fix: ui-audit, weavetooling rename, ci run_release_jobs (weaveworks#5314)

Author: casibbald

.github/workflows/ci.yaml

@@ -1,11 +1,11 @@
 # CI: proto and commitlint; fan-out Go (fmt, lint, unit-tests) || UI (ui-lint, ui-test);
 # then build (gitops, gitops-server). On tag: image, chart, goreleaser.
 #
-# Flow: pr-title-lint (if PR; else skipped) -> conventional-commits (if !tag;
-#   runs when pr-title-lint success or skipped) -> proto (make proto, git diff)
-#   in parallel with ui-lint, ui-test. Then go-fmt,
-#   go-lint, go-unit-tests (need proto). Then build
-#   (make gitops, make gitops-server). Tag jobs (image, chart, goreleaser) need build.
+# Flow: vars (sets run_release_jobs: true when ref is v* tag OR workflow_dispatch with run_release_jobs=true) and conventional-commits run first.
+#   conventional-commits -> pr-title-lint (if PR), proto, ui-lint, ui-test -> go-* -> build.
+#   Release jobs (build-push-gitops-server, build-and-push-chart, goreleaser) need [build, vars] and
+#   if: needs.vars.outputs.run_release_jobs == 'true'.
+#   workflow_dispatch input run_release_jobs is the sentinel when release.yaml (or manual) invokes CI via API.
 # No make clean (each run is a fresh checkout).
 #
 # On tag (v*): build-push-gitops-server (provenance, SBOM, cosign), build-and-push-chart
@@ -15,11 +15,17 @@ name: CI
 
 on:
   push:
-    branches: [main, feature/re-implement-workflows]
+    branches: [main]
     tags: ["v*"]
   pull_request:
-    branches: [main, feature/re-implement-workflows]
+    branches: [main]
   workflow_dispatch:
+    inputs:
+      run_release_jobs:
+        description: "Run image, chart and goreleaser jobs (release build). Set when dispatching to (re-)run release, or when invoked by release.yaml."
+        required: false
+        default: false
+        type: boolean
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -33,8 +39,33 @@ env:
   PYTHON_VERSION: "3.12"
 
 jobs:
+  vars:
+    name: Set CI vars
+    runs-on: ubuntu-latest
+    outputs:
+      run_release_jobs: ${{ steps.set_vars.outputs.is_release_tag == 'true' || (github.event_name == 'workflow_dispatch' && github.event.inputs.run_release_jobs == 'true') }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: "pip"
+      - run: pip install -e ./tooling
+      - id: set_vars
+        run: echo "is_release_tag=$(weavetooling ci is-tag)" >> $GITHUB_OUTPUT
+
+  conventional-commits:
+    name: Conventional Commits
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@v5
+
   pr-title-lint:
     name: Validate PR title
+    needs: [conventional-commits]
     runs-on: ubuntu-latest
     if: github.event_name == 'pull_request'
     permissions:
@@ -71,21 +102,36 @@ jobs:
           header: pr-title-lint-error
           delete: true
 
-  conventional-commits:
-    name: Conventional Commits
+  ui-lint:
+    name: UI lint
     needs: [pr-title-lint]
     runs-on: ubuntu-latest
-    if: always() && (needs.pr-title-lint.result == 'success' || needs.pr-title-lint.result == 'skipped') && !startsWith(github.ref, 'refs/tags/')
     steps:
       - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v5
+          node-version-file: package.json
+          cache: yarn
+      - run: make node_modules
+      - run: make ui-lint
+      - run: make ui-audit
 
+  ui-test:
+    name: UI test
+    needs: [pr-title-lint]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: package.json
+          cache: yarn
+      - run: make node_modules
+      - run: make ui-test
+        
   proto:
     name: Proto (generate + git diff)
-    needs: [conventional-commits]
-    if: always() && (needs.conventional-commits.result == 'success' || needs.conventional-commits.result == 'skipped')
+    needs: [pr-title-lint]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -101,7 +147,7 @@ jobs:
 
   go-fmt:
     name: Go fmt
-    needs: [proto]
+    needs: [proto, ui-lint, ui-test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -112,7 +158,7 @@ jobs:
 
   go-lint:
     name: Go lint
-    needs: [proto]
+    needs: [proto, ui-lint, ui-test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -123,7 +169,7 @@ jobs:
 
   go-unit-tests:
     name: Go unit-tests
-    needs: [proto]
+    needs: [proto, ui-lint, ui-test]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -141,41 +187,9 @@ jobs:
           version: ${{ steps.get_flux_version.outputs.version }}
       - run: make unit-tests
 
-  ui-lint:
-    name: UI lint
-    needs: [conventional-commits]
-    if: always() && (needs.conventional-commits.result == 'success' || needs.conventional-commits.result == 'skipped')
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: package.json
-          cache: yarn
-      - run: make node_modules
-      - run: make ui-lint
-      # Re-enable after workflow re-org when ui-audit errors are fixed
-      - name: UI audit (skipped)
-        if: false
-        run: make ui-audit
-
-  ui-test:
-    name: UI test
-    needs: [conventional-commits]
-    if: always() && (needs.conventional-commits.result == 'success' || needs.conventional-commits.result == 'skipped')
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: package.json
-          cache: yarn
-      - run: make node_modules
-      - run: make ui-test
-
   build:
     name: Build (gitops, gitops-server)
-    needs: [go-fmt, go-lint, go-unit-tests, ui-lint, ui-test]
+    needs: [go-fmt, go-lint, go-unit-tests]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -188,8 +202,8 @@ jobs:
   # --- Tag-only: image, chart, goreleaser ---
   build-push-gitops-server:
     name: Build and push gitops-server image
-    needs: [build]
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && needs.build.result == 'success'
+    needs: [build, vars]
+    if: needs.vars.outputs.run_release_jobs == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -251,8 +265,8 @@ jobs:
 
   build-and-push-chart:
     name: Build and push Helm chart
-    needs: [build]
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && needs.build.result == 'success'
+    needs: [build, vars]
+    if: needs.vars.outputs.run_release_jobs == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -296,8 +310,8 @@ jobs:
 
   goreleaser:
     name: Goreleaser (gitops CLI)
-    needs: [build]
-    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && needs.build.result == 'success'
+    needs: [build, vars]
+    if: needs.vars.outputs.run_release_jobs == 'true'
     runs-on: ubuntu-latest
     permissions:
       contents: write

.github/workflows/release.yaml

@@ -75,7 +75,7 @@ jobs:
 
       - name: Bump version (Chart, values, package.json)
         id: bump
-        run: tooling/.venv/bin/weavegitops release bump ${{ env.BUMP }}
+        run: tooling/.venv/bin/weavetooling release bump ${{ env.BUMP }}
 
       - name: Check for changes
         run: |
@@ -89,7 +89,7 @@ jobs:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
         run: |
-          tooling/.venv/bin/weavegitops release generate-notes \
+          tooling/.venv/bin/weavetooling release generate-notes \
             --version ${{ steps.bump.outputs.version }} \
             --output release-body.md \
             --template .github/release-notes-template.md \

package.json

@@ -43,7 +43,7 @@
   },
   "homepage": "https://github.com/weaveworks/weave-gitops#readme",
   "peerDependencies": {
-    "lodash": "^4.17.21",
+    "lodash": "^4.17.23",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
     "react-toastify": "^7.0.4",
@@ -64,8 +64,8 @@
     "install": "^0.13.0",
     "jest-canvas-mock": "^2.5.2",
     "js-sha3": "0.9.3",
-    "js-yaml": "^4.1.0",
-    "lodash": "^4.17.21",
+    "js-yaml": "^4.1.1",
+    "lodash": "^4.17.23",
     "luxon": "^3.7.2",
     "mnemonic-browser": "^0.0.1",
     "postcss": "^8.5.6",
@@ -75,7 +75,7 @@
     "react-is": "^19.0.0",
     "react-lottie-player": "^2.1.0",
     "react-markdown": "^10.1.0",
-    "react-router": "^7.6.3",
+    "react-router": "^7.12.0",
     "react-syntax-highlighter": "^15.6.1",
     "react-toastify": "^11.0.5",
     "remark-gfm": "^4.0.1",

tooling/README.md

@@ -4,12 +4,15 @@ Release and build tooling for Weave GitOps.
 
 ## Commands
 
-- **weavegitops release bump** [patch|minor|major|rc|patch-rc|minor-rc|major-rc]  
+- **weavetooling release bump** [patch|minor|major|rc|patch-rc|minor-rc|major-rc]  
   Bump from `charts/gitops-server/Chart.yaml`; updates Chart, values, package.json. **rc**: `0.39.0-rc.2` → `0.39.0-rc.3` or `0.39.0` → `0.39.0-rc.1`. **minor-rc**: `0.39.x` → `0.40.0-rc.1` (start RC for next minor). Also **patch-rc**, **major-rc**. Writes `version` to `GITHUB_OUTPUT` when set.
 
-- **weavegitops release generate-notes** --version X.Y.Z [--output PATH] [--template PATH] [--since-tag TAG] [--provider openai|anthropic]  
+- **weavetooling release generate-notes** --version X.Y.Z [--output PATH] [--template PATH] [--since-tag TAG] [--provider openai|anthropic]  
   Generate release notes from commits since the previous tag via OpenAI or Anthropic.
 
+- **weavetooling ci is-tag**  
+  Print `true` if `GITHUB_REF` starts with `refs/tags/v`, else `false`. Used in CI vars job: the step sets `is_release_tag` (e.g. `echo "is_release_tag=$(weavetooling ci is-tag)" >> $GITHUB_OUTPUT`); the job then exposes `run_release_jobs` (true when `is_release_tag` or `workflow_dispatch` with `run_release_jobs` input) for downstream release jobs.
+
 ## Install
 
 ```bash

tooling/pyproject.toml

@@ -21,7 +21,7 @@ dev = [
 ]
 
 [project.scripts]
-weavegitops = "weave_gitops_tooling.cli:main"
+weavetooling = "weave_gitops_tooling.cli:main"
 
 [tool.setuptools.packages.find]
 where = ["src"]

tooling/src/weave_gitops_tooling/cli/__init__.py

@@ -1,4 +1,4 @@
-"""CLI for weavegitops."""
+"""CLI for weavetooling."""
 
 from .main import main
 

tooling/src/weave_gitops_tooling/cli/ci.py

@@ -0,0 +1,16 @@
+"""CI helper commands (is-tag, etc.)."""
+
+import os
+
+
+def run_ci(args) -> None:
+    if getattr(args, "ci_cmd", None) == "is-tag":
+        _run_is_tag()
+        return
+    raise SystemExit("weavetooling ci: use is-tag. Run: weavetooling ci --help")
+
+
+def _run_is_tag() -> None:
+    """Print 'true' if GITHUB_REF starts with refs/tags/v, else 'false'. For GHA job outputs."""
+    ref = os.environ.get("GITHUB_REF", "")
+    print("true" if ref.startswith("refs/tags/v") else "false")

tooling/src/weave_gitops_tooling/cli/main.py

@@ -1,10 +1,11 @@
-"""weavegitops CLI entry point."""
+"""weavetooling CLI entry point."""
 
 import os
 import sys
 from pathlib import Path
 
 from . import release as release_cli
+from . import ci as ci_cli
 
 
 def _get_project_root() -> Path:
@@ -26,23 +27,32 @@ def main() -> None:
 
     if args.command == "release":
         if not getattr(args, "release_cmd", None):
-            print("weavegitops release: missing subcommand")
+            print("weavetooling release: missing subcommand")
             print("  bump, generate-notes")
-            print("  Use: weavegitops release --help")
+            print("  Use: weavetooling release --help")
             sys.exit(1)
         release_cli.run_release(args, project_root)
         return
 
-    print("weavegitops: use 'release' (bump, generate-notes).")
+    if args.command == "ci":
+        if not getattr(args, "ci_cmd", None):
+            print("weavetooling ci: missing subcommand")
+            print("  is-tag")
+            print("  Use: weavetooling ci --help")
+            sys.exit(1)
+        ci_cli.run_ci(args)
+        return
+
+    print("weavetooling: use 'release' (bump, generate-notes) or 'ci' (is-tag).")
     sys.exit(1)
 
 
 def _build_parser():
     import argparse
 
     p = argparse.ArgumentParser(
-        prog="weavegitops",
-        description="Weave GitOps tooling: release bump, generate-notes",
+        prog="weavetooling",
+        description="Weave GitOps tooling: release bump, generate-notes, ci helpers",
     )
     sub = p.add_subparsers(dest="command", help="Command")
 
@@ -83,4 +93,8 @@ def _build_parser():
         help="Model: OpenAI (gpt-4o-mini) or Anthropic (claude-sonnet-4-5-20250929)",
     )
 
+    pci = sub.add_parser("ci", help="CI helpers: is-tag (for GHA job outputs)")
+    pci_sub = pci.add_subparsers(dest="ci_cmd")
+    pci_sub.add_parser("is-tag", help="Print true if GITHUB_REF is refs/tags/v*, else false")
+
     return p