From 4213e371dd40f37330568d6f32d983ea10d280b1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 08:54:09 +0000 Subject: [PATCH 1/6] Initial plan From aad8df08672cb90cbdb2d67953533fb594482b27 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 09:03:01 +0000 Subject: [PATCH 2/6] Add CI workflow to check version bumps in PRs Co-authored-by: chrisburr <5220533+chrisburr@users.noreply.github.com> --- .github/workflows/version-check.yml | 73 +++++++++++++++++++++++++++++ CONTRIBUTING.md | 61 ++++++++++++++++++++++++ 2 files changed, 134 insertions(+) create mode 100644 .github/workflows/version-check.yml create mode 100644 CONTRIBUTING.md diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml new file mode 100644 index 0000000..157ac56 --- /dev/null +++ b/.github/workflows/version-check.yml @@ -0,0 +1,73 @@ +name: Version Bump Check + +on: + pull_request: + branches: + - master + +jobs: + check-version-bump: + runs-on: ubuntu-latest + steps: + - name: Checkout PR branch + uses: actions/checkout@v5 + with: + fetch-depth: 0 + + - name: Check for version bumps + run: | + set -e + + # Get the base branch + BASE_BRANCH="${{ github.base_ref }}" + echo "Base branch: $BASE_BRANCH" + + # Fetch the base branch + git fetch origin "$BASE_BRANCH" + + # Find all Chart.yaml files (including subcharts) + CHART_FILES=$(find . -name "Chart.yaml" -type f | grep -v "/\.") + + echo "Checking Chart.yaml files for version bumps..." + + FAILED=0 + + for CHART_FILE in $CHART_FILES; do + echo "---" + echo "Checking: $CHART_FILE" + + # Get current version + CURRENT_VERSION=$(grep "^version:" "$CHART_FILE" | awk '{print $2}' | tr -d '"' | tr -d "'") + echo "Current version: $CURRENT_VERSION" + + # Get base version (check if file exists in base branch) + if git cat-file -e "origin/$BASE_BRANCH:$CHART_FILE" 2>/dev/null; then + BASE_VERSION=$(git show "origin/$BASE_BRANCH:$CHART_FILE" | grep "^version:" | awk '{print $2}' | tr -d '"' | tr -d "'") + echo "Base version: $BASE_VERSION" + + # Compare versions + if [ "$CURRENT_VERSION" == "$BASE_VERSION" ]; then + echo "❌ ERROR: Version in $CHART_FILE has not been bumped!" + echo " Current: $CURRENT_VERSION" + echo " Base: $BASE_VERSION" + echo " Please increment the version in $CHART_FILE" + FAILED=1 + else + echo "✅ Version bumped from $BASE_VERSION to $CURRENT_VERSION" + fi + else + echo "ℹ️ New chart file (not in base branch), skipping version check" + fi + done + + echo "---" + + if [ $FAILED -eq 1 ]; then + echo "" + echo "❌ Version bump check FAILED" + echo "One or more Chart.yaml files need version updates." + echo "Please increment the version field according to semantic versioning." + exit 1 + else + echo "✅ All Chart.yaml files have been properly versioned" + fi diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..4af968d --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,61 @@ +# Contributing to diracx-charts + +Thank you for your interest in contributing to diracx-charts! + +## Pull Request Requirements + +When submitting a pull request, please ensure the following: + +### Version Bumping + +**All pull requests MUST bump the chart version(s) being modified.** + +The repository uses automated CI checks to ensure that chart versions are incremented in every PR. This is required because: + +- The repository follows a "live at head" approach +- Charts are automatically pushed to by diracx and diracx-web repositories +- The main branch is always tagged with the current version + +#### Which versions need to be bumped? + +If your changes affect: + +- **The main chart** (`diracx/Chart.yaml`): Increment the `version` field following [Semantic Versioning](https://semver.org/) + - MAJOR version for incompatible API changes + - MINOR version for backwards-compatible functionality additions + - PATCH version for backwards-compatible bug fixes + +- **The cert-manager-issuer subchart** (`diracx/charts/cert-manager-issuer/Chart.yaml`): Increment the `version` field if you modify this subchart + +#### Example + +If the current version in `diracx/Chart.yaml` is `1.0.0` and you're making a backward-compatible bug fix: + +```yaml +# Before +version: "1.0.0" + +# After +version: "1.0.1" +``` + +### Pre-commit Checks + +This repository uses pre-commit hooks. Make sure to install them: + +```bash +pip install pre-commit +pre-commit install +``` + +### Testing + +Before submitting your PR, ensure that: + +1. Pre-commit checks pass: `pre-commit run --all-files` +2. The demo runs successfully: `./run_demo.sh --exit-when-done` +3. Helm linting passes: `helm lint diracx/ --set diracx.hostname=diracx.invalid` + +## Questions? + +If you have questions about contributing, please open an issue for discussion. From effed735a999b7fbcbc001da752daad81cc6dd3f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 09:04:50 +0000 Subject: [PATCH 3/6] Add documentation for version bump requirement and repository configuration Co-authored-by: chrisburr <5220533+chrisburr@users.noreply.github.com> --- CONTRIBUTING.md | 30 +++++++++++ docs/REPOSITORY_CONFIGURATION.md | 90 ++++++++++++++++++++++++++++++++ 2 files changed, 120 insertions(+) create mode 100644 docs/REPOSITORY_CONFIGURATION.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4af968d..3b51e04 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,6 +56,36 @@ Before submitting your PR, ensure that: 2. The demo runs successfully: `./run_demo.sh --exit-when-done` 3. Helm linting passes: `helm lint diracx/ --set diracx.hostname=diracx.invalid` +## Repository Workflow + +This repository follows a **"live at head"** approach with the following policies: + +### Branch Strategy + +- The `master` branch is the main development branch and should always be in a releasable state +- All changes must go through pull requests +- Pull requests should be kept up-to-date with the base branch before merging +- The repository maintains a linear history (no merge commits) + +### Automated Updates + +This repository receives automated updates from: +- [DIRACGrid/diracx](https://github.com/DIRACGrid/diracx) +- [DIRACGrid/diracx-web](https://github.com/DIRACGrid/diracx-web) + +These automated updates will also need to bump the chart version appropriately. + +### Recommended Branch Protection Settings + +Repository administrators should configure the following branch protection rules for `master`: + +- ✅ Require pull request reviews before merging +- ✅ Require status checks to pass before merging + - ✅ Require branches to be up to date before merging + - Required checks: `pre-commit`, `run-demo`, `run-demo-mount-sources`, `check-version-bump` +- ✅ Require linear history (no merge commits) +- ✅ Do not allow bypassing the above settings + ## Questions? If you have questions about contributing, please open an issue for discussion. diff --git a/docs/REPOSITORY_CONFIGURATION.md b/docs/REPOSITORY_CONFIGURATION.md new file mode 100644 index 0000000..a3ef6a1 --- /dev/null +++ b/docs/REPOSITORY_CONFIGURATION.md @@ -0,0 +1,90 @@ +# Repository Configuration Guide + +This document provides guidance for repository administrators on configuring the diracx-charts repository. + +## Branch Protection Rules + +To maintain code quality and enforce the "live at head" approach, configure the following branch protection rules for the `master` branch: + +### Required Settings + +1. **Navigate to Repository Settings** + - Go to: `Settings` → `Branches` → `Branch protection rules` + - Add a rule for the `master` branch + +2. **Configure Protection Rules** + + #### Pull Request Requirements + - ✅ **Require a pull request before merging** + - Require approvals: `1` (or more, as desired) + - Dismiss stale pull request approvals when new commits are pushed + - Require review from Code Owners (if CODEOWNERS file is present) + + #### Status Check Requirements + - ✅ **Require status checks to pass before merging** + - ✅ **Require branches to be up to date before merging** (critical for "live at head") + - Required status checks: + - `pre-commit` (from `.github/workflows/main.yml`) + - `run-demo` (from `.github/workflows/main.yml`) + - `run-demo-mount-sources` (from `.github/workflows/main.yml`) + - `check-version-bump` (from `.github/workflows/version-check.yml`) + + #### Commit History + - ✅ **Require linear history** + - This prevents merge commits and keeps the git history clean + - Pull requests must be rebased or squashed before merging + + #### Other Recommended Settings + - ✅ **Do not allow bypassing the above settings** + - ✅ **Require conversation resolution before merging** + - ⚠️ Consider: **Restrict who can push to matching branches** (optional, based on your team structure) + +### Why These Settings? + +#### Require branches to be up to date +This is essential for the "live at head" approach because: +- The repository receives automated updates from diracx and diracx-web +- The master branch is always tagged with the current version +- Ensures no conflicts or issues arise from stale branches being merged + +#### Require linear history +Benefits include: +- Cleaner, more readable git history +- Easier to understand the sequence of changes +- Simplifies troubleshooting and git bisect operations +- Works well with automated versioning and tagging + +#### Version bump check +Ensures that: +- Every change increments the chart version +- No conflicting versions are introduced +- Chart releases are properly tracked + +## Automated Updates Configuration + +The repository receives automated updates from dependent repositories. Ensure that: + +1. **GitHub Actions has write permissions** + - Go to: `Settings` → `Actions` → `General` → `Workflow permissions` + - Set to: `Read and write permissions` + - This allows the release workflow to create tags and releases + +2. **Automated PRs are configured correctly** + - Automated updates from diracx and diracx-web should: + - Create pull requests (not push directly to master) + - Include version bumps in their changes + - Wait for CI checks to pass + +## Monitoring + +Regularly check: +- Pull requests are being properly reviewed +- Status checks are passing consistently +- Version bumps are being applied correctly +- The release workflow is creating tags/releases as expected + +## Questions or Issues? + +If you encounter problems with these settings or need clarification, please: +- Review the GitHub documentation on [branch protection rules](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) +- Open an issue in the repository for discussion From 344fefba26f784cc148fb5516ae1bb1c8aa12a27 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 09:08:26 +0000 Subject: [PATCH 4/6] Update version check to only check top-level charts Co-authored-by: chrisburr <5220533+chrisburr@users.noreply.github.com> --- .github/workflows/version-check.yml | 5 +++-- CONTRIBUTING.md | 6 ++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml index 157ac56..d1db2b7 100644 --- a/.github/workflows/version-check.yml +++ b/.github/workflows/version-check.yml @@ -25,8 +25,9 @@ jobs: # Fetch the base branch git fetch origin "$BASE_BRANCH" - # Find all Chart.yaml files (including subcharts) - CHART_FILES=$(find . -name "Chart.yaml" -type f | grep -v "/\.") + # Find all top-level Chart.yaml files (exclude subcharts in charts/ subdirectories) + # The chart-releaser only releases top-level charts, so we only check those + CHART_FILES=$(find . -maxdepth 2 -name "Chart.yaml" -type f | grep -v "/\.") echo "Checking Chart.yaml files for version bumps..." diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3b51e04..8e7f83c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,14 +18,12 @@ The repository uses automated CI checks to ensure that chart versions are increm #### Which versions need to be bumped? -If your changes affect: - -- **The main chart** (`diracx/Chart.yaml`): Increment the `version` field following [Semantic Versioning](https://semver.org/) +- **The main chart** (`diracx/Chart.yaml`): The `version` field MUST be incremented following [Semantic Versioning](https://semver.org/) - MAJOR version for incompatible API changes - MINOR version for backwards-compatible functionality additions - PATCH version for backwards-compatible bug fixes -- **The cert-manager-issuer subchart** (`diracx/charts/cert-manager-issuer/Chart.yaml`): Increment the `version` field if you modify this subchart +Note: Subcharts (like `diracx/charts/cert-manager-issuer/`) are not released separately and do not require version bumps unless you're also updating the main chart version. #### Example From 3bed7592db9d8df1f36ec6955f05bfe5958f07ce Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 09:10:31 +0000 Subject: [PATCH 5/6] Fix find command to explicitly exclude subcharts Co-authored-by: chrisburr <5220533+chrisburr@users.noreply.github.com> --- .github/workflows/version-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml index d1db2b7..9fced98 100644 --- a/.github/workflows/version-check.yml +++ b/.github/workflows/version-check.yml @@ -27,7 +27,7 @@ jobs: # Find all top-level Chart.yaml files (exclude subcharts in charts/ subdirectories) # The chart-releaser only releases top-level charts, so we only check those - CHART_FILES=$(find . -maxdepth 2 -name "Chart.yaml" -type f | grep -v "/\.") + CHART_FILES=$(find . -name "Chart.yaml" -not -path "*/charts/*" -type f | grep -v "/\.") echo "Checking Chart.yaml files for version bumps..." From 57ad5dc548ec72e2dba1d48885d9e68cbdefe36d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 28 Oct 2025 09:12:38 +0000 Subject: [PATCH 6/6] Add explicit permissions to version-check workflow Co-authored-by: chrisburr <5220533+chrisburr@users.noreply.github.com> --- .github/workflows/version-check.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml index 9fced98..0063f13 100644 --- a/.github/workflows/version-check.yml +++ b/.github/workflows/version-check.yml @@ -8,6 +8,8 @@ on: jobs: check-version-bump: runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Checkout PR branch uses: actions/checkout@v5