Is there a way to put a lock on Concourse git-resource? - concourse

I have setup pipeline in Concourse with some jobs that are building Docker images.
After the build I push the image tag to the git repo.
The problem is when the builds come to end at the same time, one jobs pushes to git, while the other just pulled, and when second job tries push to git it gets error.
error: failed to push some refs to 'git#github.com:*****/*****'
hint: Updates were rejected because the remote contains work that you do
hint: not have locally. This is usually caused by another repository pushing
hint: to the same ref. You may want to first integrate the remote changes
hint: (e.g., 'git pull ...') before pushing again.
hint: See the 'Note about fast-forwards' in 'git push --help' for details.
So is there any way to prevent concurrent push?
So far I've tried applying serial and serial_groups to jobs.
It helps, but all the jobs got queued up, because we have a lot of builds.
I expect jobs to run concurrently and pause before doing operations to git if some other job have a lock on it.
resources:
- name: backend-helm-repo
type: git
source:
branch: master
paths:
- helm
uri: git#github.com:******/******
-...
jobs:
-...
- name: some-hidden-api-build
serial: true
serial_groups:
- build-alone
plan:
- get: some-hidden-api-repo
trigger: true
- get: golang
- task: build-image
file: somefile.yaml
- put: some-hidden-api-image
- get: backend-helm-repo
- task: update-helm-tag
config:
platform: linux
image_resource:
type: registry-image
source:
repository: mikefarah/yq
tag: latest
run:
path: /bin/sh
args:
- -xce
- "file manipulations && git commit"
inputs:
- name: some-hidden-api-repo
- name: backend-helm-repo
outputs:
- name: backend-helm-tag-bump
- put: backend-helm-repo
params:
repository: backend-helm-tag-bump
- put: some-hidden-api-status
params:
commit: some-hidden-api-repo
state: success
- name: some-other-build
serial: true
serial_groups:
- build-alone
plan:
- get: some-other-repo
trigger: true
- get: golang
- task: build-image
file: somefile.yaml
- put: some-other-image
- get: backend-helm-repo
- task: update-helm-tag
config:
platform: linux
image_resource:
type: registry-image
source:
repository: mikefarah/yq
tag: latest
run:
path: /bin/sh
args:
- -xce
- "file manipulations && git commit"
inputs:
- name: some-other-repo
- name: backend-helm-repo
outputs:
- name: backend-helm-tag-bump
- put: backend-helm-repo
params:
repository: backend-helm-tag-bump
- put: some-other-status
params:
commit: some-other-repo
state: success
-...
So if jobs come finish image build at the same time and make git commit in parallel, one pushes faster, than second one, second one breaks.
Can someone help?

note that your description is too vague to give detailed answer.
I expect jobs to concurrently and stop before pushing to git if some other job have a lock on git.
This will not be enough, if they stop just before pushing, they are already referencing a git commit, which will become stale when the lock is released by the other job :-)
The jobs would have to stop, waiting on the lock, before cloning the git repo, so at the very beginning.
All this is speculation on my part, since again it is not clear what you want to do, for these kind of questions posting a as-small-as-possible pipeline image and as-small-as-possible configuration code is helpful.
You can consider https://github.com/concourse/pool-resource as locking mechanism.

Related

Template for pull request reviews

GitHub allows for creating PR templates. Is it possible to do the same, but for pull request reviews?
An example of such would be adding a review checklist, like the following:
- [] Have all the GitHub checks passed?
- [] Is there any redundant code?
- [] Could any optimization be applied?
In GitHub, there are no templates for pull request reviews. And, this makes sense, because reviews directly belong to pull requests.
But you can run a GitHub action when a draft PR is changed to the ready for review state, for example with:
on:
pull_request_target:
types:
- ready_for_review
To create a comment with checkboxes in this step, use marocchino/sticky-pull-request-comment.
I have tested it in this PR and I am excited about how well this is working.
Full example:
name: "Pull request checklist"
on:
pull_request_target:
types:
- ready_for_review
jobs:
pull_request_info:
runs-on: ubuntu-latest
steps:
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_HEAD_REF})"
id: extract_branch
- name: Checkout repository
uses: actions/checkout#v3
with:
fetch-depth: 0
- name: Show checklist
uses: marocchino/sticky-pull-request-comment#v2
with:
header: show_checklist
message: |
- [ ] Checklist item 1
- [ ] Checklist item 2
For more options, check out the:
Sticky pull request comment repo
GitHub actions workflow events documentation

How to access a multi branch resource attribute in a concourse job?

I'm using multi branch resourcing in a concourse pipeline like so:
resources:
- name: my-resource
type: git-multibranch
source:
uri: git#github.com.../my-resource
branches: 'feature/.*'
private_key: ...
ignore-branches: ''
How can I access the branch the resource is on at the time the job runs? like so:
jobs:
...
outputs:
- name: my-resource
params:
GIT_BRANCH: {BRANCH-GOES-HERE}
I'm looking to access it via something like my-resource.branch but haven't found any thing that works yet

How to have event configuration with string for GitHub Actions On?

I have the following GitHub Actions YML file.
name: CI
on:
- push
- release:
- types: [published]
#...
But I'm getting an error: Invalid Workflow File Invalid type for on.
The only other way to do what I want here is to do on: [push, release]. But then I can't filter by type published.
How can I fix this error?
The yaml doesn't look valid to me. Try this:
name: CI
on:
push:
release:
types: [published]

Unable to run Sonarqube analysis from cloudbuild.yaml with Google Cloud build

I have integrated my github repo with Google cloud build to automatically build a docker images after every commit in github. This is working fine, but now I want to do sonarqube analysis on code before Docker image building process. So for that I have integrated the sonarqube part in cloudbuild.yaml file. But not able to run it.
I have followed the steps provided in link: https://github.com/GoogleCloudPlatform/cloud-builders-community/tree/master/sonarqube
and pushed the sonar-scanner image in google container registry.
My sonarqube server is running on a GCP instance. On every commit in github, cluod build automatically triggered and start doing task mentioned in cloudbuild.yaml file
Dockerfile:
FROM nginx
COPY ./ /usr/share/nginx/html
cloudbuild.yaml :
steps:
- name: 'gcr.io/PROJECT_ID/sonar-scanner:latest'
args:
- '-Dsonar.host.url=sonarqube_url'
- '-Dsonar.login=c2a7631a6e402c338739091ffbc30e5e3d66cf19'
- '-Dsonar.projectKey=sample-project'
- '-Dsonar.sources=.'
- name: 'gcr.io/cloud-builders/docker'
args: [ 'build', '-t', 'gcr.io/PROJECT_ID/html-css-website', '.' ]
images:
- 'gcr.io/PROJECT_ID/html-css-website'
Error:
Status: Build failed
Status detail: failed unmarshalling build config cloudbuild.yaml: yaml: line 3: did not find expected key
If the formatting you've pasted actually matches what you've got in your project then your issue is that the args property within the first steps block is indented too far: it should be aligned with the name property above it.
---
steps:
- name: "gcr.io/PROJECT_ID/sonar-scanner:latest"
args:
- "-Dsonar.host.url=sonarqube_url"
- "-Dsonar.login=c2a7631a6e402c338739091ffbc30e5e3d66cf19"
- "-Dsonar.projectKey=sample-project"
- "-Dsonar.sources=."
- name: "gcr.io/cloud-builders/docker"
args:
- "build"
- "-t"
- "gcr.io/PROJECT_ID/html-css-website"
- "."
images:
- "gcr.io/PROJECT_ID/html-css-website"

Concourse merge another branch

I'm trying to automate deployments using Concourse-CI.
I have a go application that is checked into a local Gitlab with two branches (master and develop).
I have a pipeline setup for the develop branch that runs go unit tests and if they pass i want to automatically merge the changes from the develop branch to the master branch and tag it with the latest version.
Here is what I have so far:
jobs:
- name: run-unit-tests
public: true
plan:
- get: source-master
- get: source
trigger: true
- put: discord
params:
channel: "((channel_id))"
color: 6076508
title: Concourse CI
message: |
Starting Unit tests for manageGameData
- task: task-unit-tests
file: source/ci/tasks/task-unit-tests.yml
on_success:
do:
- put: discord
params:
channel: "((channel_id))"
color: 6076508
title: Concourse CI
message: |
All Unit tests passed for manageGameData
- put: version
params:
bump: minor
- get: version
- put: source-master
params:
merge: source
repository: source-master
tag: version/number
The problem is that this only tags the master branch with the new version.
Is there a way to merge the develop branch to master?
I guess i didn't understand the documentation at first but the answer was pretty easy.
- get: source-master
- get: source
- put: source-master
params:
repository: source
First you have to get both branches in this case master and develop. Then you push the source local repo (a folder on the concourse worker) to master by using put.
There is no need for the merge parameter and i had the wrong repository parameter.
Hope this helps someone else.
Alternatively you could use just scripts for more complex git commands.
platform: linux
image_resource:
type: docker-image
source:
repository: concourse/buildroot
tag: git
run:
path: /bin/bash
args:
- -c
- |
set -eux
git clone https://user:passw#repo.git
git config --global user.name "UserName"
git config --global user.email "email#your.com"
git checkout master
git merge hotfix