Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-20 07:25:51 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: Implement second half of release checklist

Browse Source
This commit is contained in:
Malte Poll 2023-01-06 11:49:55 +01:00
parent 5a6efa878d
commit 16c9afd2d3
5 changed files with 309 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/e2e-mini.yml vendored
View File

@ -2,6 +2,17 @@ name: e2e test qemu (MiniConstellation)
on:
workflow_dispatch:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: false
workflow_call:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: true
permissions:
id-token: write
@ -15,6 +26,8 @@ jobs:
- name: Checkout
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.ref || github.head_ref }}
- name: Azure login OIDC
uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7

92
.github/workflows/e2e-test-manual-macos.yml vendored
View File

@ -55,6 +55,53 @@ on:
type: string
default: "default"
required: false
git-ref:
description: "Git ref to checkout."
type: string
default: "head"
required: false
workflow_call:
inputs:
workerNodesCount:
description: "Number of worker nodes to spawn."
type: number
required: true
controlNodesCount:
description: "Number of control-plane nodes to spawn."
type: number
required: true
cloudProvider:
description: "Which cloud provider to use."
type: string
required: true
test:
description: "The test to run."
type: string
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
type: string
required: true
keepMeasurements:
description: "Keep measurements embedded in the CLI."
type: boolean
required: true
osImage:
description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main."
type: string
required: true
isDebugImage:
description: "Is OS image a debug image?"
type: boolean
required: true
machineType:
description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider."
type: string
required: true
git-ref:
description: "Git ref to checkout."
type: string
required: true
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
@ -66,7 +113,7 @@ jobs:
build-bootstrapper-linux:
name: "Build bootstrapper (debug image)"
runs-on: ubuntu-22.04
if: ${{ github.event.inputs.isDebugImage == 'true' }}
if: ${{ inputs.isDebugImage == 'true' }}
steps:
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
@ -75,11 +122,17 @@ jobs:
go-version: "1.19.4"
- name: Check out repository
if: ${{ github.event.steps.check-bootstrapper-cache.cache-hit != 'true'}}
if: inputs.git-ref == 'head' && github.event.steps.check-bootstrapper-cache.cache-hit != 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.git-ref != 'head' && github.event.steps.check-bootstrapper-cache.cache-hit != 'true'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ inputs.git-ref }}
- name: Build bootstrapper
if: ${{ github.event.steps.check-bootstrapper-cache.cache-hit != 'true'}}
uses: ./.github/actions/build_bootstrapper
@ -138,25 +191,32 @@ jobs:
shell: bash
run: brew install coreutils kubectl bash
- name: Check out repository
- name: Checkout head
if: inputs.git-ref == 'head'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.git-ref != 'head'
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
ref: ${{ inputs.git-ref }}
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: "1.19.4"
- name: Login to Azure
if: ${{ github.event.inputs.cloudProvider == 'azure' }}
if: ${{ inputs.cloudProvider == 'azure' }}
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
- name: Create Azure resource group
id: az_resource_group_gen
if: ${{ github.event.inputs.cloudProvider == 'azure' }}
if: ${{ inputs.cloudProvider == 'azure' }}
shell: bash
run: |
uuid=$(uuidgen)
@ -165,23 +225,23 @@ jobs:
echo "res_group_name=$name" >> "$GITHUB_OUTPUT"
- name: Set up gcloud CLI
if: ${{ github.event.inputs.cloudProvider == 'gcp' }}
if: ${{ inputs.cloudProvider == 'gcp' }}
uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1
- name: Run manual E2E test
id: e2e_test
uses: ./.github/actions/e2e_test
with:
workerNodesCount: ${{ github.event.inputs.workerNodesCount }}
controlNodesCount: ${{ github.event.inputs.controlNodesCount }}
cloudProvider: ${{ github.event.inputs.cloudProvider }}
machineType: ${{ github.event.inputs.machineType }}
workerNodesCount: ${{ inputs.workerNodesCount }}
controlNodesCount: ${{ inputs.controlNodesCount }}
cloudProvider: ${{ inputs.cloudProvider }}
machineType: ${{ inputs.machineType }}
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
test: ${{ github.event.inputs.test }}
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
test: ${{ inputs.test }}
kubernetesVersion: ${{ inputs.kubernetesVersion }}
keepMeasurements: ${{ inputs.keepMeasurements }}
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
@ -189,7 +249,7 @@ jobs:
azureUserAssignedIdentity: ${{ secrets.AZURE_E2E_USER_ASSIGNED_IDENTITY }}
azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }}
osImage: ${{ needs.find-latest-image.outputs.image }}
isDebugImage: ${{ github.event.inputs.isDebugImage }}
isDebugImage: ${{ inputs.isDebugImage }}
- name: Always terminate cluster
if: always()
@ -202,7 +262,7 @@ jobs:
if: ${{ failure() && github.ref == 'refs/heads/main' }}
run: |
brew install gettext && brew link --force gettext
export TEAMS_JOB_NAME="${{ github.event.inputs.cloudProvider }} (macOS, manual)"
export TEAMS_JOB_NAME="${{ inputs.cloudProvider }} (macOS, manual)"
export TEAMS_RUN_ID=${{ github.run_id }}
envsubst < teams-payload.json > to-be-send.json
curl \
@ -213,7 +273,7 @@ jobs:
working-directory: .github/actions/e2e_test
- name: Always destroy Azure resource group
if: ${{ always() && github.event.inputs.cloudProvider == 'azure' }}
if: ${{ always() && inputs.cloudProvider == 'azure' }}
shell: bash
run: |
az group delete \

75
.github/workflows/e2e-test-manual.yml vendored
View File

@ -61,6 +61,48 @@ on:
type: string
default: "head"
required: false
workflow_call:
inputs:
workerNodesCount:
description: "Number of worker nodes to spawn."
type: number
required: true
controlNodesCount:
description: "Number of control-plane nodes to spawn."
type: number
required: true
cloudProvider:
description: "Which cloud provider to use."
type: string
required: true
test:
description: "The test to run."
type: string
required: true
kubernetesVersion:
description: "Kubernetes version to create the cluster from."
type: string
required: true
keepMeasurements:
description: "Keep measurements embedded in the CLI."
type: boolean
required: true
osImage:
description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main."
type: string
required: true
isDebugImage:
description: "Is OS image a debug image?"
type: boolean
required: true
machineType:
description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider."
type: string
required: true
git-ref:
description: "Git ref to checkout."
type: string
required: true
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
@ -90,11 +132,18 @@ jobs:
exit 0
fi
- name: Checkout
- name: Checkout head
if: inputs.git-ref == 'head'
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Checkout ref
if: inputs.git-ref != 'head'
uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
with:
ref: ${{ inputs.git-ref }}
- name: Find latest image
id: find-latest-image
if: steps.check-input.outputs.image == ''
@ -127,14 +176,14 @@ jobs:
go-version: "1.19.4"
- name: Login to Azure
if: ${{ github.event.inputs.cloudProvider == 'azure' }}
if: ${{ inputs.cloudProvider == 'azure' }}
uses: ./.github/actions/login_azure
with:
azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }}
- name: Create Azure resource group
id: az_resource_group_gen
if: ${{ github.event.inputs.cloudProvider == 'azure' }}
if: ${{ inputs.cloudProvider == 'azure' }}
shell: bash
run: |
uuid=$(cat /proc/sys/kernel/random/uuid)
@ -146,16 +195,16 @@ jobs:
id: e2e_test
uses: ./.github/actions/e2e_test
with:
workerNodesCount: ${{ github.event.inputs.workerNodesCount }}
controlNodesCount: ${{ github.event.inputs.controlNodesCount }}
cloudProvider: ${{ github.event.inputs.cloudProvider }}
machineType: ${{ github.event.inputs.machineType }}
workerNodesCount: ${{ inputs.workerNodesCount }}
controlNodesCount: ${{ inputs.controlNodesCount }}
cloudProvider: ${{ inputs.cloudProvider }}
machineType: ${{ inputs.machineType }}
gcpProject: ${{ secrets.GCP_E2E_PROJECT }}
gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }}
gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }}
test: ${{ github.event.inputs.test }}
kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }}
keepMeasurements: ${{ github.event.inputs.keepMeasurements }}
test: ${{ inputs.test }}
kubernetesVersion: ${{ inputs.kubernetesVersion }}
keepMeasurements: ${{ inputs.keepMeasurements }}
azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }}
azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }}
azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }}
@ -163,7 +212,7 @@ jobs:
azureUserAssignedIdentity: ${{ secrets.AZURE_E2E_USER_ASSIGNED_IDENTITY }}
azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }}
osImage: ${{ needs.find-latest-image.outputs.image }}
isDebugImage: ${{ github.event.inputs.isDebugImage }}
isDebugImage: ${{ inputs.isDebugImage }}
- name: Always terminate cluster
if: always()
@ -176,7 +225,7 @@ jobs:
if: ${{ failure() && github.ref == 'refs/heads/main' }}
run: |
sudo apt-get install gettext-base -y
export TEAMS_JOB_NAME="${{ github.event.inputs.cloudProvider }} (manual)"
export TEAMS_JOB_NAME="${{ inputs.cloudProvider }} (manual)"
export TEAMS_RUN_ID=${{ github.run_id }}
envsubst < teams-payload.json > to-be-send.json
curl \
@ -187,7 +236,7 @@ jobs:
working-directory: .github/actions/e2e_test
- name: Always destroy Azure resource group
if: ${{ always() && github.event.inputs.cloudProvider == 'azure' }}
if: ${{ always() && inputs.cloudProvider == 'azure' }}
shell: bash
run: |
az group delete \

15
.github/workflows/release-cli.yml vendored
View File

@ -2,6 +2,17 @@ name: Build CLI and prepare release
on:
workflow_dispatch:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: false
workflow_call:
inputs:
ref:
type: string
description: "Git ref to checkout"
required: true
jobs:
build-cli:
@ -16,7 +27,7 @@ jobs:
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
ref: ${{ inputs.ref || github.head_ref }}
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
@ -85,7 +96,7 @@ jobs:
id: checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
ref: ${{ inputs.ref || github.head_ref }}
- name: Download syft & grype
run: |
SYFT_VERSION=0.62.1

145
.github/workflows/release.yml vendored
View File

@ -54,6 +54,46 @@ jobs:
echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}"
} >> "$GITHUB_OUTPUT"
docs:
name: Create docs release
runs-on: ubuntu-22.04
if: inputs.kind == 'minor'
needs: verify-inputs
env:
VERSION: ${{ inputs.version }}
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
with:
ref: ${{ github.head_ref }}
- name: Create docs branch
run: |
git fetch
git pull
git checkout "${BRANCH}" || git checkout -B "${BRANCH}"
- name: Create docs release
working-directory: docs
run: |
npm install
npm run docusaurus docs:version "${MAJOR_MINOR}"
- name: Commit
run: |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git add docs
git commit -m "Generate docs for ${VERSION}"
git push --set-upstream origin "${BRANCH}"
- name: Create docs pull request
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
with:
source_branch: ${{env.BRANCH}}
destination_branch: "main"
pr_title: "Update docs for ${VERSION}"
pr_body: |
:robot: *This is an automated PR.* :robot:
github_token: ${{ secrets.GITHUB_TOKEN }}
prepare-release-branch:
name: Prepare release branch
if: inputs.kind == 'minor'
@ -213,3 +253,108 @@ jobs:
git config --global user.email "release[bot]@users.noreply.github.com"
git commit -m "Hardcode measurements for ${VERSION}"
git push
e2e-tests:
name: Run E2E tests
needs: [verify-inputs, update-hardcoded-measurements]
secrets: inherit
strategy:
matrix:
csp: [aws, azure, gcp]
uses: ./.github/workflows/e2e-test-manual.yml
with:
workerNodesCount: 2
controlNodesCount: 3
cloudProvider: ${{ matrix.csp }}
test: "sonobuoy full"
kubernetesVersion: "1.25"
keepMeasurements: true
osImage: ${{ inputs.version }}
isDebugImage: false
machineType: "default"
git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
e2e-tests-macos:
name: Run E2E tests (macOS)
needs: [verify-inputs, update-hardcoded-measurements]
secrets: inherit
strategy:
matrix:
csp: [aws, azure, gcp]
uses: ./.github/workflows/e2e-test-manual-macos.yml
with:
workerNodesCount: 2
controlNodesCount: 3
cloudProvider: ${{ matrix.csp }}
test: "sonobuoy full"
kubernetesVersion: "1.25"
keepMeasurements: true
osImage: ${{ inputs.version }}
isDebugImage: false
machineType: "default"
git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
e2e-mini:
name: Run E2E tests for mini Constellation
needs: [verify-inputs, update-hardcoded-measurements]
uses: ./.github/workflows/e2e-mini.yml
secrets: inherit
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
tag-release:
name: Tag release
needs: [verify-inputs, e2e-tests, e2e-tests-macos, e2e-mini]
runs-on: ubuntu-22.04
env:
VERSION: ${{ inputs.version }}
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Tag release
run: |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git tag -a "${VERSION}" -m "Release ${VERSION}"
git push origin "refs/tags/${VERSION}"
draft-release-cli:
name: Draft release (CLI)
needs: [verify-inputs, tag-release]
uses: ./.github/workflows/release-cli.yml
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
pr-get-changes-back-into-main:
name: PR to Merge changes from release branch into main
if: inputs.kind == 'minor'
runs-on: ubuntu-22.04
needs: [verify-inputs, tag-release]
env:
VERSION: ${{ inputs.version }}
NEW_BRANCH: feat/release/${{ inputs.version }}/changes-to-main
steps:
- uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
with:
ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }}
- name: Create branch with changes
run: |
git config --global user.name "release[bot]"
git config --global user.email "release[bot]@users.noreply.github.com"
git fetch
git checkout -b "${NEW_BRANCH}"
git rebase origin/main
git push --set-upstream origin "${NEW_BRANCH}"
- name: Create docs pull request
uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2
with:
source_branch: ${{ env.NEW_BRANCH }}
destination_branch: "main"
pr_title: "Bring back changes from release branch ${VERSION}"
pr_body: |
:robot: *This is an automated PR.* :robot:
github_token: ${{ secrets.GITHUB_TOKEN }}