[ci] Workflow input to release a specific version#3114
Merged
Conversation
Signed-off-by: Viet Nguyen Duc <nguyenducviet4496@gmail.com>
Contributor
Review Summary by QodoAdd workflow input for specific Selenium version deployment
WalkthroughsDescription• Add workflow input to deploy specific Selenium version • Refactor release fetching logic to support version selection • Update default grid version from 4.37.0 to 4.41.0 • Add Chrome, Firefox, and Edge browser nodes versions 145-146 Diagramflowchart LR
WF["Workflow Dispatch"] -->|version input| ACTION["get-latest-upstream action"]
ACTION -->|check REQUESTED_VERSION| LOGIC["Version Selection Logic"]
LOGIC -->|specific version| FETCH1["Fetch Requested Release"]
LOGIC -->|stable flag| FETCH2["Fetch Latest Stable"]
LOGIC -->|nightly flag| FETCH3["Fetch Latest Nightly"]
FETCH1 --> RELEASE["Release Tag"]
FETCH2 --> RELEASE
FETCH3 --> RELEASE
RELEASE --> DEPLOY["Deploy with Selected Version"]
File Changes1. .github/actions/get-latest-upstream/action.yml
|
Contributor
Code Review by Qodo
|
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
Comment on lines
+42
to
+50
| elif [ "${{ inputs.release }}" = "true" ]; then | ||
| echo "Getting the latest stable release." | ||
| RELEASE=$(curl -s -H "$AUTH_HEADER" https://api.github.com/repos/${AUTHORS}/selenium/releases | jq -r '[.[]? | select(.prerelease == false)] | .[0].tag_name') | ||
| RELEASE=$(echo "${RELEASES}" | jq -r '[.[]? | select(.prerelease == false)] | .[0].tag_name') | ||
| else | ||
| echo "Getting the latest Nightly release." | ||
| RELEASE=$(curl -s -H "$AUTH_HEADER" https://api.github.com/repos/${AUTHORS}/selenium/releases | jq -r '[.[]? | select(.prerelease == true)] | .[0].tag_name' || echo "") | ||
| RELEASE=$(echo "${RELEASES}" | jq -r '[.[]? | select(.prerelease == true)] | .[0].tag_name' || echo "") | ||
| if [ -z "${RELEASE}" ] || [ "${RELEASE}" = "null" ]; then | ||
| echo "Nightly release not found, getting the latest stable release." | ||
| RELEASE=$(curl -s -H "$AUTH_HEADER" https://api.github.com/repos/${AUTHORS}/selenium/releases | jq -r '[.[]? | select(.prerelease == false)] | .[0].tag_name') | ||
| RELEASE=$(echo "${RELEASES}" | jq -r '[.[]? | select(.prerelease == false)] | .[0].tag_name') |
Contributor
There was a problem hiding this comment.
1. Floating release selection via api 📘 Rule violation ⛨ Security
The CI action selects RELEASE by querying GitHub releases and taking the first stable/nightly entry, which is a floating (non-pinned) upstream version and makes builds non-reproducible. This violates the requirement to pin external dependency versions in CI scripts.
Agent Prompt
## Issue description
The action derives `RELEASE` from the upstream GitHub API and selects the latest stable/nightly tag, which is a floating version and makes CI runs non-reproducible.
## Issue Context
Compliance requires CI dependency versions to be explicitly pinned rather than implicitly selecting "latest".
## Fix Focus Areas
- .github/actions/get-latest-upstream/action.yml[42-50]
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Comment on lines
+34
to
+41
| RELEASES=$(curl -s -H "$AUTH_HEADER" https://api.github.com/repos/${AUTHORS}/selenium/releases) | ||
| if [ -n "${REQUESTED_VERSION}" ]; then | ||
| echo "Getting the requested Selenium release: ${REQUESTED_VERSION}" | ||
| RELEASE=$(echo "${RELEASES}" | jq -r --arg requested "${REQUESTED_VERSION}" '[.[]? | select(.tag_name == $requested or .tag_name == ("selenium-" + $requested) or ([.assets[]?.name] | index("selenium-server-" + $requested + ".jar")))] | .[0].tag_name') | ||
| if [ -z "${RELEASE}" ] || [ "${RELEASE}" = "null" ]; then | ||
| echo "Requested Selenium release not found: ${REQUESTED_VERSION}" | ||
| exit 1 | ||
| fi |
Contributor
There was a problem hiding this comment.
2. Requested version lookup incomplete 🐞 Bug ☼ Reliability
get-latest-upstream derives the requested release only from the single JSON payload stored in RELEASES, so any requested version/tag not present in that payload will hard-fail even if it exists upstream. This breaks the new “release a specific version” workflow path by making version selection dependent on what the first fetch happened to include.
Agent Prompt
### Issue description
When `inputs.version` is provided, the composite action only searches within a single `RELEASES=$(curl ... /releases)` response. If the requested release isn’t present in that response, the workflow exits even though the release may exist upstream.
### Issue Context
The action already uses `/releases/tags/${RELEASE}` later to fetch assets, but it doesn’t leverage that endpoint to resolve the requested release tag/version.
### Fix Focus Areas
- .github/actions/get-latest-upstream/action.yml[30-53]
### Implementation notes
- Prefer a direct lookup when a specific version is requested:
- Try `/releases/tags/$REQUESTED_VERSION` first.
- If that fails and the input looks like a plain version (e.g. `4.42.1`), try `/releases/tags/selenium-$REQUESTED_VERSION`.
- Only fall back to listing releases (and if you do, loop through pages / handle multiple fetches) if direct tag lookup fails.
- Ensure failures distinguish “not found” vs “API error/rate limit” (e.g., check curl exit code / HTTP status).
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Comment on lines
86
to
90
| uses: ./.github/actions/get-latest-upstream | ||
| with: | ||
| release: ${{ github.event.inputs.stable || true }} | ||
| version: ${{ github.event.inputs.version || '' }} | ||
| gh_cli_token: ${{ secrets.GITHUB_TOKEN }} |
Contributor
There was a problem hiding this comment.
3. Build-test ignores requested version 🐞 Bug ≡ Correctness
deploy.yml introduces a version input and uses it only in the deploy job, but the gating build-test reusable workflow is still invoked without version, so its Docker/Helm tests build against the latest stable/nightly base instead of the requested one. Since the Makefile uses BASE_VERSION/BASE_RELEASE to build images, this can validate one upstream Selenium base and then publish images for a different base.
Agent Prompt
### Issue description
The deploy workflow supports `github.event.inputs.version`, but the gating `build-test` job (and its downstream docker/helm test workflows) doesn’t receive this value. As a result, tests can run against a different Selenium base version than the one being released.
### Issue Context
- `deploy.yml` passes `version` only in the `deploy` job.
- `build-test.yml` only accepts/forwards `release`.
- `docker-test.yml` and `helm-chart-test.yml` call `get-latest-upstream` without `version`.
- The Makefile uses `BASE_VERSION`/`BASE_RELEASE` for base image build args, so this mismatch is meaningful.
### Fix Focus Areas
- .github/workflows/deploy.yml[44-52]
- .github/workflows/build-test.yml[10-20]
- .github/workflows/build-test.yml[72-88]
- .github/workflows/docker-test.yml[220-226]
- .github/workflows/helm-chart-test.yml[179-185]
### Implementation notes
- Add a `version` input to `.github/workflows/build-test.yml` (`workflow_call.inputs`).
- Pass `version: ${{ github.event.inputs.version || '' }}` from `deploy.yml` into the `build-test` job’s `with:`.
- Add a `version` input to the reusable workflows `.github/workflows/docker-test.yml` and `.github/workflows/helm-chart-test.yml` (their `workflow_call.inputs`).
- Forward that `version` into the `get-latest-upstream` step in those workflows (`with: version: ${{ inputs.version || '' }}`).
- Keep the default empty so existing callers remain unaffected.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Thanks for contributing to the Docker-Selenium project!
A PR well described will help maintainers to quickly review and merge it
Before submitting your PR, please check our contributing guidelines, applied for this repository.
Avoid large PRs, help reviewers by making them as simple and short as possible.
Description
Motivation and Context
Types of changes
Checklist