CmampTask7965_Fix_the_triggering_of_the_release_Docker_images_workflow

.github/workflows/common_dev_image_build.yml

@@ -15,7 +15,7 @@ permissions:
   # This is required for actions/checkout.
   contents: write
   # This is required for pulling the Docker image from GHCR.
-  packages: read
+  packages: write
   # This is required for GitHub App to create issues and PRs.
   pull-requests: write
   issues: write
@@ -28,6 +28,14 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Generate GitHub App token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
+
       # Pass AWS credentials via GH secrets. This is needed to pull the Docker
       # image and in case the workflow needs to access AWS resources.
       - name: Configure AWS credentials
@@ -46,7 +54,7 @@ jobs:
       # This is needed to pull the Docker image.
       - name: Login to GHCR
         run: |
-          echo "${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}" \
+          echo "${{ secrets.GITHUB_TOKEN }}" \
             | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
       # Make everything accessible by any user to avoid permission errors.
@@ -66,7 +74,7 @@ jobs:
           # make it a default behavior? For certain tests to pass, we need entire
           # commit history of the repo including sub-modules.
           fetch-depth: 0
-          token: ${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       # To access modules in `amp` and `helpers_root`, make sure PYTHONPATH includes
       # them, just as it's set in `setenv.sh`.
@@ -99,16 +107,19 @@ jobs:
       # Setup GitHub CLI authentication for creating issues and PRs.
       - name: Setup GitHub CLI
         run: |
-          echo "${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}" \
+          echo "${{ secrets.GITHUB_TOKEN }}" \
             | gh auth login --with-token
 
       # Run the dev image build and test workflow.
       - name: Run 'docker_build_test_dev_image' workflow
+        uses: lhotari/action-upterm@v1
         env:
           CSFY_AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
           CSFY_AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
           CSFY_AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
           CSFY_AWS_DEFAULT_REGION: ${{ env.AWS_DEFAULT_REGION }}
           CSFY_AWS_S3_BUCKET: ${{ vars.CSFY_AWS_S3_BUCKET }}
-          GH_ACTION_ACCESS_TOKEN: ${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
-        run: invoke docker_build_test_dev_image
+          GH_ACTION_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # TODO(Vlad): Reviewer for testing puprose, remove before merge.
+        # run: invoke docker_build_test_dev_image --reviewers=dremdem

.github/workflows/common_dev_image_release.yml

@@ -1,12 +1,14 @@
 name: Common Dev Image Release
 on:
-    workflow_call:
-        inputs:
-          container-dir-name:
-            description: 'Container directory name - directory where Dockerfile and changelog.txt are located.'
-            required: false
-            type: string
-            default: '.'
+  workflow_call:
+    inputs:
+      container-dir-name:
+        # Repo root or runnable dir to release the image from (must have devops/ and changelog.txt).
+        # Examples: '.' (repo root, default) or 'subdir_name' (runnable dir)
+        description: 'Container directory name - directory where Dockerfile and changelog.txt are located.'
+        required: false
+        type: string
+        default: '.'
 env:
   CSFY_CI: true
   # CSFY_ECR_BASE_PATH: ${{ vars.CSFY_ECR_BASE_PATH }}
@@ -45,7 +47,7 @@ jobs:
       # This is needed to pull the Docker image.
       - name: Login to GHCR
         run: |
-          echo "${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}" \
+          echo "${{ secrets.GITHUB_TOKEN }}" \
             | docker login ghcr.io -u ${{ github.actor }} --password-stdin
 
       # Make everything accessible by any user to avoid permission errors.
@@ -62,7 +64,7 @@ jobs:
           # make it a default behavior? For certain tests to pass, we need entire
           # commit history of the repo including sub-modules.
           fetch-depth: 0
-          token: ${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.GITHUB_TOKEN }}
 
       # To access modules in `amp` and `helpers_root`, make sure PYTHONPATH includes
       # them, just as it's set in `setenv.sh`.
@@ -89,8 +91,8 @@ jobs:
           CSFY_AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
           CSFY_AWS_DEFAULT_REGION: ${{ env.AWS_DEFAULT_REGION }}
           CSFY_AWS_S3_BUCKET: ${{ vars.CSFY_AWS_S3_BUCKET }}
-          GH_ACTION_ACCESS_TOKEN: ${{ secrets.GH_ACTION_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
-        run: invoke docker_tag_push_dev_image
+          GH_ACTION_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: invoke docker_tag_push_dev_image --container-dir-name="${{ inputs.container-dir-name }}"
 
       # Generate release message.
       - name: Generate release message

.github/workflows/dev_image_release.yml

@@ -1,5 +1,10 @@
 name: Dev image release
 on:
+  # Trigger on a merged PR, with restrictions applied at the job level.
+  pull_request:
+    types: [closed]
+    branches:
+      - master  
   # Run manually.
   workflow_dispatch:
 # Set up permissions for OIDC authentication.
@@ -14,12 +19,10 @@ concurrency:
 jobs:
   dev_image_release:
     if: >
-        ${{
-        (github.event_name == 'pull_request'
-        && github.event.pull_request.merged == true
-        && contains(github.event.pull_request.labels.*.name, 'Automated release')) ||
-        github.event_name == 'workflow_dispatch'
-        }}
+      (
+        github.event.pull_request.merged == true 
+        && contains(github.event.pull_request.labels.*.name, 'Automated release')
+      ) || github.event_name == 'workflow_dispatch'
     uses: ./.github/workflows/common_dev_image_release.yml
     with:
       container-dir-name: .

helpers/lib_tasks_docker_release.py

@@ -1700,7 +1700,9 @@ def docker_build_test_dev_image(  # type: ignore
     _LOG.info("Step 3: Creating branch with date-based name")
     issue_prefix = hrecouti.get_repo_config().get_issue_prefix()
     # Get current date in YYYYMMDD format.
-    today = datetime.date.today().strftime("%Y%m%d")
+    # TODO(Vlad): For testing, need revert back before merging.
+    today = datetime.datetime.now().strftime("%Y%m%d_%H%M%S")
+    # today = datetime.date.today().strftime("%Y%m%d")
     branch_name = f"{issue_prefix}_Periodic_image_release_{today}"
     _LOG.info("Branch name: %s", branch_name)
     cmd = f"git checkout -b {branch_name}"
@@ -1723,9 +1725,10 @@ def docker_build_test_dev_image(  # type: ignore
         stage,
         dev_version,
         skip_tests=False,
-        fast_tests=True,
-        slow_tests=True,
-        superslow_tests=True,
+        # TODO(Vlad): Just for testing purposes, need to set to True before merging.
+        fast_tests=False,
+        slow_tests=False,
+        superslow_tests=False,
         qa_tests=False,
     )
     # 6) Add changelog entry.

repo_config.yaml

@@ -16,7 +16,7 @@ docker_info:
   # Base name of the docker image, e.g., `helpers`.
   docker_image_name: helpers
   use_sibling_container_in_unit_tests: True
-  release_team: dev_system
+  release_team: dev_releasers
 
 s3_bucket_info:
   unit_test_bucket_name: s3://cryptokaizen-unit-test