ci: implement second half of release checklist

This commit is contained in:
Malte Poll 2023-01-06 11:49:55 +01:00 committed by Malte Poll
parent 49288f5d30
commit 142af75776
4 changed files with 212 additions and 11 deletions

View File

@ -2,6 +2,17 @@ name: e2e test qemu (MiniConstellation)
on: on:
workflow_dispatch: workflow_dispatch:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: false
workflow_call:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: true
permissions: permissions:
id-token: write id-token: write
@ -15,6 +26,8 @@ jobs:
- name: Checkout - name: Checkout
id: checkout id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.ref || github.head_ref }}
- name: Azure login OIDC - name: Azure login OIDC
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7

View File

@ -63,6 +63,48 @@ on:
type: string type: string
default: "head" default: "head"
required: false required: false
workflow_call:
inputs:
workerNodesCount:
description: "Number of worker nodes to spawn."
type: number
required: true
controlNodesCount:
description: "Number of control-plane nodes to spawn."
type: number
required: true
cloudProvider:
description: "Which cloud provider to use."
type: string
required: true
runner:
description: "Architecture of the runner that executes the CLI"
type: string
required: true
test:
description: "The test to run."
type: string
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
type: string
required: true
keepMeasurements:
description: "Keep measurements embedded in the CLI."
type: boolean
required: true
osImage:
description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main."
type: string
required: true
machineType:
description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider."
type: string
required: true
git-ref:
description: "Git ref to checkout."
type: string
required: true
env: env:
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }} ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
@ -93,11 +135,18 @@ jobs:
exit 0 exit 0
fi fi
- name: Checkout - name: Checkout head
if: inputs.git-ref == 'head'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.git-ref != 'head'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.git-ref }}
- name: Find latest image - name: Find latest image
id: find-latest-image id: find-latest-image
if: steps.check-input.outputs.image == '' if: steps.check-input.outputs.image == ''
@ -218,16 +267,16 @@ jobs:
id: e2e_test id: e2e_test
uses: ./.github/actions/e2e_test uses: ./.github/actions/e2e_test
with: with:
workerNodesCount: ${{ github.event.inputs.workerNodesCount }} workerNodesCount: ${{ inputs.workerNodesCount }}
controlNodesCount: ${{ github.event.inputs.controlNodesCount }} controlNodesCount: ${{ inputs.controlNodesCount }}
cloudProvider: ${{ github.event.inputs.cloudProvider }} cloudProvider: ${{ inputs.cloudProvider }}
machineType: ${{ github.event.inputs.machineType }} machineType: ${{ inputs.machineType }}
gcpProject: ${{ secrets.GCP_E2E_PROJECT }} gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
test: ${{ github.event.inputs.test }} test: ${{ inputs.test }}
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} kubernetesVersion: ${{ inputs.kubernetesVersion }}
keepMeasurements: ${{ github.event.inputs.keepMeasurements }} keepMeasurements: ${{ inputs.keepMeasurements }}
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }} azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }} azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }} azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}

View File

@ -2,6 +2,17 @@ name: Build CLI and prepare release
on: on:
workflow_dispatch: workflow_dispatch:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: false
workflow_call:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: true
jobs: jobs:
build-cli: build-cli:
@ -16,7 +27,7 @@ jobs:
id: checkout id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ inputs.ref || github.head_ref }}
- name: Setup Go environment - name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with: with:
@ -85,7 +96,7 @@ jobs:
id: checkout id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with: with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} ref: ${{ inputs.ref || github.head_ref }}
- name: Download syft & grype - name: Download syft & grype
run: | run: |
SYFT_VERSION=0.62.1 SYFT_VERSION=0.62.1
@ -190,7 +201,7 @@ jobs:
release: release:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
if: startsWith(github.ref, 'refs/tags/v') if: startsWith(inputs.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/v')
needs: needs:
- build-cli - build-cli
- provenance - provenance

View File

@ -54,6 +54,47 @@ jobs:
echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}" echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}"
} | tee "$GITHUB_OUTPUT" } | tee "$GITHUB_OUTPUT"
docs:
name: Create docs release
runs-on: ubuntu-22.04
if: inputs.kind == 'minor'
needs: verify-inputs
env:
VERSION: ${{ inputs.version }}
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ github.head_ref }}
- name: Create docs branch
run: |
git fetch
git pull
git checkout "${BRANCH}" || git checkout -B "${BRANCH}"
- name: Create docs release
working-directory: docs
run: |
npm install
npm run docusaurus docs:version "${MAJOR_MINOR}"
- name: Commit
run: |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git add docs
git commit -m "docs: generate docs for ${VERSION}"
git push --set-upstream origin "${BRANCH}"
- name: Create docs pull request
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
with:
source_branch: ${{env.BRANCH}}
destination_branch: "main"
pr_title: "docs: add release ${VERSION}"
pr_body: |
:robot: *This is an automated PR.* :robot:
pr_label: "no-changelog"
github_token: ${{ secrets.GITHUB_TOKEN }}
prepare-release-branch: prepare-release-branch:
name: Prepare release branch name: Prepare release branch
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -213,3 +254,90 @@ jobs:
git config --global user.email "release[bot]@users.noreply.github.com" git config --global user.email "release[bot]@users.noreply.github.com"
git commit -m "attestation: hardcode measurements for ${VERSION}" git commit -m "attestation: hardcode measurements for ${VERSION}"
git push git push
e2e-tests:
name: Run E2E tests
needs: [verify-inputs, update-hardcoded-measurements]
secrets: inherit
strategy:
matrix:
runner: [ubuntu-22.04, macos-12]
csp: [aws, azure, gcp]
uses: ./.github/workflows/e2e-test-manual.yml
with:
workerNodesCount: 2
controlNodesCount: 3
cloudProvider: ${{ matrix.csp }}
runner: ${{ matrix.runner }}
test: "sonobuoy full"
kubernetesVersion: "1.25"
keepMeasurements: true
osImage: ${{ inputs.version }}
machineType: "default"
git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
e2e-mini:
name: Run E2E tests for mini Constellation
needs: [verify-inputs, update-hardcoded-measurements]
uses: ./.github/workflows/e2e-mini.yml
secrets: inherit
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
tag-release:
name: Tag release
needs: [verify-inputs, e2e-tests, e2e-mini]
runs-on: ubuntu-22.04
env:
VERSION: ${{ inputs.version }}
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Tag release
run: |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git tag -a "${VERSION}" -m "Release ${VERSION}"
git push origin "refs/tags/${VERSION}"
draft-release-cli:
name: Draft release (CLI)
needs: [verify-inputs, tag-release]
uses: ./.github/workflows/release-cli.yml
secrets: inherit
with:
ref: "refs/tags/${{ inputs.version }}"
pr-get-changes-back-into-main:
name: PR to Merge changes from release branch into main
if: inputs.kind == 'minor'
runs-on: ubuntu-22.04
needs: [verify-inputs, tag-release]
env:
VERSION: ${{ inputs.version }}
NEW_BRANCH: feat/release/${{ inputs.version }}/changes-to-main
steps:
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Create branch with changes
run: |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git fetch
git checkout -b "${NEW_BRANCH}"
git push --set-upstream origin "${NEW_BRANCH}"
- name: Create pull request
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
with:
source_branch: ${{ env.NEW_BRANCH }}
destination_branch: "main"
pr_title: "release: bring back changes from ${VERSION}"
pr_body: |
:robot: *This is an automated PR.* :robot:
pr_label: "no-changelog"
github_token: ${{ secrets.GITHUB_TOKEN }}