-
Notifications
You must be signed in to change notification settings - Fork 319
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve GH actions release process #3186
Comments
Note to my future self so my present self can forget the details:
|
What we really need is being able to run this in a test mode. A test branch, and test run in buildkite using that branch, against a test maven account or mock site, etc |
If buildkite returns failure, but maven central is still processing and will eventually succeed, is there any way we can tell about the maven central processing? Previously we could see it pending because we were logged in doing it, but now we could assume that it failed and try to re-run it and then find that maven succeeds later - what would happen in that scenario? |
I would expect the re-run to fail, because maven does not allow publishing the same artifact with the same version twice. |
In which case the buildkite job can be made entirely idempotent by first checking if the artifacts are available in maven - and if so skipping the rest of the job, but if not, just running the job because even if an ongoing update is happening in sonatype, the subsequent buildkite attempt should fail? I worry that sonatype is not really robust enough to take this kind of risk though |
I think the buildkite part of the job should actually do two things:
When everything goes well, the job completes when the artifact is published.
In order to attempt to make things idempotent, we could maybe use some dedicated moving git branches like the
I don't like this approach as it sounds brittle, and we don't have a way to keep the built and signed artifact binaries. Also another aspect that might be worth investigating is that if we make the agent produce reproducible artifacts (doc), then building the release artifacts twice and attempting to publish them more than once might not be an issue. |
Having an intermediate location which is not overwriteable for binaries is a great idea! That decouples the most painful part of the process from the fragility |
Version
1.39.0
was the first attempt of releasing via GH actions. It uncovered a few problems.1st attempt:
mvn deploy was not triggered
2nd attempt:
Deploy to maven central
"failed", however the actual artifact was actually published to maven central correctly. We think that the final "publish" of the release returned a strange response / timed out, but actually went through.prepare release
andDeploy to maven central
stepsThe GH actions release workflow was designed with atomicity of the individual steps in mind, so that in theory a failure could be mitigate by just using the
Rerun failed Jobs
feature. Unfortunately, this does not take the case where a job fails but silently succeeds (e.g. our maven deploy) into account, which is where things went wrong.In addition, the
Rerun failed jobs
does not work correctly if there is a bug in the workflow or a related script. To my knowledge, theRerun failed jobs
would always use the same revision, therefore no fixes to the scripts can be applied.We'll most likely need to split the process up into individual workflows, which ideally are idempotent.
We especially should adjust the lambda-task to not depend on a previous uploaded build artifact, but to use the apm-agent from maven central.
The text was updated successfully, but these errors were encountered: