From 79b63e90a703afee0e2c42964c031eb8b7e145bc Mon Sep 17 00:00:00 2001 From: Yeliz Henden Date: Tue, 16 Jun 2026 16:05:49 +0100 Subject: [PATCH 1/2] chore: wire up CI and release workflows for foas module Step 4 (final) of the tools/cli -> tools/foas module split: - Add a tools/foas/** trigger to code-health-foascli.yml so the CLI pipeline also re-runs when the foas library it depends on changes. - Add release-foas-lib.yml: a manual-dispatch workflow that releases the foas library by creating the Go submodule tag tools/foas/vX.Y.Z that external repos consume via `go get`. Tests run before the tag is created, since a published module version is immutable on the Go proxy. actionlint passes on all workflows. --- .github/workflows/code-health-foascli.yml | 4 +- .github/workflows/release-foas-lib.yml | 64 +++++++++++++++++++++++ 2 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/release-foas-lib.yml diff --git a/.github/workflows/code-health-foascli.yml b/.github/workflows/code-health-foascli.yml index 72d128e245..6371bf95ef 100644 --- a/.github/workflows/code-health-foascli.yml +++ b/.github/workflows/code-health-foascli.yml @@ -3,14 +3,16 @@ on: push: branches: - main - paths: + paths: - 'tools/cli/**' + - 'tools/foas/**' - '.github/workflows/code-health-foascli.yml' pull_request: branches: - main paths: - 'tools/cli/**' + - 'tools/foas/**' - '.github/workflows/code-health-foascli.yml' workflow_dispatch: {} workflow_call: {} diff --git a/.github/workflows/release-foas-lib.yml b/.github/workflows/release-foas-lib.yml new file mode 100644 index 0000000000..68df7e1a24 --- /dev/null +++ b/.github/workflows/release-foas-lib.yml @@ -0,0 +1,64 @@ +name: 'Foas Library New Release' +run-name: 'Release foas ${{ inputs.version_number }} (skip tests: ${{ inputs.skip_tests }})' + +# Used for releasing the tools/foas Go library module. The module is consumed as +# source by tools/cli (via go.work/replace), so a "release" is simply a Go +# submodule tag (tools/foas/vX.Y.Z) that external repos can `go get`. +# Tests run before the tag is created: the tag is immutable on the Go module +# proxy once published, so we validate the candidate commit first. +on: + workflow_dispatch: + inputs: + version_number: + description: 'Version number (e.g., v1.0.0, v1.0.0-pre, v1.0.0-pre1)' + required: true + skip_tests: + description: 'Set value to `true` to skip tests, default is `false`' + default: 'false' + +permissions: + contents: write + +jobs: + run-tests: + if: >- + !cancelled() + && inputs.skip_tests == 'false' + secrets: inherit + uses: ./.github/workflows/code-health-foas-lib.yml + + create-tag: + runs-on: ubuntu-latest + needs: [ run-tests ] + # Tag is created only when tests pass (or are explicitly skipped). + if: >- + !cancelled() + && !contains(needs.*.result, 'failure') + steps: + - name: Validation of version format + run: | + echo "${{ inputs.version_number }}" | grep -P '^v\d+\.\d+\.\d+(-pre[A-Za-z0-9-]*)?$' + - name: Checkout + uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 + - name: Get the latest commit SHA + id: get-sha + run: echo "sha=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" + - name: Create Go submodule tag for tools/foas + uses: rickstaa/action-create-tag@a1c7777fcb2fee4f19b0f283ba888afa11678b72 + with: + tag: tools/foas/${{ inputs.version_number }} + commit_sha: ${{ steps.get-sha.outputs.sha }} + gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg_passphrase: ${{ secrets.PASSPHRASE }} + + failure-handler: + name: Failure Handler + needs: [ create-tag ] + if: ${{ always() && contains(needs.*.result, 'failure') }} + uses: ./.github/workflows/failure-handler.yml + with: + env: "prod" + release_name: "Foas Library" + team_id: ${{ vars.JIRA_TEAM_ID_APIX_PLATFORM }} + secrets: + jira_api_token: ${{ secrets.JIRA_API_TOKEN }} From 9f904e67501bfe55dc6b577509031ada9601c42d Mon Sep 17 00:00:00 2001 From: Yeliz Henden Date: Tue, 16 Jun 2026 16:32:27 +0100 Subject: [PATCH 2/2] address the comments --- .github/workflows/code-health-foas-lib.yml | 2 +- .github/workflows/release-foas-lib.yml | 17 +++++++---------- 2 files changed, 8 insertions(+), 11 deletions(-) diff --git a/.github/workflows/code-health-foas-lib.yml b/.github/workflows/code-health-foas-lib.yml index 59dbeb6caf..e97d49ebdf 100644 --- a/.github/workflows/code-health-foas-lib.yml +++ b/.github/workflows/code-health-foas-lib.yml @@ -1,4 +1,4 @@ -name: 'Code Health Foas Library' +name: 'Code Health FOAS Library' on: push: branches: diff --git a/.github/workflows/release-foas-lib.yml b/.github/workflows/release-foas-lib.yml index 68df7e1a24..135973d873 100644 --- a/.github/workflows/release-foas-lib.yml +++ b/.github/workflows/release-foas-lib.yml @@ -1,11 +1,7 @@ -name: 'Foas Library New Release' +name: 'FOAS Library New Release' run-name: 'Release foas ${{ inputs.version_number }} (skip tests: ${{ inputs.skip_tests }})' -# Used for releasing the tools/foas Go library module. The module is consumed as -# source by tools/cli (via go.work/replace), so a "release" is simply a Go -# submodule tag (tools/foas/vX.Y.Z) that external repos can `go get`. -# Tests run before the tag is created: the tag is immutable on the Go module -# proxy once published, so we validate the candidate commit first. +# Used for releasing the tools/foas Go library module. on: workflow_dispatch: inputs: @@ -17,19 +13,20 @@ on: default: 'false' permissions: - contents: write + contents: read jobs: run-tests: if: >- !cancelled() && inputs.skip_tests == 'false' - secrets: inherit uses: ./.github/workflows/code-health-foas-lib.yml create-tag: runs-on: ubuntu-latest needs: [ run-tests ] + permissions: + contents: write # required to push the release tag # Tag is created only when tests pass (or are explicitly skipped). if: >- !cancelled() @@ -53,12 +50,12 @@ jobs: failure-handler: name: Failure Handler - needs: [ create-tag ] + needs: [ run-tests, create-tag ] if: ${{ always() && contains(needs.*.result, 'failure') }} uses: ./.github/workflows/failure-handler.yml with: env: "prod" - release_name: "Foas Library" + release_name: "FOAS Library" team_id: ${{ vars.JIRA_TEAM_ID_APIX_PLATFORM }} secrets: jira_api_token: ${{ secrets.JIRA_API_TOKEN }}