New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check changed files before running gradle check #13498
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I insist we are very careful with allowing the bypass of the gradle check.
If there are changes that are blocked because of the missing gradle check results, lets revert the initial update so we have more time to iterate on this change
- [Edit] I've created a PR to revert Revert "Skip running gradle checks on release notes" #13499
with: | ||
files_ignore: | | ||
release-notes/** | ||
.github/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We cannot skip files under .github
, if you wanted to modify this to specific files - code owners, this is OK with me.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are files under .github related to gradle check in anyway?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They never are, these are github workflows. And the workflow itself runs on pull request target, so it doesn't impact what's used on the PR itself with the changes to it.
.github/workflows/gradle-check.yml
Outdated
uses: tj-actions/changed-files@v44 | ||
with: | ||
files_ignore: | | ||
release-notes/** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't trust the **
annotation, lets be very selective
release-notes/** | |
release-notes/*.md |
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
uses: tj-actions/changed-files@v44 | ||
with: | ||
files_ignore: | | ||
release-notes/*.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add a comment after each file/entry that justifies why it should be ignored?
If the answer is we want to go fast, why not just have an admin merge bypassing checks?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe saving time and resources is a generic reason even enough for this change? Running a job for 1+ hour and the backport (1+ hour) which adds no value to the run but can be a blocker due to flaky tests. Bypassing is always an option but usually not an opted one.
Also I am not sure if adding a comment would work or not (needs more testing) as I see one more input files_ignore_separator
in the action used https://github.com/tj-actions/changed-files?tab=readme-ov-file#inputs-%EF%B8%8F
❌ Gradle check result for 6179f01: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
❌ Gradle check result for 574d718: FAILURE Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change? |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #13498 +/- ##
============================================
+ Coverage 71.42% 71.49% +0.07%
- Complexity 59978 61012 +1034
============================================
Files 4985 5050 +65
Lines 282275 286806 +4531
Branches 40946 41552 +606
============================================
+ Hits 201603 205046 +3443
- Misses 63999 64848 +849
- Partials 16673 16912 +239 ☔ View full report in Codecov by Sentry. |
I won't block merging but I've got limited availability for follow up. Please iterate to green on the description check and document the CI failures
@kotwanikunal @reta Can you please review this change? Let me know if I need to add more maintainers. |
RELEASING.md | ||
SECURITY.md | ||
TESTING.md | ||
TRIAGING.md |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the reason not to include all *.md at root?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the conversation here #13498 (comment)
- name: Setup environment variables (PR) | ||
if: github.event_name == 'pull_request_target' | ||
if: github.event_name == 'pull_request_target' && steps.changed-files-specific.outputs.any_changed == 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we split out the gradle check decision, setup and workflow into two separate jobs, and make the second job dependent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #13498 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 to @dblock 's suggestion, the same condition is propagated to (mostly) every step
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So I did try that but does not work as expected. See comment posted above. Let me know if you can think of better way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think I understand why the gradle check job is different from other jobs. It should be skippable, shouldn't it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue is this repository has added gradle-check
as a required workflow check before merging any PR. GitHub is unable to resolve the conflict if the workflow is skipped due to any condition. It HAS to be passed. Not failed, not skipped :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gaiksaya I think there might be another approach as described here: https://stackoverflow.com/questions/65844033/conditional-needs-in-github-actions
We'd need to something like:
jobs:
changed-files-specific:
steps:
- set the any_changed boolean
gradle-check:
runs-on: ubuntu-latest
needs: changed-files-specific
if: ${{ needs.changed-files-specific.outputs.any_changed == 'true' }}
steps:
- run the gradle check steps
check-result:
needs: gradle-check
if: always()
steps:
- name: fail if conditional job failed
if: ${{ needs.changed-files-specific.outputs.any_changed == 'true' && needs.gradle-check.result == 'failure' }}
run: exit 1
And then the branch protection rule would be on check-result
which will always run but is smart enough to ignore gradle-check if no relevant files changed. Would this work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for delayed response. Missed this. Not really, it has to pass if it is required. Cannot skip or fail. So I believe only approach I think is follow what you just posted and add one more step which will print something like "Skipping check" and show it as pass. Let me know if everyone are okay with this approach
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@gaiksaya In my suggestion I think the check-result
step will always run, and it is the thing that will be marked as required. Why would you need another step?
run: | | ||
set -e | ||
set -o pipefail | ||
bash opensearch-build/scripts/gradle/gradle-check.sh ${{ secrets.JENKINS_GRADLE_CHECK_GENERIC_WEBHOOK_TOKEN }} | tee -a gradle-check.log | ||
|
||
- name: Setup Result Status | ||
if: always() | ||
if: always() && steps.changed-files-specific.outputs.any_changed == 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think always()
does not apply anymore:
if: always() && steps.changed-files-specific.outputs.any_changed == 'true' | |
if: steps.changed-files-specific.outputs.any_changed == 'true' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If always()
is removed, the step would be skipped if previous check failed as default is success()
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But this is and
condition, right? Since always()
is always true
, only steps.changed-files-specific.outputs.any_changed == 'true'
counts
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
failure() && steps.changed-files-specific.outputs.any_changed == 'true'
will be evaluated to false if previous step fails right? In that case we need always() for first condition to be set to true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might be right, thanks @gaiksaya , it seems like semantics of always()
is more than just true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like @gaiksaya did a ton of iterating on this one and all our suggestions have already been tried :) I am ok with this change as is. One of the concerns I do have is that a gradle check will visibly pass even if it did nothing.
Will leave for more comments for now.
@gaiksaya @dblock have some thoughts regarding the problem over the weekend, I think the idea is sound but the way we approach it probably not. Primarily, because for some reason, we only focus on Gradle check but the same "skip me" rules apply to other workflows like What if we combine changeset detection + Gradle build instead, and just skip most of the tasks if there are no relevant changes? |
Maybe. I am confused why we needed to do anything special about gradle check in terms of requiring it to pass. Isn't that what any check does by default? |
I mean - we don't need to run the whole test suite if only CHANGELOG.md changes, right? |
I believe main reason would be other workflows are not as flaky and not so time consuming. Gradle check is a whole different story. What you are suggesting does not need a common workflow. Just adding Also, I believe you mean gradle tasks here? |
Thanks @gaiksaya
I think the ignore list is per repository, right? The only thing we may need to figure out - what has changed (changeset)
Correct, more like |
It's per workflow. Example: https://github.com/opensearch-project/OpenSearch/pull/13477/files# and path.ignore
Can this be a part of gradle check breakdown issue? |
This is how we implemented it, correct, but it does not need to be
May be, I just wanted to run the idea over you folks, I haven't prototyped it |
We have no better working option at the moment (and @gaiksaya did really good job here figuring out GA internals) but do we need to rush the merge? The workflow becomes difficult to follow and change, this is the concern I have (and that is the motivation to look for other options). |
Description
The repository requires the gradle check job status to pass before merging any PR. With
path-ignore
filter, this status check was skipped. However, GitHub does not resolve this conflict or allows to specify the requirement to be optional. See #13494 still waiting for gradle-check status to be set.There are multiple discussions on GH community forums https://github.com/orgs/community/discussions/44490 and all of them requires work around as of now. This change adds one more step to gradle-check job to detect the files changed and accordingly decide whether to run the consecutive steps or not. See examples below:
I set my fork requirements to mimic gradle check status as required and this satisfies both conditions
Related Issues
Resolves #[Issue number to be closed when this PR is merged]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.