Run start code freeze on tumblr-metal agent
#1649
Conversation
With "modern" I mean what's used in later iteration of the setup. Compare WordPress iOS, https://github.com/wordpress-mobile/WordPress-iOS/blob/b4de5f928cd784cb85144ca469b27910666d8d30/.buildkite/commands/configure-git-for-release-management.sh , with WooCommerce iOS https://github.com/woocommerce/woocommerce-ios/blob/c2f38422ddb12b891afbab9962869affa7722af2/.buildkite/commands/configure-git-for-release-management.sh
mokagio
added
the
tooling
|
| App Name |  Simplenote Prototype Build |
|
| Build Number | pr1649-16d6b4c-0191bb79-5eb8-491c-8a20-1179af7ebbdd | |
| Version | 4.52 | |
| Bundle ID | com.codality.NotationalFlow.Alpha | |
| Commit | 16d6b4c | |
| App Center Build | Simplenote - Installable Builds #356 |
|
Merging without waiting for the UI tests because this is not an app source PR. |
| # The first client to implement releases in CI was Android so the automation works in that queue. | ||
| # We might want to move it to a leaner one in the future. |
There was a problem hiding this comment.
Can this comment be removed now that it has been moved to a different agent?
There was a problem hiding this comment.
Thanks for noticing this!
| .buildkite/commands/configure-git-for-release-management.sh | ||
|
|
||
| echo '--- :ruby: Set up Ruby Tools' | ||
| install_gems |
There was a problem hiding this comment.
This script could have come in handy in the future, to be honest. But in looking at it I realized a minor issue: it installs the gems before switching branch. This is unlikely to cause issues, but it might in some rare occasions. Given this limitation and the fact that it's used only once at the moment (YAGNI) I decided to remove it and delegate my future self to DRY in a better way if required.
|
|
||
| # Buildkite is currently using the HTTPS URL to checkout. | ||
| # We need to override it to be able to use the deploy key. | ||
| git remote set-url origin [email protected]:Automattic/simplenote-ios.git |
There was a problem hiding this comment.
The previous version is how WordPress does it, https://github.com/wordpress-mobile/WordPress-iOS/blob/b4de5f928cd784cb85144ca469b27910666d8d30/.buildkite/commands/configure-git-for-release-management.sh, this how WooCommerce does it, https://github.com/woocommerce/woocommerce-ios/blob/c2f38422ddb12b891afbab9962869affa7722af2/.buildkite/commands/configure-git-for-release-management.sh
Given Woo is a later iteration, I decided to adopt it.
I also secretly hope it will help with the Git access that prompted this PR when we'll get to run the complete code freeze, but I don't see how.
There was a problem hiding this comment.
I also secretly hope it will help with the Git access that prompted this PR when we'll get to run the complete code freeze, but I don't see how.
As expected, this wasn't enough.
But, one only had to read the error in CI more closely to understand what the problem was:
ERROR: The key you are authenticating with has been marked as read only.
Unsurprisingly, the deploy key in this repo was read-only!
Once replaced with a read-write one, everything worked. :okay:
There was a problem hiding this comment.
@mokagio But wasn't the whole point to keep the deploy key set in GitHub as read-only for security purposes? And use use-bot-for-git.sh on a trusted agent for the push action?
There was a problem hiding this comment.
True; the deploy key of the repo should be used only for cloning the repo in non-release pipelines (therefore being read-only). In release pipelines (which at some point should run on a trusted agent) such as the one calling start_code_freeze, we wouldn't use the repo deploy key at all.
There was a problem hiding this comment.
@iangmaia @AliSoftware start_code_freeze runs on the trusted agent:
simplenote-ios/.buildkite/release-pipelines/start-code-freeze.yml
Lines 12 to 13 in 92fd936
The problem is with complete_code_freeze, which needs to run on macOS because it accesses genstrings.
What it say in the title. Follows up to #1646 (comment)
I will use my admin privileges to merge on
trunkin order to test the process. The code is all an adaptation from other projects that have already used it in production for a while.I'd be thankful for a posthumous review and will address any feedback coming that way, @Automattic/apps-infrastructure . Thanks!