mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-27 08:29:33 -05:00
ci: implement second half of release checklist
This commit is contained in:
parent
49288f5d30
commit
142af75776
13
.github/workflows/e2e-mini.yml
vendored
13
.github/workflows/e2e-mini.yml
vendored
@ -2,6 +2,17 @@ name: e2e test qemu (MiniConstellation)
|
|||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
ref:
|
||||||
|
type: string
|
||||||
|
description: "Git ref to checkout"
|
||||||
|
required: false
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
ref:
|
||||||
|
type: string
|
||||||
|
description: "Git ref to checkout"
|
||||||
|
required: true
|
||||||
|
|
||||||
permissions:
|
permissions:
|
||||||
id-token: write
|
id-token: write
|
||||||
@ -15,6 +26,8 @@ jobs:
|
|||||||
- name: Checkout
|
- name: Checkout
|
||||||
id: checkout
|
id: checkout
|
||||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
|
with:
|
||||||
|
ref: ${{ inputs.ref || github.head_ref }}
|
||||||
|
|
||||||
- name: Azure login OIDC
|
- name: Azure login OIDC
|
||||||
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||||
|
65
.github/workflows/e2e-test-manual.yml
vendored
65
.github/workflows/e2e-test-manual.yml
vendored
@ -63,6 +63,48 @@ on:
|
|||||||
type: string
|
type: string
|
||||||
default: "head"
|
default: "head"
|
||||||
required: false
|
required: false
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
workerNodesCount:
|
||||||
|
description: "Number of worker nodes to spawn."
|
||||||
|
type: number
|
||||||
|
required: true
|
||||||
|
controlNodesCount:
|
||||||
|
description: "Number of control-plane nodes to spawn."
|
||||||
|
type: number
|
||||||
|
required: true
|
||||||
|
cloudProvider:
|
||||||
|
description: "Which cloud provider to use."
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
runner:
|
||||||
|
description: "Architecture of the runner that executes the CLI"
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
test:
|
||||||
|
description: "The test to run."
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
kubernetesVersion:
|
||||||
|
description: "Kubernetes version to create the cluster from."
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
keepMeasurements:
|
||||||
|
description: "Keep measurements embedded in the CLI."
|
||||||
|
type: boolean
|
||||||
|
required: true
|
||||||
|
osImage:
|
||||||
|
description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main."
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
machineType:
|
||||||
|
description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider."
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
git-ref:
|
||||||
|
description: "Git ref to checkout."
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
|
||||||
env:
|
env:
|
||||||
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
||||||
@ -93,11 +135,18 @@ jobs:
|
|||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout head
|
||||||
|
if: inputs.git-ref == 'head'
|
||||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
with:
|
with:
|
||||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||||
|
|
||||||
|
- name: Checkout ref
|
||||||
|
if: inputs.git-ref != 'head'
|
||||||
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
|
with:
|
||||||
|
ref: ${{ inputs.git-ref }}
|
||||||
|
|
||||||
- name: Find latest image
|
- name: Find latest image
|
||||||
id: find-latest-image
|
id: find-latest-image
|
||||||
if: steps.check-input.outputs.image == ''
|
if: steps.check-input.outputs.image == ''
|
||||||
@ -218,16 +267,16 @@ jobs:
|
|||||||
id: e2e_test
|
id: e2e_test
|
||||||
uses: ./.github/actions/e2e_test
|
uses: ./.github/actions/e2e_test
|
||||||
with:
|
with:
|
||||||
workerNodesCount: ${{ github.event.inputs.workerNodesCount }}
|
workerNodesCount: ${{ inputs.workerNodesCount }}
|
||||||
controlNodesCount: ${{ github.event.inputs.controlNodesCount }}
|
controlNodesCount: ${{ inputs.controlNodesCount }}
|
||||||
cloudProvider: ${{ github.event.inputs.cloudProvider }}
|
cloudProvider: ${{ inputs.cloudProvider }}
|
||||||
machineType: ${{ github.event.inputs.machineType }}
|
machineType: ${{ inputs.machineType }}
|
||||||
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
|
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
|
||||||
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
|
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
|
||||||
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
||||||
test: ${{ github.event.inputs.test }}
|
test: ${{ inputs.test }}
|
||||||
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
|
kubernetesVersion: ${{ inputs.kubernetesVersion }}
|
||||||
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
|
keepMeasurements: ${{ inputs.keepMeasurements }}
|
||||||
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
|
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
|
||||||
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
|
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
|
||||||
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
||||||
|
17
.github/workflows/release-cli.yml
vendored
17
.github/workflows/release-cli.yml
vendored
@ -2,6 +2,17 @@ name: Build CLI and prepare release
|
|||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
inputs:
|
||||||
|
ref:
|
||||||
|
type: string
|
||||||
|
description: "Git ref to checkout"
|
||||||
|
required: false
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
ref:
|
||||||
|
type: string
|
||||||
|
description: "Git ref to checkout"
|
||||||
|
required: true
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-cli:
|
build-cli:
|
||||||
@ -16,7 +27,7 @@ jobs:
|
|||||||
id: checkout
|
id: checkout
|
||||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
with:
|
with:
|
||||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
ref: ${{ inputs.ref || github.head_ref }}
|
||||||
- name: Setup Go environment
|
- name: Setup Go environment
|
||||||
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
||||||
with:
|
with:
|
||||||
@ -85,7 +96,7 @@ jobs:
|
|||||||
id: checkout
|
id: checkout
|
||||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
with:
|
with:
|
||||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
ref: ${{ inputs.ref || github.head_ref }}
|
||||||
- name: Download syft & grype
|
- name: Download syft & grype
|
||||||
run: |
|
run: |
|
||||||
SYFT_VERSION=0.62.1
|
SYFT_VERSION=0.62.1
|
||||||
@ -190,7 +201,7 @@ jobs:
|
|||||||
|
|
||||||
release:
|
release:
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
if: startsWith(github.ref, 'refs/tags/v')
|
if: startsWith(inputs.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/v')
|
||||||
needs:
|
needs:
|
||||||
- build-cli
|
- build-cli
|
||||||
- provenance
|
- provenance
|
||||||
|
128
.github/workflows/release.yml
vendored
128
.github/workflows/release.yml
vendored
@ -54,6 +54,47 @@ jobs:
|
|||||||
echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}"
|
echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}"
|
||||||
} | tee "$GITHUB_OUTPUT"
|
} | tee "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
|
docs:
|
||||||
|
name: Create docs release
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
if: inputs.kind == 'minor'
|
||||||
|
needs: verify-inputs
|
||||||
|
env:
|
||||||
|
VERSION: ${{ inputs.version }}
|
||||||
|
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||||
|
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
|
with:
|
||||||
|
ref: ${{ github.head_ref }}
|
||||||
|
- name: Create docs branch
|
||||||
|
run: |
|
||||||
|
git fetch
|
||||||
|
git pull
|
||||||
|
git checkout "${BRANCH}" || git checkout -B "${BRANCH}"
|
||||||
|
- name: Create docs release
|
||||||
|
working-directory: docs
|
||||||
|
run: |
|
||||||
|
npm install
|
||||||
|
npm run docusaurus docs:version "${MAJOR_MINOR}"
|
||||||
|
- name: Commit
|
||||||
|
run: |
|
||||||
|
git config --global user.name "release[bot]"
|
||||||
|
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||||
|
git add docs
|
||||||
|
git commit -m "docs: generate docs for ${VERSION}"
|
||||||
|
git push --set-upstream origin "${BRANCH}"
|
||||||
|
- name: Create docs pull request
|
||||||
|
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
|
||||||
|
with:
|
||||||
|
source_branch: ${{env.BRANCH}}
|
||||||
|
destination_branch: "main"
|
||||||
|
pr_title: "docs: add release ${VERSION}"
|
||||||
|
pr_body: |
|
||||||
|
:robot: *This is an automated PR.* :robot:
|
||||||
|
pr_label: "no-changelog"
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
prepare-release-branch:
|
prepare-release-branch:
|
||||||
name: Prepare release branch
|
name: Prepare release branch
|
||||||
runs-on: ubuntu-22.04
|
runs-on: ubuntu-22.04
|
||||||
@ -213,3 +254,90 @@ jobs:
|
|||||||
git config --global user.email "release[bot]@users.noreply.github.com"
|
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||||
git commit -m "attestation: hardcode measurements for ${VERSION}"
|
git commit -m "attestation: hardcode measurements for ${VERSION}"
|
||||||
git push
|
git push
|
||||||
|
|
||||||
|
e2e-tests:
|
||||||
|
name: Run E2E tests
|
||||||
|
needs: [verify-inputs, update-hardcoded-measurements]
|
||||||
|
secrets: inherit
|
||||||
|
strategy:
|
||||||
|
matrix:
|
||||||
|
runner: [ubuntu-22.04, macos-12]
|
||||||
|
csp: [aws, azure, gcp]
|
||||||
|
uses: ./.github/workflows/e2e-test-manual.yml
|
||||||
|
with:
|
||||||
|
workerNodesCount: 2
|
||||||
|
controlNodesCount: 3
|
||||||
|
cloudProvider: ${{ matrix.csp }}
|
||||||
|
runner: ${{ matrix.runner }}
|
||||||
|
test: "sonobuoy full"
|
||||||
|
kubernetesVersion: "1.25"
|
||||||
|
keepMeasurements: true
|
||||||
|
osImage: ${{ inputs.version }}
|
||||||
|
machineType: "default"
|
||||||
|
git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||||
|
|
||||||
|
e2e-mini:
|
||||||
|
name: Run E2E tests for mini Constellation
|
||||||
|
needs: [verify-inputs, update-hardcoded-measurements]
|
||||||
|
uses: ./.github/workflows/e2e-mini.yml
|
||||||
|
secrets: inherit
|
||||||
|
with:
|
||||||
|
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||||
|
|
||||||
|
tag-release:
|
||||||
|
name: Tag release
|
||||||
|
needs: [verify-inputs, e2e-tests, e2e-mini]
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
env:
|
||||||
|
VERSION: ${{ inputs.version }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
|
with:
|
||||||
|
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||||
|
|
||||||
|
- name: Tag release
|
||||||
|
run: |
|
||||||
|
git config --global user.name "release[bot]"
|
||||||
|
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||||
|
git tag -a "${VERSION}" -m "Release ${VERSION}"
|
||||||
|
git push origin "refs/tags/${VERSION}"
|
||||||
|
|
||||||
|
draft-release-cli:
|
||||||
|
name: Draft release (CLI)
|
||||||
|
needs: [verify-inputs, tag-release]
|
||||||
|
uses: ./.github/workflows/release-cli.yml
|
||||||
|
secrets: inherit
|
||||||
|
with:
|
||||||
|
ref: "refs/tags/${{ inputs.version }}"
|
||||||
|
|
||||||
|
pr-get-changes-back-into-main:
|
||||||
|
name: PR to Merge changes from release branch into main
|
||||||
|
if: inputs.kind == 'minor'
|
||||||
|
runs-on: ubuntu-22.04
|
||||||
|
needs: [verify-inputs, tag-release]
|
||||||
|
env:
|
||||||
|
VERSION: ${{ inputs.version }}
|
||||||
|
NEW_BRANCH: feat/release/${{ inputs.version }}/changes-to-main
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||||
|
with:
|
||||||
|
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||||
|
|
||||||
|
- name: Create branch with changes
|
||||||
|
run: |
|
||||||
|
git config --global user.name "release[bot]"
|
||||||
|
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||||
|
git fetch
|
||||||
|
git checkout -b "${NEW_BRANCH}"
|
||||||
|
git push --set-upstream origin "${NEW_BRANCH}"
|
||||||
|
|
||||||
|
- name: Create pull request
|
||||||
|
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
|
||||||
|
with:
|
||||||
|
source_branch: ${{ env.NEW_BRANCH }}
|
||||||
|
destination_branch: "main"
|
||||||
|
pr_title: "release: bring back changes from ${VERSION}"
|
||||||
|
pr_body: |
|
||||||
|
:robot: *This is an automated PR.* :robot:
|
||||||
|
pr_label: "no-changelog"
|
||||||
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
Loading…
Reference in New Issue
Block a user