2023-01-02 06:25:17 -05:00
name : Release
on :
workflow_dispatch :
inputs :
version :
description : "Version to release (e.g. v1.2.3)"
required : true
kind :
description : "Release kind"
type : choice
options : [ minor, patch]
required : true
default : "minor"
jobs :
verify-inputs :
name : Verify inputs
runs-on : ubuntu-22.04
env :
FULL_VERSION : ${{ inputs.version }}
outputs :
WITHOUT_V : ${{ steps.version-info.outputs.WITHOUT_V }}
PART_MAJOR : ${{ steps.version-info.outputs.PART_MAJOR }}
PART_MINOR : ${{ steps.version-info.outputs.PART_MINOR }}
PART_PATCH : ${{ steps.version-info.outputs.PART_PATCH }}
MAJOR : ${{ steps.version-info.outputs.MAJOR }}
MAJOR_MINOR : ${{ steps.version-info.outputs.MAJOR_MINOR }}
MAJOR_MINOR_PATCH : ${{ steps.version-info.outputs.MAJOR_MINOR_PATCH }}
RELEASE_BRANCH : ${{ steps.version-info.outputs.RELEASE_BRANCH }}
steps :
- name : Verify version
run : |
if [[ ! "${FULL_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Version must be in the form of vX.Y.Z"
exit 1
fi
2023-01-18 04:15:58 -05:00
2023-01-02 06:25:17 -05:00
- name : Extract version info
id : version-info
run : |
WITHOUT_V=${FULL_VERSION#v}
PART_MAJOR=${WITHOUT_V%%.*}
PART_MINOR=${WITHOUT_V#*.}
PART_MINOR=${PART_MINOR%%.*}
PART_PATCH=${WITHOUT_V##*.}
{
echo "WITHOUT_V=${WITHOUT_V}"
echo "PART_MAJOR=${PART_MAJOR}"
echo "PART_MINOR=${PART_MINOR}"
echo "PART_PATCH=${PART_PATCH}"
echo "MAJOR=${PART_MAJOR}"
echo "MAJOR_MINOR=${PART_MAJOR}.${PART_MINOR}"
echo "MAJOR_MINOR_PATCH=${PART_MAJOR}.${PART_MINOR}.${PART_PATCH}"
echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}"
2023-03-21 07:20:27 -04:00
} | tee -a "$GITHUB_OUTPUT"
2023-01-02 06:25:17 -05:00
2023-01-06 05:49:55 -05:00
docs :
name : Create docs release
runs-on : ubuntu-22.04
if : inputs.kind == 'minor'
needs : verify-inputs
2023-01-30 10:11:27 -05:00
permissions :
contents : write
2023-02-27 04:49:52 -05:00
pull-requests : write
2023-01-06 05:49:55 -05:00
env :
VERSION : ${{ inputs.version }}
MAJOR_MINOR : ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
BRANCH : docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
steps :
2023-03-22 12:57:47 -04:00
- uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-06 05:49:55 -05:00
with :
ref : ${{ github.head_ref }}
2023-01-12 12:13:25 -05:00
2023-01-06 05:49:55 -05:00
- name : Create docs release
working-directory : docs
run : |
npm install
npm run docusaurus docs:version "${MAJOR_MINOR}"
2023-01-12 12:13:25 -05:00
2023-01-06 05:49:55 -05:00
- name : Create docs pull request
2023-03-22 12:57:47 -04:00
uses : peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
2023-01-06 05:49:55 -05:00
with :
2023-01-26 06:13:10 -05:00
branch : ${{ env.BRANCH }}
2023-01-24 12:52:41 -05:00
base : main
2023-01-26 06:13:10 -05:00
title : "docs: add release ${{ env.VERSION }}"
2023-01-24 12:52:41 -05:00
body : |
2023-01-06 05:49:55 -05:00
:robot : *This is an automated PR.* :robot :
2023-01-12 12:13:25 -05:00
2023-01-26 06:13:10 -05:00
The PR is triggered as part of the automated release process of version ${{ env.VERSION }}.
2023-01-12 12:13:25 -05:00
It releases a new version of the documentation.
2023-01-26 06:13:10 -05:00
commit-message : "docs: add release ${{ env.VERSION }}"
2023-01-24 12:52:41 -05:00
committer : edgelessci <edgelessci@users.noreply.github.com>
2023-01-26 09:29:20 -05:00
labels : no changelog
2023-02-27 09:16:07 -05:00
# We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
2023-03-02 12:07:29 -05:00
token : ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}
2023-01-06 05:49:55 -05:00
2023-01-02 06:25:17 -05:00
prepare-release-branch :
name : Prepare release branch
runs-on : ubuntu-22.04
needs : verify-inputs
2023-01-30 10:11:27 -05:00
permissions :
contents : write
2023-01-02 06:25:17 -05:00
env :
BRANCH : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
steps :
2023-01-18 04:15:58 -05:00
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-02 06:25:17 -05:00
with :
ref : ${{ github.head_ref }}
2023-01-18 04:15:58 -05:00
2023-01-02 06:25:17 -05:00
- name : Create release branch
if : inputs.kind == 'minor'
run : |
git fetch
git pull
git checkout "${BRANCH}" || git checkout -B "${BRANCH}"
git push origin "${BRANCH}"
micro-services :
2023-01-30 10:58:49 -05:00
name : Build micro services
runs-on : ubuntu-22.04
needs : [ verify-inputs, prepare-release-branch]
2023-02-27 04:49:52 -05:00
permissions :
contents : read
packages : write
2023-01-30 10:58:49 -05:00
strategy :
matrix :
koTarget :
2023-02-03 12:15:40 -05:00
[
./joinservice/cmd,
./keyservice/cmd,
./verify/cmd,
./operators/constellation-node-operator,
]
2023-01-30 10:58:49 -05:00
include :
- koTarget : ./joinservice/cmd
name : join-service
- koTarget : ./keyservice/cmd
name : key-service
- koTarget : ./verify/cmd
name : verification-service
- koTarget : ./operators/constellation-node-operator
name : node-operator
steps :
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-30 10:58:49 -05:00
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name : Build ${{ matrix.name }} micro service
uses : ./.github/actions/build_micro_service_ko
with :
koTarget : ${{ matrix.koTarget }}
name : ${{ matrix.name }}
pushTag : ${{ inputs.version }}
githubToken : ${{ secrets.GITHUB_TOKEN }}
cosignPublicKey : ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey : ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword : ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
micro-services-metadata :
2023-02-02 08:40:05 -05:00
name : Build docker images
runs-on : ubuntu-22.04
2023-01-02 06:25:17 -05:00
needs : [ verify-inputs, prepare-release-branch]
2023-01-30 10:11:27 -05:00
permissions :
contents : read
packages : write
2023-02-02 08:40:05 -05:00
strategy :
matrix :
2023-02-03 12:15:40 -05:00
appName : [ qemu-metadata-api, libvirt]
2023-02-02 08:40:05 -05:00
include :
- appName : qemu-metadata-api
dockerfile : ./hack/qemu-metadata-api/Dockerfile
- appName : libvirt
dockerfile : ./cli/internal/libvirt/Dockerfile
steps :
2023-02-27 04:49:52 -05:00
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-02-27 04:49:52 -05:00
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
2023-02-02 08:40:05 -05:00
- name : Build docker image
uses : ./.github/actions/build_micro_service
with :
name : ${{ matrix.appName }}
pushTag : ${{ inputs.version }}
projectVersion : ${{ needs.verify-inputs.outputs.WITHOUT_V }}
dockerfile : ${{ matrix.dockerfile }}
githubToken : ${{ secrets.GITHUB_TOKEN }}
cosignPublicKey : ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
cosignPrivateKey : ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
cosignPassword : ${{ startsWith(github.ref, 'refs/heads/release/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
2023-01-02 06:25:17 -05:00
update-versions :
2023-01-05 08:36:30 -05:00
name : Update container image versions
2023-01-30 10:58:49 -05:00
needs : [ verify-inputs, micro-services]
2023-01-02 06:25:17 -05:00
runs-on : ubuntu-22.04
2023-01-30 10:11:27 -05:00
permissions :
contents : write
2023-02-27 04:49:52 -05:00
packages : read
2023-01-02 06:25:17 -05:00
env :
VERSION : ${{ inputs.version }}
WITHOUT_V : ${{ needs.verify-inputs.outputs.WITHOUT_V }}
steps :
2023-01-18 04:15:58 -05:00
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-02 06:25:17 -05:00
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name : Install crane
uses : ./.github/actions/setup_crane
- name : Update enterprise image version
run : |
sed -i "s/defaultImage = \"v[0-9]\+\.[0-9]\+\.[0-9]\+\"/defaultImage = \"${VERSION}\"/" internal/config/images_enterprise.go
git add internal/config/images_enterprise.go
- name : Update CMakeLists.txt
run : |
sed -i "s/project(constellation LANGUAGES C VERSION [0-9]\+\.[0-9]\+\.[0-9]\+)/project(constellation LANGUAGES C VERSION ${WITHOUT_V})/" CMakeLists.txt
git add CMakeLists.txt
- name : Update micro service versions
run : |
2023-01-20 12:51:06 -05:00
for service in node-operator join-service key-service verification-service qemu-metadata-api; do
2023-01-02 06:25:17 -05:00
name=ghcr.io/edgelesssys/constellation/${service}
digest=$(crane digest "${name}:${VERSION}")
sed -i "s#\"${name}:v[0-9]\+\.[0-9]\+\.[0-9]\+[^@]*@sha256:[0-9a-f]\+\"#\"${name}:${VERSION}@${digest}\"#" internal/versions/versions.go
done
git add internal/versions/versions.go
- name : Commit
run : |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git commit -m "deps: update version to ${VERSION}"
git push
os-image :
2023-01-05 08:36:30 -05:00
name : Build OS image
2023-01-02 06:25:17 -05:00
needs : [ verify-inputs, update-versions]
uses : ./.github/workflows/build-os-image.yml
2023-01-30 10:11:27 -05:00
permissions :
id-token : write
contents : read
packages : read
2023-01-02 06:25:17 -05:00
secrets : inherit
with :
imageVersion : ${{ inputs.version }}
isRelease : true
stream : "stable"
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
2023-01-05 08:36:30 -05:00
update-hardcoded-measurements :
name : Update hardcoded measurements (in the CLI)
2023-02-27 04:49:52 -05:00
needs : [ verify-inputs, os-image]
2023-01-30 10:11:27 -05:00
permissions :
contents : write
2023-01-05 08:36:30 -05:00
runs-on : ubuntu-22.04
env :
VERSION : ${{ inputs.version }}
WITHOUT_V : ${{ needs.verify-inputs.outputs.WITHOUT_V }}
steps :
2023-01-18 04:15:58 -05:00
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-05 08:36:30 -05:00
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name : Setup Go environment
uses : actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with :
2023-03-08 04:05:36 -05:00
go-version : "1.20.2"
2023-01-05 08:36:30 -05:00
cache : true
- name : Build generateMeasurements tool
working-directory : internal/attestation/measurements/measurement-generator
run : go build -o generate -tags=enterprise .
- name : Update hardcoded measurements
working-directory : internal/attestation/measurements
run : |
./measurement-generator/generate
git add measurements_enterprise.go
- name : Commit
run : |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git commit -m "attestation: hardcode measurements for ${VERSION}"
git push
2023-01-06 05:49:55 -05:00
e2e-tests :
name : Run E2E tests
needs : [ verify-inputs, update-hardcoded-measurements]
secrets : inherit
strategy :
matrix :
runner : [ ubuntu-22.04, macos-12]
csp : [ aws, azure, gcp]
uses : ./.github/workflows/e2e-test-manual.yml
2023-01-30 10:11:27 -05:00
permissions :
id-token : write
contents : read
2023-01-06 05:49:55 -05:00
with :
workerNodesCount : 2
controlNodesCount : 3
cloudProvider : ${{ matrix.csp }}
runner : ${{ matrix.runner }}
test : "sonobuoy full"
2023-02-27 04:27:06 -05:00
kubernetesVersion : "v1.25"
2023-01-06 05:49:55 -05:00
keepMeasurements : true
osImage : ${{ inputs.version }}
machineType : "default"
git-ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
e2e-mini :
name : Run E2E tests for mini Constellation
needs : [ verify-inputs, update-hardcoded-measurements]
uses : ./.github/workflows/e2e-mini.yml
2023-01-30 10:11:27 -05:00
permissions :
id-token : write
contents : read
2023-01-06 05:49:55 -05:00
secrets : inherit
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
tag-release :
name : Tag release
needs : [ verify-inputs, e2e-tests, e2e-mini]
runs-on : ubuntu-22.04
2023-01-30 10:11:27 -05:00
permissions :
contents : write
2023-01-06 05:49:55 -05:00
env :
VERSION : ${{ inputs.version }}
steps :
2023-01-18 04:15:58 -05:00
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-06 05:49:55 -05:00
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name : Tag release
run : |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git tag -a "${VERSION}" -m "Release ${VERSION}"
git push origin "refs/tags/${VERSION}"
draft-release-cli :
name : Draft release (CLI)
needs : [ verify-inputs, tag-release]
uses : ./.github/workflows/release-cli.yml
2023-01-30 10:11:27 -05:00
permissions :
actions : read
contents : write
id-token : write
2023-01-06 05:49:55 -05:00
secrets : inherit
with :
ref : "refs/tags/${{ inputs.version }}"
pr-get-changes-back-into-main :
name : PR to Merge changes from release branch into main
if : inputs.kind == 'minor'
runs-on : ubuntu-22.04
2023-01-30 10:11:27 -05:00
permissions :
contents : write
2023-01-06 05:49:55 -05:00
needs : [ verify-inputs, tag-release]
env :
VERSION : ${{ inputs.version }}
NEW_BRANCH : feat/release/${{ inputs.version }}/changes-to-main
steps :
2023-01-24 12:52:41 -05:00
- name : Checkout
2023-03-22 12:57:47 -04:00
uses : actions/checkout@24cb9080177205b6e8c946b17badbe402adc938f # v3.4.0
2023-01-06 05:49:55 -05:00
with :
ref : ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name : Create branch with changes
run : |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git fetch
git checkout -b "${NEW_BRANCH}"
2023-02-21 05:55:49 -05:00
- name : Update CMakeLists.txt
run : |
sed -i "s/project(constellation LANGUAGES C VERSION [0-9]\+\.[0-9]\+\.[0-9]\+)/project(constellation LANGUAGES C VERSION 0.0.0)/" CMakeLists.txt
git add CMakeLists.txt
git commit -m "deps: set PROJECT_VERSION to prerelease"
2023-01-06 05:49:55 -05:00
git push --set-upstream origin "${NEW_BRANCH}"
2023-01-24 12:52:41 -05:00
- name : Create PR
2023-03-22 12:57:47 -04:00
uses : peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
2023-01-06 05:49:55 -05:00
with :
2023-01-24 12:52:41 -05:00
branch : ${{ env.NEW_BRANCH }}
base : main
2023-01-26 06:13:10 -05:00
title : "release: bring back changes from ${{ env.VERSION }}"
2023-01-24 12:52:41 -05:00
body : |
2023-01-06 05:49:55 -05:00
:robot : *This is an automated PR.* :robot :
2023-01-12 12:13:25 -05:00
2023-01-26 06:13:10 -05:00
This PR is triggered as part of the release process of version ${{ env.VERSION }}.
2023-01-12 12:13:25 -05:00
It brings back changes from the release branch into the main branch.
2023-01-26 06:13:10 -05:00
commit-message : "release: bring back changes from ${{ env.VERSION }}"
2023-01-24 12:52:41 -05:00
committer : edgelessci <edgelessci@users.noreply.github.com>
2023-01-26 09:29:20 -05:00
labels : no changelog
2023-02-27 09:16:07 -05:00
# We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work.
2023-03-02 12:07:29 -05:00
token : ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}