Added reporting an attestation to the relase pointing back to the nev…

…er-alone-trail #2298 (#312) * Took out docker part of build to speed up * Started on adding a never-alone-trail attestation to the cli-release * Added setup of kosli cli before report of never-alone-trail * fixed extra argument to kosli attest * Fixed trailing white space * Added git repo of depth 1 * Updated to a new release number * Moved attestation of never-alone-trail into bash script * Added begin trail for the test parent flow * Added -p and -q options when calling create_never_alone_trail * Some cleanup
kosli-dev · Sep 6, 2024 · 912afdc · 912afdc
1 parent b5bdcca
commit 912afdc
Show file tree

Hide file tree

Showing 4 changed files with 68 additions and 23 deletions.
diff --git a/.github/workflows/never_alone_trail.yml b/.github/workflows/never_alone_trail.yml
@@ -15,6 +15,12 @@ on:
           attestation_name:
             required: true
             type: string
+          parent_flow_name:
+            required: false
+            type: string
+          parent_trail_name:
+            required: false
+            type: string
           kosli_org:
             required: true
             type: string
@@ -64,6 +70,8 @@ jobs:
               -f ${{inputs.flow_name}} \
               -t ${{inputs.trail_name}} \
               -b ${BASE_COMMIT} \
-              -p ${GITHUB_SHA} \
+              -c ${GITHUB_SHA} \
               -s ${{inputs.source_flow_name}} \
-              -n ${{inputs.attestation_name}}
+              -n ${{inputs.attestation_name}} \
+              -p ${{inputs.parent_flow_name}} \
+              -q ${{inputs.parent_trail_name}}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -55,6 +55,8 @@ jobs:
         TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
         SOURCE_FLOW_NAME: cli
         ATTESTATION_NAME: never-alone-data
+        PARENT_FLOW_NAME: cli-release
+        PARENT_TRAIL_NAME: ${{ needs.pre-build.outputs.trail_name }}
         KOSLI_ORG: kosli-public
       secrets:
         kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}

diff --git a/bin/never_alone/create_never_alone_trail.sh b/bin/never_alone/create_never_alone_trail.sh
@@ -2,12 +2,14 @@
 set -Eeu
 
 SCRIPT_NAME="create_never_alone_trail.sh"
-RELEASE_FLOW=""
+FLOW_NAME=""
 TRAIL_NAME=""
 BASE_COMMIT=""
-PROPOSED_COMMIT=""
+CURRENT_COMMIT=""
 SOURCE_FLOW=""
 SOURCE_ATTESTATION_NAME=""
+PARENT_FLOW=""
+PARENT_TRAIL=""
 KOSLI_HOST=${KOSLI_HOST:-https://app.kosli.com}
 
 
@@ -21,12 +23,14 @@ Collects all commits between base-commit and proposed-commit and use it as a tem
 
 Options are:
   -h                    Print this help menu
-  -f <release-flow>     Name of kosli flow to report combined never-alone info to. Required
+  -f <flow-name>        Name of kosli flow to report combined never-alone info to. Required
   -t <trail-name>       Name of the trail that the reviews shall be reported to. Required
-  -b <base-commit>      Commit of previous release
-  -p <proposed-commit>  Commit sha for release we are building now. Required
+  -b <base-commit-sha>  Old commit sha, used as base for creating list of commits. Required
+  -c <commit-sha>       Current commit sha, used as the end point for creating list of commits. Required
   -s <source-flow>      Name of kosli flow where the never-alone-data data are stored. Required
   -n <attestation-name> Attestation name used for never-alone-data. Required
+  -p <parent-flow>      Send an attestation about the never-alone-trail to the parent-flow. Optional
+  -q <parent-trail>     Trail name of parent flow where the report shall be sent. Optional
 EOF
 }
 
@@ -46,60 +50,69 @@ function repo_root
 
 function check_arguments
 {
-    while getopts "hf:t:b:p:s:n:" opt; do
+    while getopts "hf:t:b:c:s:n:p:q:" opt; do
         case $opt in
             h)
                 print_help
                 exit 1
                 ;;
             f)
-                RELEASE_FLOW=${OPTARG}
+                FLOW_NAME=${OPTARG}
                 ;;
             t)
                 TRAIL_NAME=${OPTARG}
                 ;;
             b)
                 BASE_COMMIT=${OPTARG}
                 ;;
-            p)
-                PROPOSED_COMMIT=${OPTARG}
+            c)
+                CURRENT_COMMIT=${OPTARG}
                 ;;
             s)
                 SOURCE_FLOW=${OPTARG}
                 ;;
             n)
                 SOURCE_ATTESTATION_NAME=${OPTARG}
                 ;;
+            p)
+                PARENT_FLOW=${OPTARG}
+                ;;
+            q)
+                PARENT_TRAIL=${OPTARG}
+                ;;
             \?)
                 echo "Invalid option: -$OPTARG" >&2
                 exit 1
                 ;;
         esac
     done
 
-    if [ -z "${RELEASE_FLOW}" ]; then
-        die "option -f <release-flow> is required"
+    if [ -z "${FLOW_NAME}" ]; then
+        die "option -f <flow-name> is required"
     fi
     if [ -z "${TRAIL_NAME}" ]; then
         die "option -t <trail-name> is required"
     fi
     if [ -z "${BASE_COMMIT}" ]; then
-        die "option -b <base-commit> is required"
+        die "option -b <base-commit-sha> is required"
     fi
-    if [ -z "${PROPOSED_COMMIT}" ]; then
-        die "option -p <proposed-commit> is required"
+    if [ -z "${CURRENT_COMMIT}" ]; then
+        die "option -c <commit-sha> is required"
     fi
     if [ -z "${SOURCE_FLOW}" ]; then
         die "option -s <source-flow> is required"
     fi
     if [ -z "${SOURCE_ATTESTATION_NAME}" ]; then
         die "option -n <attestation-name> is required"
     fi
+    if { [[ -n "$PARENT_FLOW" && -z "$PARENT_TRAIL" ]] || [[ -z "$PARENT_FLOW" && -n "$PARENT_TRAIL" ]]; }; then
+        die "You must provide either both options -p <parent-flow> and -q <parent-trail>, or neither"
+    fi
 }
 
 function begin_trail_with_template
 {
-    local release_flow=$1; shift
+    local flow_name=$1; shift
     local trail_name=$1; shift
     local commits=("$@")
     local trail_template_file_name="review_trail.yaml"
@@ -119,7 +132,7 @@ EOF
     } > ${trail_template_file_name}
 
     kosli begin trail ${trail_name} \
-        --flow=${release_flow} \
+        --flow=${flow_name} \
         --description="$(git log -1 --pretty='%aN - %s')" \
         --template-file=${trail_template_file_name}
 }
@@ -175,7 +188,7 @@ function get_never_alone_compliance
 
 function attest_commit_trail_never_alone
 {
-    local -r release_flow=$1; shift
+    local -r flow_name=$1; shift
     local -r trail_name=$1; shift
     local -r commit=$1; shift
     local -r source_flow=$1; shift
@@ -190,7 +203,7 @@ function attest_commit_trail_never_alone
         latest_never_alone_data=$(echo "${never_alone_data}" | jq '.[-1]')
         compliant=$(get_never_alone_compliance "${latest_never_alone_data}")
         kosli attest generic \
-            --flow ${release_flow} \
+            --flow ${flow_name} \
             --trail ${trail_name} \
             --commit ${commit} \
             --name="${commit}" \
@@ -199,18 +212,37 @@ function attest_commit_trail_never_alone
     fi
 }
 
+function attest_never_alone_trail_to_parent
+{
+    local -r flow_name=$1; shift
+    local -r trail_name=$1; shift
+    local -r parent_flow=$1; shift
+    local -r parent_trail=$1; shift
+
+    never_alone_trail_link="${KOSLI_HOST}/${KOSLI_ORG}/flows/${flow_name}/trails/${trail_name}"
+    kosli attest generic \
+        --flow ${parent_flow} \
+        --trail ${parent_trail} \
+        --name never-alone-trail \
+        --annotate never_alone_trail="${never_alone_trail_link}"
+}
+
 function main
 {
     check_arguments "$@"
     # Use gh instead of git so we can keep the commit depth of 1. The order are from oldest
     # commit to newest
-    commits=($(gh api repos/:owner/:repo/compare/${BASE_COMMIT}...${PROPOSED_COMMIT} -q '.commits[].sha'))
+    commits=($(gh api repos/:owner/:repo/compare/${BASE_COMMIT}...${CURRENT_COMMIT} -q '.commits[].sha'))
 
-    begin_trail_with_template ${RELEASE_FLOW} ${TRAIL_NAME} "${commits[@]}"
+    begin_trail_with_template ${FLOW_NAME} ${TRAIL_NAME} "${commits[@]}"
 
     for commit in "${commits[@]}"; do
-        attest_commit_trail_never_alone ${RELEASE_FLOW} ${TRAIL_NAME} ${commit} ${SOURCE_FLOW} ${SOURCE_ATTESTATION_NAME}
+        attest_commit_trail_never_alone ${FLOW_NAME} ${TRAIL_NAME} ${commit} ${SOURCE_FLOW} ${SOURCE_ATTESTATION_NAME}
     done
+
+    if [ -n "${PARENT_FLOW}" ]; then
+        attest_never_alone_trail_to_parent  ${FLOW_NAME} ${TRAIL_NAME} ${PARENT_FLOW} ${PARENT_TRAIL}
+    fi
 }
 
 main "$@"
diff --git a/bin/never_alone/get_commit_and_pr_info.sh b/bin/never_alone/get_commit_and_pr_info.sh
@@ -105,6 +105,9 @@ function get_never_alone_data
     local -r commit=$1; shift
     local -r result_file=$1; shift
 
+    # We have seen that the 'gh search commits' sometimes return an empty list
+    # Have added getting data with graphql also, and some echo messages further down
+    # Only for debugging at the moment, but we could use graphql to get both commit and pr data
     commit_data_graphql=$(get_commit_data_using_graphql $commit)
     pr_data=$(gh pr list --search "${commit}" --state merged --json author,reviews,mergeCommit,mergedAt,reviewDecision,url)
     commit_data=$(gh search commits --hash "${commit}" --json commit)