-
Notifications
You must be signed in to change notification settings - Fork 26
153 lines (135 loc) · 4.96 KB
/
release-create-release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: "Create Release"
on:
workflow_dispatch:
inputs:
version:
description: "Version"
default: ""
required: true
since:
description: "Changelog since"
default: ""
required: false
jobs:
check-prerequisites:
name: Check release prerequisites
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install yq
shell: bash
env:
VERSION: "v4.45.1"
BINARY: "yq_linux_amd64"
EXPECTED_CHECKSUM: "654d2943ca1d3be2024089eb4f270f4070f491a0610481d128509b2834870049"
run: |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/${BINARY} -O ./yq && chmod +x ./yq
echo "Generating downloaded yq binary sha256 checksum..."
generated_checksum=$(shasum -a256 ./yq | awk '{ print $1 }')
if [ "$generated_checksum" == "$EXPECTED_CHECKSUM" ]; then
echo "Checksums match."
else
echo "Checksums do not match."
exit 1
fi
- name: Check security-scanner config
shell: bash
run: |
if [[ $( ./yq eval ".protecode[0]" sec-scanners-config.yaml ) == "europe-docker.pkg.dev/kyma-project/prod/istio/releases/istio-manager:${{ github.event.inputs.version }}" ]]; then
echo "Image tag in sec-scanners-config matches release ${{ github.event.inputs.version }}"
exit 0
else
echo "Error: istio-manager image tag in sec-scanners-config doesn't match release ${{ github.event.inputs.version }}"
exit 1
fi
build-image:
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
needs: [check-prerequisites]
with:
name: istio/releases/istio-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.event.inputs.version }}
tags: "${{ github.event.inputs.version }}"
build-image-experimental:
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
needs: [ check-prerequisites ]
with:
name: istio/releases/istio-manager
dockerfile: Dockerfile
context: .
build-args: |
VERSION=${{ github.event.inputs.version }}-experimental
GO_BUILD_TAGS=experimental
tags: "${{ github.event.inputs.version }}-experimental"
unit-tests:
uses: ./.github/workflows/call-unit-lint.yaml
integration-tests:
needs: [build-image, build-image-experimental, unit-tests]
uses: ./.github/workflows/call-integration-tests.yaml
with:
image: "europe-docker.pkg.dev/kyma-project/prod/istio/releases/istio-manager:${{ github.event.inputs.version }}"
secrets: inherit
create-draft:
name: Create draft release
runs-on: ubuntu-latest
needs: [build-image, build-image-experimental, unit-tests, integration-tests]
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Create changelog
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./scripts/create_changelog.sh ${{ github.event.inputs.version }} ${{ github.event.inputs.since }}
- name: Create draft release
id: create-draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.version }})
echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT
- name: Create lightweight tag
run: |
git tag ${{ github.event.inputs.version }}
git push origin ${{ github.event.inputs.version }}
git tag ${{ github.event.inputs.version }}-experimental
git push origin ${{ github.event.inputs.version }}-experimental
outputs:
release_id: ${{ steps.create-draft.outputs.release_id }}
publish-release:
name: Publish release
needs: [create-draft]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Publish release assets
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./scripts/publish_assets.sh ${{ github.event.inputs.version }} ${{ needs.create-draft.outputs.release_id }}
- name: Publish release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }}
notify:
runs-on: ubuntu-latest
needs: publish-release
if: success()
steps:
- name: Notify
uses: slackapi/slack-github-action@485a9d42d3a73031f12ec201c457e2162c45d02d # v2.0.0
with:
webhook: ${{ secrets.SLACK_RELEASE_WEBHOOK }}
webhook-type: webhook-trigger
payload-templated: true
payload: |
repository: ${{ github.repository }},
release: ${{ inputs.version }}