AN-354 Initial checkin of Release Community Cromwell GHA

[jgainerdewar]

Description

Initial checkin of this GHA. I've done as much testing as I could in my fork, you can see the release created there and my recent runs of this action.

This requires a further round of testing in this repo with real secrets, but need to do an initial merge first.

This action will result in:

• develop merged to master and upgraded to the next version
• New numbered release in this here repo, consistent with the ones we have created in the past (release notes from changelog, jars attached, matching tag)
• New major version images pushed to Dockerhub, ex. broadinstitute/cromwell:88

Release Notes Confirmation

CHANGELOG.md

• I updated CHANGELOG.md in this PR
• I assert that this change shouldn't be included in CHANGELOG.md because it doesn't impact community users

Terra Release Notes

• I added a suggested release notes entry in this Jira ticket
• I assert that this change doesn't need Jira release notes because it doesn't impact Terra users

[jgainerdewar]

There might be a more elegant way to do this now, but this way works.

[LizBaldo]

LGTM, I left a few suggestions / comments along the way. I think it might be nice to ship this with the ability to run on any branch to make potential debugging a lot easier

[LizBaldo]

Nit, but do you want to set up a manual trigger to be able to run this workflow on any branch in case you need to further debug once this has been merged? Something like this should do it: https://github.com/DataBiosphere/terra-docker/blob/a0cf5769e6b469ba5813c810c119b10f26915422/.github/workflows/publish.yml#L2

[jgainerdewar]

I do, but it looks like I get that for free - this is what I see when I run the action in my fork:

Maybe I'm misunderstanding though, I haven't actually tried with a different branch.

[LizBaldo]

I guess you only care about the workflow file, and if that's the case you should be all set. In the example I shared, the branch input is to chose the code from your PR branch, in addition to selecting the workflow from that branch too

[jgainerdewar]

Ah, got it - for this specific workflow I think we do always want to use develop and master, and use a fork if we want to test without creating real releases. Feels like a footgun to give users a dropdown to create a real release from an arbitrary branch.

[LizBaldo]

Do we know if this secret will stay put in vault, or if devops has plans to move it to GSM instead?

[jgainerdewar]

No idea, it may already be coming from GSM - I can look and update the comment. This was copied and pasted from a different GHA we have.

[jgainerdewar]

Looks like it's still in Vault.

[aednichols]

Copy-pasted could be a candidate for making a reusable ("composite") action.

[jgainerdewar]

True, though I don't know that that would result in many fewer lines copied and pasted, this is pretty minimal.

[LizBaldo]

Are cromwell versions always incremented by 1? Would it make sense to have a manual override using workflow inputs in case this changes?

[jgainerdewar]

In the past they have always been incremented by 1, and there are a few fiddly things in here that would go wrong if we started using arbitrary versions. We'll need to address this as part of switching to semantic versioning, which we should do, but that's a conversation for a different PR - are you okay waiting until then to do custom version support?

[aednichols]

This logic does replicate the old release script.

[LizBaldo]

Could you provide a bit more details about this? I could not pin point exactly where this is used below

[jgainerdewar]

Sure, will expand comment - basically this tells the action to check out all the past commits, which is important for git to understand how to merge branches together.

[aednichols]

I think in this case 0 is a sentinel for infinity.

[aednichols]

Looks very credible as a first attempt worth running!