mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-13 16:39:29 -05:00
ci: implement second half of release checklist
This commit is contained in:
parent
49288f5d30
commit
142af75776
13
.github/workflows/e2e-mini.yml
vendored
13
.github/workflows/e2e-mini.yml
vendored
@ -2,6 +2,17 @@ name: e2e test qemu (MiniConstellation)
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
ref:
|
||||
type: string
|
||||
description: "Git ref to checkout"
|
||||
required: false
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
type: string
|
||||
description: "Git ref to checkout"
|
||||
required: true
|
||||
|
||||
permissions:
|
||||
id-token: write
|
||||
@ -15,6 +26,8 @@ jobs:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
- name: Azure login OIDC
|
||||
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7
|
||||
|
65
.github/workflows/e2e-test-manual.yml
vendored
65
.github/workflows/e2e-test-manual.yml
vendored
@ -63,6 +63,48 @@ on:
|
||||
type: string
|
||||
default: "head"
|
||||
required: false
|
||||
workflow_call:
|
||||
inputs:
|
||||
workerNodesCount:
|
||||
description: "Number of worker nodes to spawn."
|
||||
type: number
|
||||
required: true
|
||||
controlNodesCount:
|
||||
description: "Number of control-plane nodes to spawn."
|
||||
type: number
|
||||
required: true
|
||||
cloudProvider:
|
||||
description: "Which cloud provider to use."
|
||||
type: string
|
||||
required: true
|
||||
runner:
|
||||
description: "Architecture of the runner that executes the CLI"
|
||||
type: string
|
||||
required: true
|
||||
test:
|
||||
description: "The test to run."
|
||||
type: string
|
||||
required: true
|
||||
kubernetesVersion:
|
||||
description: "Kubernetes version to create the cluster from."
|
||||
type: string
|
||||
required: true
|
||||
keepMeasurements:
|
||||
description: "Keep measurements embedded in the CLI."
|
||||
type: boolean
|
||||
required: true
|
||||
osImage:
|
||||
description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main."
|
||||
type: string
|
||||
required: true
|
||||
machineType:
|
||||
description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider."
|
||||
type: string
|
||||
required: true
|
||||
git-ref:
|
||||
description: "Git ref to checkout."
|
||||
type: string
|
||||
required: true
|
||||
|
||||
env:
|
||||
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
||||
@ -93,11 +135,18 @@ jobs:
|
||||
exit 0
|
||||
fi
|
||||
|
||||
- name: Checkout
|
||||
- name: Checkout head
|
||||
if: inputs.git-ref == 'head'
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.git-ref != 'head'
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
- name: Find latest image
|
||||
id: find-latest-image
|
||||
if: steps.check-input.outputs.image == ''
|
||||
@ -218,16 +267,16 @@ jobs:
|
||||
id: e2e_test
|
||||
uses: ./.github/actions/e2e_test
|
||||
with:
|
||||
workerNodesCount: ${{ github.event.inputs.workerNodesCount }}
|
||||
controlNodesCount: ${{ github.event.inputs.controlNodesCount }}
|
||||
cloudProvider: ${{ github.event.inputs.cloudProvider }}
|
||||
machineType: ${{ github.event.inputs.machineType }}
|
||||
workerNodesCount: ${{ inputs.workerNodesCount }}
|
||||
controlNodesCount: ${{ inputs.controlNodesCount }}
|
||||
cloudProvider: ${{ inputs.cloudProvider }}
|
||||
machineType: ${{ inputs.machineType }}
|
||||
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
|
||||
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
|
||||
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
|
||||
test: ${{ github.event.inputs.test }}
|
||||
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
|
||||
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
|
||||
test: ${{ inputs.test }}
|
||||
kubernetesVersion: ${{ inputs.kubernetesVersion }}
|
||||
keepMeasurements: ${{ inputs.keepMeasurements }}
|
||||
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
|
||||
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
|
||||
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
|
||||
|
17
.github/workflows/release-cli.yml
vendored
17
.github/workflows/release-cli.yml
vendored
@ -2,6 +2,17 @@ name: Build CLI and prepare release
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
ref:
|
||||
type: string
|
||||
description: "Git ref to checkout"
|
||||
required: false
|
||||
workflow_call:
|
||||
inputs:
|
||||
ref:
|
||||
type: string
|
||||
description: "Git ref to checkout"
|
||||
required: true
|
||||
|
||||
jobs:
|
||||
build-cli:
|
||||
@ -16,7 +27,7 @@ jobs:
|
||||
id: checkout
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
|
||||
with:
|
||||
@ -85,7 +96,7 @@ jobs:
|
||||
id: checkout
|
||||
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
- name: Download syft & grype
|
||||
run: |
|
||||
SYFT_VERSION=0.62.1
|
||||
@ -190,7 +201,7 @@ jobs:
|
||||
|
||||
release:
|
||||
runs-on: ubuntu-22.04
|
||||
if: startsWith(github.ref, 'refs/tags/v')
|
||||
if: startsWith(inputs.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/v')
|
||||
needs:
|
||||
- build-cli
|
||||
- provenance
|
||||
|
128
.github/workflows/release.yml
vendored
128
.github/workflows/release.yml
vendored
@ -54,6 +54,47 @@ jobs:
|
||||
echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}"
|
||||
} | tee "$GITHUB_OUTPUT"
|
||||
|
||||
docs:
|
||||
name: Create docs release
|
||||
runs-on: ubuntu-22.04
|
||||
if: inputs.kind == 'minor'
|
||||
needs: verify-inputs
|
||||
env:
|
||||
VERSION: ${{ inputs.version }}
|
||||
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||
steps:
|
||||
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
- name: Create docs branch
|
||||
run: |
|
||||
git fetch
|
||||
git pull
|
||||
git checkout "${BRANCH}" || git checkout -B "${BRANCH}"
|
||||
- name: Create docs release
|
||||
working-directory: docs
|
||||
run: |
|
||||
npm install
|
||||
npm run docusaurus docs:version "${MAJOR_MINOR}"
|
||||
- name: Commit
|
||||
run: |
|
||||
git config --global user.name "release[bot]"
|
||||
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||
git add docs
|
||||
git commit -m "docs: generate docs for ${VERSION}"
|
||||
git push --set-upstream origin "${BRANCH}"
|
||||
- name: Create docs pull request
|
||||
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
|
||||
with:
|
||||
source_branch: ${{env.BRANCH}}
|
||||
destination_branch: "main"
|
||||
pr_title: "docs: add release ${VERSION}"
|
||||
pr_body: |
|
||||
:robot: *This is an automated PR.* :robot:
|
||||
pr_label: "no-changelog"
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
prepare-release-branch:
|
||||
name: Prepare release branch
|
||||
runs-on: ubuntu-22.04
|
||||
@ -213,3 +254,90 @@ jobs:
|
||||
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||
git commit -m "attestation: hardcode measurements for ${VERSION}"
|
||||
git push
|
||||
|
||||
e2e-tests:
|
||||
name: Run E2E tests
|
||||
needs: [verify-inputs, update-hardcoded-measurements]
|
||||
secrets: inherit
|
||||
strategy:
|
||||
matrix:
|
||||
runner: [ubuntu-22.04, macos-12]
|
||||
csp: [aws, azure, gcp]
|
||||
uses: ./.github/workflows/e2e-test-manual.yml
|
||||
with:
|
||||
workerNodesCount: 2
|
||||
controlNodesCount: 3
|
||||
cloudProvider: ${{ matrix.csp }}
|
||||
runner: ${{ matrix.runner }}
|
||||
test: "sonobuoy full"
|
||||
kubernetesVersion: "1.25"
|
||||
keepMeasurements: true
|
||||
osImage: ${{ inputs.version }}
|
||||
machineType: "default"
|
||||
git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||
|
||||
e2e-mini:
|
||||
name: Run E2E tests for mini Constellation
|
||||
needs: [verify-inputs, update-hardcoded-measurements]
|
||||
uses: ./.github/workflows/e2e-mini.yml
|
||||
secrets: inherit
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||
|
||||
tag-release:
|
||||
name: Tag release
|
||||
needs: [verify-inputs, e2e-tests, e2e-mini]
|
||||
runs-on: ubuntu-22.04
|
||||
env:
|
||||
VERSION: ${{ inputs.version }}
|
||||
steps:
|
||||
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||
|
||||
- name: Tag release
|
||||
run: |
|
||||
git config --global user.name "release[bot]"
|
||||
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||
git tag -a "${VERSION}" -m "Release ${VERSION}"
|
||||
git push origin "refs/tags/${VERSION}"
|
||||
|
||||
draft-release-cli:
|
||||
name: Draft release (CLI)
|
||||
needs: [verify-inputs, tag-release]
|
||||
uses: ./.github/workflows/release-cli.yml
|
||||
secrets: inherit
|
||||
with:
|
||||
ref: "refs/tags/${{ inputs.version }}"
|
||||
|
||||
pr-get-changes-back-into-main:
|
||||
name: PR to Merge changes from release branch into main
|
||||
if: inputs.kind == 'minor'
|
||||
runs-on: ubuntu-22.04
|
||||
needs: [verify-inputs, tag-release]
|
||||
env:
|
||||
VERSION: ${{ inputs.version }}
|
||||
NEW_BRANCH: feat/release/${{ inputs.version }}/changes-to-main
|
||||
steps:
|
||||
- uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
|
||||
|
||||
- name: Create branch with changes
|
||||
run: |
|
||||
git config --global user.name "release[bot]"
|
||||
git config --global user.email "release[bot]@users.noreply.github.com"
|
||||
git fetch
|
||||
git checkout -b "${NEW_BRANCH}"
|
||||
git push --set-upstream origin "${NEW_BRANCH}"
|
||||
|
||||
- name: Create pull request
|
||||
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
|
||||
with:
|
||||
source_branch: ${{ env.NEW_BRANCH }}
|
||||
destination_branch: "main"
|
||||
pr_title: "release: bring back changes from ${VERSION}"
|
||||
pr_body: |
|
||||
:robot: *This is an automated PR.* :robot:
|
||||
pr_label: "no-changelog"
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
Loading…
Reference in New Issue
Block a user