feat: shared Action - DX DORA metrics + modify release practices#7
feat: shared Action - DX DORA metrics + modify release practices#7skawaguchi-ecobee wants to merge 16 commits into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a new GitHub Action, publish_dx_dora_metrics, designed to send deployment data to DX for DORA metrics tracking. It also updates the root README.md to reference versioned actions (@v1) and adds documentation for the new utility. Feedback identifies a high-severity security vulnerability where GitHub Action expressions are expanded directly in a shell script, creating a risk of shell injection; it is recommended to map inputs to environment variables instead. Additionally, the reviewer suggested adding error handling to the curl command and correcting relative links in the root README.md that incorrectly point to a parent directory.
skawaguchi-ecobee
changed the title
| environment: | ||
| description: 'Deployment environment (defaults to production)' | ||
| required: false | ||
| default: 'production' |
There was a problem hiding this comment.
This is what's needed to show up in DORA. I've made it overridable so we can test connections by querying in DX and setting this to like "test" and it won't affect our actual DORA metrics.
| commit_sha: $sha, | ||
| deployed_at: $ts, | ||
| metadata: { | ||
| commit_timestamp: $ct |
There was a problem hiding this comment.
This gets us DORA lead time as far as I can tell from the docs
| DX_API_TOKEN: ${{ secrets.DX_API_TOKEN }} | ||
| with: | ||
| repository: 'ecobee/my-service' | ||
| service: 'my-service' |
There was a problem hiding this comment.
I tried to keep this as simple as possible for teams to use.
| # ... your deployment steps ... | ||
|
|
||
| - name: Publish deployment metrics | ||
| uses: ecobee/github-actions/publish_dx_dora_metrics_trunk_based@v1 |
There was a problem hiding this comment.
Figured we need to start having versioning. I'm anticipating creating more shared actions as we go.
1 participant
Release practices
DORA metrics shared action
This shared action is a thin wrapper around the
curlcommand to tell DX when we've deployed something. This is used to get DORA metrics like Deploy Frequency and Lead Time. The action is pretty dumb, it makes it so teams don' t have to worry about timestamps, the DX API key, or sensible defaults. I started with Trunk-Based. If we have other flows, then I might have to make other versions of this. Let's see how far this gets us, and whether it's worth the effort.Testing Evidence
Tested on iot-control-services repo:
...with environment override:
Confirmed it's showing up in DX:
Now we just have to add to all the repos...