From a4740dba47a3b35f793abb7d7c956f1c9510e197 Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Fri, 13 Mar 2026 10:43:41 -0600 Subject: [PATCH 1/2] chore: add VERSION file with base version tag Add a VERSION file containing the base version tag (e.g. "4.11.x"), following the same pattern as COLLECTOR_VERSION, SCANNER_VERSION, and FACT_VERSION. The start-release workflow automatically updates VERSION on both the release branch (set to A.B.x) and master (set to A.(B+1).x) when creating a new release. This file enables Go build and test cache optimizations (companion PRs). Partially generated by AI. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/start-release.yml | 14 ++++++++++++++ VERSION | 1 + make/env.mk | 2 +- 3 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 VERSION diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml index 4521e3f6bc438..d7e689b9aee2e 100644 --- a/.github/workflows/start-release.yml +++ b/.github/workflows/start-release.yml @@ -157,6 +157,14 @@ jobs: git switch --create "${{needs.variables.outputs.branch}}" git commit --allow-empty --message \ "Empty commit to diverge ${{needs.variables.outputs.release}} from ${{env.main_branch}}" + - name: Verify VERSION file matches release + run: | + expected="${{needs.variables.outputs.release}}.x" + actual="$(cat VERSION 2>/dev/null || echo '')" + if [ "$actual" != "$expected" ]; then + echo "::error::VERSION file contains '$actual', expected '$expected'" + exit 1 + fi - name: Tag release branch with rc.0 ${{needs.variables.outputs.branch}} run: | git tag --annotate --message "Upstream automation" \ @@ -178,6 +186,12 @@ jobs: git pull origin --rebase ${{env.main_branch}} git tag --annotate --message "Upstream automation" \ "${{needs.variables.outputs.next-minor-release}}.x" HEAD + - name: Update VERSION on ${{env.main_branch}} + if: steps.check-existing.outputs.branch-exists == 'false' + run: | + echo "${{needs.variables.outputs.next-minor-release}}.x" > VERSION + git add VERSION + git commit --message "chore: update VERSION to ${{needs.variables.outputs.next-minor-release}}.x" - name: Push changes if: env.DRY_RUN == 'false' env: diff --git a/VERSION b/VERSION new file mode 100644 index 0000000000000..291822296cba0 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +4.11.x diff --git a/make/env.mk b/make/env.mk index b5afbc24bbef7..c67f3fbf89ffe 100644 --- a/make/env.mk +++ b/make/env.mk @@ -60,7 +60,7 @@ TAG := $(BUILD_TAG) endif ifeq ($(TAG),) -TAG=$(shell git describe --tags --abbrev=10 --dirty --long --exclude '*-nightly-*') +TAG=$(shell git describe --tags --abbrev=10 --dirty --long --exclude '*-nightly-*' || cat VERSION || echo "0.0.0") endif # Set expiration on Quay.io for non-release tags. From 1ccb305a2dbd74369c87c1df9eab2c9a100ab9be Mon Sep 17 00:00:00 2001 From: davdhacs <105243888+davdhacs@users.noreply.github.com> Date: Fri, 13 Mar 2026 11:21:29 -0600 Subject: [PATCH 2/2] perf(ci): use shallow clones for build and test jobs Remove fetch-depth: 0 from build, unit-tests, scanner-build, scanner-db-integration-tests, and style workflows. These jobs use make tag which now falls back to the VERSION file when git describe fails on shallow clones. Kept fetch-depth: 0 for misc-checks (needs git diff --check) and all release/periodic workflows (unchanged). Saves ~12s and ~220MB per job on checkout. Partially generated by AI. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../scanner-db-integration-tests.yaml | 2 -- .github/workflows/start-release.yml | 26 ++++++++++++++----- .github/workflows/style.yaml | 5 +--- .github/workflows/unit-tests.yaml | 11 -------- tests/roxctl/bats-tests/helpers.bash | 2 +- 5 files changed, 22 insertions(+), 24 deletions(-) diff --git a/.github/workflows/scanner-db-integration-tests.yaml b/.github/workflows/scanner-db-integration-tests.yaml index 342cefcd9c663..d7614e483ce89 100644 --- a/.github/workflows/scanner-db-integration-tests.yaml +++ b/.github/workflows/scanner-db-integration-tests.yaml @@ -21,8 +21,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - uses: ./.github/actions/job-preamble with: diff --git a/.github/workflows/start-release.yml b/.github/workflows/start-release.yml index d7e689b9aee2e..6e490c93240c5 100644 --- a/.github/workflows/start-release.yml +++ b/.github/workflows/start-release.yml @@ -186,12 +186,6 @@ jobs: git pull origin --rebase ${{env.main_branch}} git tag --annotate --message "Upstream automation" \ "${{needs.variables.outputs.next-minor-release}}.x" HEAD - - name: Update VERSION on ${{env.main_branch}} - if: steps.check-existing.outputs.branch-exists == 'false' - run: | - echo "${{needs.variables.outputs.next-minor-release}}.x" > VERSION - git add VERSION - git commit --message "chore: update VERSION to ${{needs.variables.outputs.next-minor-release}}.x" - name: Push changes if: env.DRY_RUN == 'false' env: @@ -200,6 +194,26 @@ jobs: git switch "${{needs.variables.outputs.branch}}" # This command pushes all new tags, not just the ones on the current branch. Therefore, it will push the tag we put on ${{env.main_branch}}. git push --follow-tags --set-upstream origin "${{needs.variables.outputs.branch}}" + - name: Create PR to update VERSION on ${{env.main_branch}} + if: env.DRY_RUN == 'false' && steps.check-existing.outputs.branch-exists == 'false' + env: + GH_TOKEN: "${{ secrets.RHACS_BOT_GITHUB_TOKEN }}" + run: | + branch="automation/update-version-${{needs.variables.outputs.next-minor-release}}" + git switch ${{env.main_branch}} + git pull origin --rebase ${{env.main_branch}} + git switch --create "$branch" + echo "${{needs.variables.outputs.next-minor-release}}.x" > VERSION + git add VERSION + git commit --message "chore: update VERSION to ${{needs.variables.outputs.next-minor-release}}.x" + git push --set-upstream origin "$branch" + gh pr create \ + --base ${{env.main_branch}} \ + --head "$branch" \ + --title "chore: update VERSION to ${{needs.variables.outputs.next-minor-release}}.x" \ + --body "Automated VERSION update from release ${{needs.variables.outputs.release}}." \ + --reviewer "${{github.actor}}" \ + --label "area/ci" ci: name: Configure OpenShift CI jobs diff --git a/.github/workflows/style.yaml b/.github/workflows/style.yaml index 6a9924b3386aa..4afe9491e6198 100644 --- a/.github/workflows/style.yaml +++ b/.github/workflows/style.yaml @@ -27,7 +27,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble @@ -65,7 +64,7 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 + fetch-depth: 0 # misc-checks needs full history for git diff --check ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble @@ -117,7 +116,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble @@ -302,7 +300,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble diff --git a/.github/workflows/unit-tests.yaml b/.github/workflows/unit-tests.yaml index 770f30321edf1..898593f74de39 100644 --- a/.github/workflows/unit-tests.yaml +++ b/.github/workflows/unit-tests.yaml @@ -33,8 +33,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - uses: ./.github/actions/job-preamble with: @@ -108,8 +106,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - uses: ./.github/actions/job-preamble with: @@ -168,8 +164,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - uses: ./.github/actions/job-preamble with: @@ -294,7 +288,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble @@ -335,7 +328,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble @@ -369,7 +361,6 @@ jobs: - name: Checkout uses: actions/checkout@v6 with: - fetch-depth: 0 ref: ${{ github.event.pull_request.head.sha }} - uses: ./.github/actions/job-preamble @@ -388,8 +379,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v6 - with: - fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v6 diff --git a/tests/roxctl/bats-tests/helpers.bash b/tests/roxctl/bats-tests/helpers.bash index 2f86cbb2aef4b..2e35b5ce06cdf 100644 --- a/tests/roxctl/bats-tests/helpers.bash +++ b/tests/roxctl/bats-tests/helpers.bash @@ -29,7 +29,7 @@ any_version='[0-9]+\.[0-9]+\.' delete-outdated-binaries() { local roxctl_ver="${1}" - current_tag="$(git describe --tags --abbrev=10 --dirty --long --exclude '*-nightly-*')" + current_tag="$(git describe --tags --abbrev=10 --dirty --long --exclude '*-nightly-*' || cat VERSION || echo '0.0.0')" echo "Roxctl version='${roxctl_ver}'" >&3 echo "Current tag ='${current_tag}'" >&3 if [[ "${current_tag}" != "${roxctl_ver}" ]]; then