Autobuild: Clean up workflow description #2470
Conversation
ann0see
left a comment
There was a problem hiding this comment.
Are you really sure about removing this many comments? Of course the "can also be warn,…" can be removed but the links to the documentation or blog posts should remain. Some comments might be trivial (Checkout code,…)
23cd481 to
1608122
Compare
ann0see
left a comment
There was a problem hiding this comment.
I think I'm probably commenting a lot about the structure? But please see below:
.github/workflows/autobuild.yml
Outdated
| NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} | ||
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | ||
|
|
||
| - name: "Post-Build for ${{ matrix.config.config_name }}" |
There was a problem hiding this comment.
Should probably be named something like
Move files... But that's not part of this PR though.
There was a problem hiding this comment.
Yes, that could indeed be improved to match what's actually done in the step (in another PR).
.github/workflows/autobuild.yml
Outdated
| - name: "Notarize macOS Release Build" | ||
| if: >- | ||
| steps.step_cmd3_postbuild.outputs.artifact_1 != '' && | ||
| steps.step_macos_build.outputs.macos_signed == 'true' && | ||
| contains(needs.create_release.outputs.publish_to_release, 'true') | ||
| id: notarize-macOS-app | ||
| uses: devbotsxyz/xcode-notarize@d7219e1c390b47db8bab0f6b4fc1e3b7943e4b3b |
There was a problem hiding this comment.
Why is this done after the upload artifact call? Couldn't there also be signed non-release artifacts?
There was a problem hiding this comment.
Hm, currently it only runs on release builds. It could probably also be run earlier. Not sure if there are any reasons for not signing dev builds, but as this runs on @emlynmac's fork and not on ours anyway, I'm not sure how deeply we should care...? :)
Maybe open a separate issue for that?
There was a problem hiding this comment.
@emlynmac could you please comment why this is here and not before any upload has started?
There was a problem hiding this comment.
This step is to notarize the build, which has to happen after the build is done and the artifacts created.
The signing of the macOS build is a two-step process; build with certs then notarize the full thing with Apple.
There was a problem hiding this comment.
Is this basically a step which transfers something (hashes?) to apple?
There was a problem hiding this comment.
There's a bunch of information about how notarization works here: https://developer.apple.com/documentation/security/notarizing_macos_software_before_distribution
There was a problem hiding this comment.
@hoffie sorry for the small modification request: Could you please add a comment here that this needs to be done after the build is created?
As far as I understand, in theory it could also be put above (but below the build, since it needs the artifact to be somehow sent to Apple)
There was a problem hiding this comment.
Not sure I understand.
Do you mean that the binaries can only be signed once they're built? That would be rather obvious to me (similar for other instances: We don't explicitly highlight that the build dependencies have to be prepared before the build can start).
Or do you mean that the binaries can only be signed once the artifact has been uploaded to the job? I don't think this is the case (or if it is, I don't understand why). The Notarize step references product-path: deploy/${{ steps.step_cmd3_postbuild.outputs.artifact_1 }}. This looks like a filesystem path to me and not like a job artifact path. So I guess the order could be turned around. Adding a comment which states the contrary would seem strange then :)
Maybe you could send a follow-up PR with a suggested wording?
(In general, I think a PR which touches specific code should leave the code in better state than it was before. However, we should be cautious to avoid trying to push to much additional things which could or should be improved into PRs. PRs are getting large and take lots of iterations until they can get merged...)
There was a problem hiding this comment.
Yes sure. @emlynmac should open a PR then since he knows what to do. I think we can move it around - at least from my readings.
.github/workflows/autobuild.yml
Outdated
| NOTARIZATION_PASSWORD: ${{ secrets.NOTARIZATION_PASSWORD }} | ||
| KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }} | ||
|
|
||
| - name: "Post-Build for ${{ matrix.config.config_name }}" |
There was a problem hiding this comment.
Yes, that could indeed be improved to match what's actually done in the step (in another PR).
1608122 to
5b09e0a
Compare
.github/workflows/autobuild.yml
Outdated
| outputs: | ||
| # Check if we are doing a release or just a normal build. | ||
| # This must be done before actually building the app to find out where to upload the binaries and if we need to create a Github release. | ||
| name: Create Github release if this is a release build |
There was a problem hiding this comment.
Looking at the workflow, I think the new name is slightly misleading. This step happens first, before the builds, so it isn't actually creating the Github release, just setting up variables to tell later steps to generate one. So "Prepare" or "Setup" is better, but happy for the rest of the name to be made clearer.
@softins By new name you are referring to the line which this comment is attached to, right?
This job does indeed create the Github release (although without the artifacts, of course). The step some lines below is also named like that.
Example: https://github.com/jamulussoftware/jamulus/runs/5265414702?check_suite_focus=true#step:5:1
Maybe this would be better:
| name: Create Github release if this is a release build | |
| name: Create empty Github release if this is a release build |
There was a problem hiding this comment.
Addition: I just realized that the changelog is generated by anaylze_git_references.py. Generating a file in an "analyze_" script certainly violates the principle of least surprise...
As this is both related to this PR and #2471, I think I'll open a separate Issue to track this and work on it when both PRs are merged. I've adjust the name of the analyse_git_reference.py step for now.
There was a problem hiding this comment.
Looking at the workflow, I think the new name is slightly misleading. This step happens first, before the builds, so it isn't actually creating the Github release, just setting up variables to tell later steps to generate one. So "Prepare" or "Setup" is better, but happy for the rest of the name to be made clearer.
@softins By new name you are referring to the line which this comment is attached to, right?
This job does indeed create the Github release (although without the artifacts, of course). The step some lines below is also named like that.
Example: https://github.com/jamulussoftware/jamulus/runs/5265414702?check_suite_focus=true#step:5:1
Ah, ok, I misunderstood. I thought it was just preparing variables for later use. So it's actually creating a release container that will later receive the assets.
My only other comment there would be that the name is getting rather long, and becoming more like a comment or description. Can it be made more concise but still accurate?
There was a problem hiding this comment.
In fact, another comment. I've just looked at a run and specifically at the Prepare Auto-Build/Release job. It looks like it does more than creating an empty Github release, but also does required steps for non-releases, but skipping the Remove Release and Create Release steps. So I think the chosen job name needs to reflect that. Or am I completely misunderstanding? (still learning about workflows, I admit!)
There was a problem hiding this comment.
My only other comment there would be that the name is getting rather long, and becoming more like a comment or description. Can it be made more concise but still accurate?
Hrm, you are right. I struggle to find good wording though. Maybe we should drop the imperative for job-level names.
I've just adjusted it like that:
| name: Create Github release if this is a release build | |
| name: Build vars & Github release (if required) |
1925fa0 to
f62af89
Compare
|
BTW: See the nightly: https://github.com/jamulussoftware/jamulus/runs/5487103016?check_suite_focus=true The Create Release step doesn't even output RELEASE_TITLE |
f62af89 to
149e24a
Compare
149e24a to
a9421f2
Compare
|
I think I‘m happy now. It has probably blown up a bit |
|
Currently still cleaning up the git history. As @softins had some comments as well I'll wait with merging until tomorrow (or explicit feedback). |
68bfdb2 to
0f970a2
Compare
softins
left a comment
There was a problem hiding this comment.
Looking good. I left a couple of comments regarding step naming, but they are only suggestions, not deal-breakers :)
Approving anyway.
0f970a2 to
6d369d4
Compare
${{ ... }} is optional for if: entries. Therefore drop it in order to
reduce clutter.
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idif
Co-authored-by: ann0see <20726856+ann0see@users.noreply.github.com>
Although the build step is only referenced later by Mac-specific steps it should not be called "step_mac_build" as that suggests that this step was Mac-only. It isn't, it's the generic step used by all platforms. Therefore, rename accordingly.
6d369d4 to
d31bda0
Compare
|
Ok. Ready to merge after Android build is finished. |
|
@hoffie please merge (squash merge?) this if it's finished. |
Although the PR contains more than a few commits, I'd like to keep it separate to keep the information what was changed for what reasons. I've already squashed all the same-type adjustments (wording improvements are a single commit, for example). |
This is a small, split-out part of the announced autobuild refactoring.
Short description of changes
${{ ... }}is optional for if: entries. Therefore drop it in order to reduce clutter.CHANGELOG: Autobuild: Refactor for better readability
Context: Fixes an issue?
Improve readability/maintenance.
Does this change need documentation? What needs to be documented and how?
No.
Status of this Pull Request
Ready when CI is green.
What is missing until this pull request can be merged?
Ready when CI is green.
Note: I suggest reading individual commit diffs if unsure.
git show -wand Github's whitespace-ignoring diff may also help during review.Checklist