Add a reusable workflow to update the sub-project to the next release #883
Conversation
Currently updating to the next release is a manual step, this adds a new reuasable workflow that can be used to automate the required steps that include: - update the project version and child modules - update the parent version - run a build and look for required version bumps
|
@laeubi : in case you need to change/merge something in JDT, just ping me. |
|
Go for it . Next week we start using it and do changes if further needed. |
If you like we can use it for jdt as well, I'll prepare a PR for platform with instructions how to apply / test, its quite straight forward, just a bit of clumsy to test for a single person... |
It is not me, it is SDK build that would like to see all bits updated, including JDT. |
Does it apply blindly on all modules? Bumping all versions is typically undesired; we only want to bump version for modules that have payload change. |
|
I'm not sure I understand what this PR is supposed to do, but if that unconditionally bumps service segment for all bundles at release start, why shouldn't we do that? Sure, if bundle has no changes its version will increase every release for no reason. But what is real drawback of that? But on the other side, all this constant trouble with first PR's merge where the checks fail because the bundle version was not changed - is it really needed? Only PRs with API changes would need a manual update, and most "usual" contributions would require less work. |
The drawbacks is that we produce more artifacts, so:
This trouble should be investigated. Bumping the version of the parent should usually not require a version change. Only a few bundles for which a parent version bump affects the payload should be bumped and it's even sure they would actually need that bump. So IMO, this is attacking the problem from the wrong angle. Instead of fixing "why do we have to bump versions", it does "bump all versions". This is IMO reducing the quality of the project releng. |
|
FWIW, from releng POV I have been bumping versions without investigating why the comparator complains already as I never had the time to look into why so it remains to be seen whether there will be more bumps than usual. IMHO I would sacrifice a number of downloads for the sake of less manual work. |
The proposal here is basically to get rid of reproducible versions qualifiers and reproducible builds; and thus to produce more and more artifacts. In the light of upcoming EU Cybersecurity Resilience Act, I believe it becomes important to produce less and less artifacts to save numerous audits. |
Out of curiosity : who is supposed to do the audits? |
that I believe is far from being settled, as the CRA itself is far from being settled.
If version is changed and we stop caring about reproducible artifacts, then some content of the jars are different (at least the MANIFEST), so one would need to check those contents. If jar is the same as the current process allows, there is no need to drill down. |
|
From @laeubi 's example laeubi/eclipse.platform#4 this is not what happens - only two bundles and exactly these that we have been bumping every time as comparator complained about them have been prepared so my understanding is that it's not blindly bumping every version. |
OK, if it is so, then it's the best of both world. I just got a bit worried as the script seems to use the "good old" version bump mojos, but maybe I just failed at noticing an important detail. @laeubi do you confirm only the bundles for which there is a comparator error are changed? |
The second part is mostly done because @akurtakov mentioned that in the past sometimes there where some versionbumps required, I have not yet found such a case, maybe because now Tycho has enhanced comparator support or the new baseline is not available, I think that's something we will only see when the new stream starts and then do some analysis and probably improve the workflow or the tools or the process. In the end the main idea is, that opening a new stream should actually involve much less manual work and its more "dependabot-style", that scripts prepare all the boring parts and we hopefully press just the merge button most of the time and can then concentrate on the remaining few percent where an actual user intervention is required. |
This means project version for the root pom; and not recursively applied to all children (at this moment)? |
It is working according to these rules: because of this, the example run here: also updates two bundles that have the same version as the parent (what seems desired here) |
|
OK, great. Thanks! |
I just tried this with JDT and found a small bug in the version updater (see eclipse-tycho/tycho#2155 ) once this is fixed, I'll create a PR for JDT-CORE. |
|
Wouldn't it be more precise to trigger the Workflow when a Release-tag ist created instead of when a milestone ist created? |
|
Tags can be created at any time also ... but the do not carry any semantics that are required here , also we need to open the stream for the NEXT release if we perform this AFTER the release it is a bit late ;-) |
OK it might be a bit late yes. But what kind of semantic are you referring to exactly? Isn't it all what's need the version of the current release and the information that it is a release? So what about doing this when the release/maintenance branch is created? I think that is exactly the point in time when we want to open the master again. From the branch name the release-number can be derived (just like from the milestone). On the other hand, how are the maintenance branches created? |
First we need the NEXT release not the current one, then we need to know that it is a release (and not an ordinary tag) and I'm also using the release date to derive the release name (e.g. 2023-06). So Milestones have different advantages:
This would better be done on Milestone CLOSE I think, but actually it would be better to get rid of "maintaince" at all and always use simple branches, for the overlapping release case it should be more like this:
That way the master is only "closed" for a few hours, not much manual intervention required and if there is any bugfix it can simply be backported / cherry picked to the R_4.27 branch with usual PRs and validation checks. |
Currently updating to the next release is a manual step, this adds a new reusable workflow that can be used to automate the required steps that include:
FYI @akurtakov @SDawley @sravanlakkimsetti this is the reusable part for the subrepos, if a repository use the workflow and a new milestone is created it looks for example like this:
If there are no concerns, I'll merge this and enable this for e.g. platform, platform.ui, p2 and equinox so we have some prototypes, if that works out well one might want to roll-out this to even more repositories. Or if we want we can even roll this out right now to all repositories, but then I probably would need some help with apply / testing as the Milestones are about to be created not later than March 2.