example:
The problem with having all those steps running in different processes is that we cannot pass much information between them other than the version released (via the tag itself). The current plugin system allow a lot more flexibility and advanced features. In addition, I don't see how configuring several actions is beneficial versus configuring a list of plugins. Finally the current plugin system allow to work and be modular with any Git host (GitLab, Bitbucket, custom server) and to deploy to any package manager. That said, if you provide compelling reasons to go that direction we'll certainly consider it! |
@pvdlg I think the plugin system pretty much works the way I was envisioning, it sounds like if (as an example) I instead wanted to publish the npm module using
And opt out of the
@joshk is working on a proof of concept that would provide a full-featured Travis CI test run, in the form of an action. Should I attempt to see https://github.com/conventional-commits/conventional-commits-action over the finish line, and we could potentially reference it as one of the recipes? Or would you rather create your own action, and I'd happily contribute? |
Yes you can exclude the
So again, what would be the point?
That's already the case. By running This is why I suggested that a semantic-release action would just run
We will most likely create a GitHub action that runs The code should be extremely simple though:
#!/bin/sh
set -e
sh -c "npx semantic-release $*" |
@pvdlg most of the complexity in the container I shared is adding support for the hub CLI, so that you can easily It seems like |
GitHub actions would be really beneficial for semantic-release if they would allow to:
I don't know if that's possible though. Without those two things, running semantic-release in any CI or a GitHub action is pretty much he same thing. |
@pvdlg do you mean external CIs? (Such as Travis CI, etc.)
I would assume not, but I haven't confirmed that myself. |
Yes
Same. I'd be curious to know. Currently the only solution is a GitHub app, which come with limitation (no file system, can't run user code) |
In the case of a simple npm package, I did the following:
There was no need to wait on external CI providers because GitHub Actions became my CI. My Deliver job waited on the filter job (which just checks that I only release on the Anyway, it's just an example of how I imagine I could hook (Please ignore the |
If external CI is needed, then maybe @joshk's work would provide an Action that demonstrates how to call out to Travis-CI to trigger CI jobs on that platform. In that case, I then imagine that I might have a Travis CI Action for calling out to Travis CI and running my Travis CI test matrix, and then another action that calls out to maybe AppVeyor to execute my test matrix on that platform. Then I would fan those back into a |
I imagine this would also translate well to offering a |
All that doesn't provide additional value versus any CI as most CI offer a mechanism to orchestrate jobs. One benefit that GitHub actions could bring would be to run something when all check status on the HEAD are successful. So it would allow for example to run semantic-release only after Travis CI and Appveyor and Codecov are successful for example. |
I agree, I think GitHub actions are made much more valuable once there's a clear story regarding how you can wire them together with a variety of external services. Travis CI, or AppVeyor, etc., have the benefit of running on a large matrix of platforms, providing information about past failures, etc. Similarly services like Codecov or Coveralls.io provide useful historical information about the quality of a codebase over time.
Yeah, can't imagine how this wouldn't be a security nightmare ... what is cool about GitHub actions is they do magically populate the |
Basically I'd like a trigger like @bcoe do you think there is some workaround or a solution to achieve a similar workflow? The solution I planned to implement is a GitHub app that list for Check API events, and when all are successful create a branch, that would in turn trigger the a CI job that runs semantic-release.
Yes that's the cool part, however is it guaranteed? What happen when you run the action on |
@hbetts I'm not sure that the If that's the case, what would your semantic expectation be for what happens? |
The GitHub token you get is an installation token scoped to the repository which the workflow runs on. What this means is that you can't post anything to the forked repo, but you can have workflows run on the forked repo (given they are flagged in to the beta as well). |
FYI, I put a bit of thinking into this last week as we're (the GitHub Primer team) interested in using
TL;DR: it's basically doable, but not without custom actions and some environment variable tweaks. Here's what I ran into:
I was able to make this action work after all of this, but it was more of a headache than I'd expected; and I'm not entirely happy with everything using my personal access token (IMO, the built-in access token is one of the reasons to use Actions over Travis in the first place). In its current state, it's definitely not ready for prime-time. If anyone is looking to run tests on Travis and then semantic-release in an action, I would suggest looking into a command that waits for Travis's commit status (or check) to pass before running. The ideal would be to have the semantic-release action only run on the |
@shawnbot could you
Is this for pushing a commit to the repository where the |
Yes, I think that would work too. I mostly noted that for my colleagues working on Actions, though, who may be interested in exporting that environment variable by default, e.g. as
Yep! semantic-release plugins could theoretically commit other files too, though, right? |
Indeed they can! |
That's correct. |
@shawnbot great to know that you are looking to use semantic-release with Primer! We'll definitely provide a GitHub action at some point. But there was no urgency on our side as long as actions are in beta.
That's kind a problem...I though the Do you know what are the permission of the |
Hi, thanks for sharing thoughts and experiences about GitHub Action for
But when looking further this seems to be a general problem in GitHub Actions and not only related to the special
Update: Found a twitter message that suggests this is a bug. Thanks, |
@joakimhellum-in I ran into the same issue working on some non-semantic-release actions this week, and have confirmed with the team that this is a known bug. |
@shawnbot I’ve learned from @JasonEtco that he successfully pushed to a repository using this form |
@gr2m to be clear - that solution will let you push no problem, but will still be blocked from pushing |
I just wrote an action based on semantic-release@^15 and it looks work well for me. |
Do actions work now with the default GitHub token secret in actions? Ie no need to manually add a personal access token for semantic release to work? |
No, it works with See also the discussion at #1317 |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
There is a problem wants help. Related Issue: cycjimmy/semantic-release-action#2 |
semantic release may be leaving a .npmrc file in the repo once it’s done. Maybe just add a |
@rarkins It looks work well! |
Issue: "Failed to replace env in config: ${NPM_TOKEN}" after release #2 solution:semantic-release/semantic-release#974 (comment)
## [2.0.1](v2.0.0...v2.0.1) (2019-10-26) ### Bug Fixes * **.npmrc:** clean up `.npmrc` file in the repo after releasing ([a0ef86e](a0ef86e)), closes [#2](#2) [/github.com/semantic-release/semantic-release/issues/974#issuecomment-546577677](https://github.com//github.com/semantic-release/semantic-release/issues/974/issues/issuecomment-546577677)
I've been using @cycjimmy's https://github.com/cycjimmy/semantic-release-action and it's been working pretty well. The only setup for it that I did was running https://github.com/semantic-release/cli, answering the questions, then adding the GH_TOKEN and NPM_TOKEN to the repository secrets. I also had to set my npm 2fa to auth only (as described in an issue around here somewhere). |
The problem described was only for someone running npm or yarn after semantic-release. |
I think most of the issue discussed there have been fixed (including not leaving a IS there anything missing? Or should we close this issue? |
Docs suggests to create a workflow with What's the matter? Docs also claims that:
I did some experiments and this is not true. Failing tests on one workflow wouldn't stop Perhaps
I already saw two articles suggesting multi-workflow setup for Maybe I am missing something and this is expected behavior but I think it's unclear. |
@gr2m can you help on that? |
@pvdlg I've tested my proposed single workflow and it works correctly on failed and passed tests. |
I will have a look after the holidays |
I do two separate workflows, because my setup guarantees that changes are only merged into master when all tests are passing, that workflow is enforced with branch protection. There is no need to run all the same tests again on master, after they passed on a pull request. I still think we should create our own semantic-release action, there are some good actions out there already, but as sensitive tokens are passed to the action, people are hesitant to use actions from owners they don't know. Maybe we could invite one of the existing action to be moved to semantic-release and enforce a review workflow. Or make one ourselves, it shouldn't require a lot of code. The only benefit I see from using Actions is that a semantic-release action can provide outputs such as a flag if a version was released and what version. I think outputs feature introduced in Actions v2 would also make it possible to create more modular GitHub actions as suggested by @bcoe in the original issue. But that's out of scope for now |
@gr2m I would still like to sanity check my I also thought about whether GitHub's long-supported-but-rarely-used deployments API could be a good fit for this, but didn't find any relevant hits either. i.e. master branch triggers a deployment, and then the deployment event triggers the release action (instead of a push event triggering it). |
I usually use the branch protection settings to enforce a PR workflow for everyone, including the "Require branches to be up to date before merging " setting. Then I no longer run tests on master I don't know of a built-in way where You can create the dispatch event fairly easily using https://github.com/octokit/request-action/
You could use that as an alternative to the dispatch event, but I think the dispatch event would work better in this case |
New feature motivation
I've been playing a bit with GitHub actions, my motivation being to show off how an automated tagging/CHANGELOG generation workflow can chain together with actions/npm.
So far I've been prototyping with standard-version, which is a CLI tool I wrote that handles tagging/CHANGELOG generation via-Conventional Commit Messages.
The prototype is here...
It feels like it would potentially make more sense for the action to use some combination of
semantic-release
actions...New feature description
I was thinking perhaps
semantic-release
could be broken out into individual actions, each running as individual steps in a GitHub workflow ... here's my dream world:travis-ci
action that fans out tests on a variety of platforms.if the build is successful ...
semantic-release
action that handles tagging.semantic-release
action that handles CHANGELOG generation. (optionally).semantic-release
action that mints the GitHub release (optionally).actions/npm
action to handle publishing to npm.New feature implementation
Curious what other folks think, CC: @hbetts, @gajus, @joshk, @nickvanw, @zeke
The text was updated successfully, but these errors were encountered: