m/metamask-extension
1
0
Fork 0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-11-22 01:47:00 +01:00
Code

Allow partially re-running a policy update (#19773)

Browse Source 
Today if you try to re-run failed jobs in a policy update, it will
fail to restore caches from jobs that were successful. This could
result in a partial update, or a misleading "No policy changes"
message when there are policy changes to make. It's only safe to re-
run the entire workflow.

The cache key has been updated to reference the commit hash instead of
the run ID, making it safe to re-run just the failed jobs.
This commit is contained in:
Mark Stacey 2023-06-30 13:01:17 -02:30 committed by GitHub
parent 6bde562b73
commit 8404b8a3fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/workflows/update-lavamoat-policies.yml vendored
View File

@ -48,6 +48,8 @@ jobs:
needs: is-fork-pull-request
# Early exit if this is a fork, since later steps are skipped for forks
if: ${{ needs.is-fork-pull-request.outputs.IS_FORK == 'false' }}
outputs:
COMMIT_SHA: ${{ steps.commit-sha.outputs.COMMIT_SHA }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
@ -63,6 +65,9 @@ jobs:
cache: 'yarn'
- name: Install Yarn dependencies
run: yarn --immutable
- name: Get commit SHA
id: commit-sha
run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
update-lavamoat-build-policy:
name: Update LavaMoat build policy
@ -90,7 +95,7 @@ jobs:
uses: actions/cache/save@v3
with:
path: lavamoat/build-system
key: cache-build-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-build-${{ needs.prepare.outputs.COMMIT_SHA }}
update-lavamoat-webapp-policy:
strategy:
@ -125,12 +130,13 @@ jobs:
uses: actions/cache/save@v3
with:
path: lavamoat/browserify/${{ matrix.build-type }}
key: cache-${{ matrix.build-type }}-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-${{ matrix.build-type }}-${{ needs.prepare.outputs.COMMIT_SHA }}
commit-updated-policies:
name: Commit the updated LavaMoat policies
runs-on: ubuntu-latest
needs:
- prepare
- is-fork-pull-request
- update-lavamoat-build-policy
- update-lavamoat-webapp-policy
@ -147,11 +153,14 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.LAVAMOAT_UPDATE_TOKEN }}
PR_NUMBER: ${{ github.event.issue.number }}
- name: Get commit SHA
id: commit-sha
run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
- name: Restore build policy
uses: actions/cache/restore@v3
with:
path: lavamoat/build-system
key: cache-build-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-build-${{ needs.prepare.outputs.COMMIT_SHA }}
fail-on-cache-miss: true
# One restore step per build type: [main, beta, flask, mmi, desktop]
# Ensure this is synchronized with the list above in the "update-lavamoat-webapp-policy" job
@ -160,31 +169,31 @@ jobs:
uses: actions/cache/restore@v3
with:
path: lavamoat/browserify/main
key: cache-main-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-main-${{ needs.prepare.outputs.COMMIT_SHA }}
fail-on-cache-miss: true
- name: Restore beta application policy
uses: actions/cache/restore@v3
with:
path: lavamoat/browserify/beta
key: cache-beta-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-beta-${{ needs.prepare.outputs.COMMIT_SHA }}
fail-on-cache-miss: true
- name: Restore flask application policy
uses: actions/cache/restore@v3
with:
path: lavamoat/browserify/flask
key: cache-flask-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-flask-${{ needs.prepare.outputs.COMMIT_SHA }}
fail-on-cache-miss: true
- name: Restore mmi application policy
uses: actions/cache/restore@v3
with:
path: lavamoat/browserify/mmi
key: cache-mmi-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-mmi-${{ needs.prepare.outputs.COMMIT_SHA }}
fail-on-cache-miss: true
- name: Restore desktop application policy
uses: actions/cache/restore@v3
with:
path: lavamoat/browserify/desktop
key: cache-desktop-${{ github.run_id }}-${{ github.run_attempt }}
key: cache-desktop-${{ needs.prepare.outputs.COMMIT_SHA }}
fail-on-cache-miss: true
- name: Check whether there are policy changes
id: policy-changes