diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index ac61e6f38..61a0022e1 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -2,6 +2,17 @@ name: e2e test qemu (MiniConstellation) on: workflow_dispatch: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: false + workflow_call: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: true permissions: id-token: write @@ -15,6 +26,8 @@ jobs: - name: Checkout id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ inputs.ref || github.head_ref }} - name: Azure login OIDC uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 diff --git a/.github/workflows/e2e-test-manual-macos.yml b/.github/workflows/e2e-test-manual-macos.yml index c37b18750..3785927f1 100644 --- a/.github/workflows/e2e-test-manual-macos.yml +++ b/.github/workflows/e2e-test-manual-macos.yml @@ -55,6 +55,53 @@ on: type: string default: "default" required: false + git-ref: + description: "Git ref to checkout." + type: string + default: "head" + required: false + workflow_call: + inputs: + workerNodesCount: + description: "Number of worker nodes to spawn." + type: number + required: true + controlNodesCount: + description: "Number of control-plane nodes to spawn." + type: number + required: true + cloudProvider: + description: "Which cloud provider to use." + type: string + required: true + test: + description: "The test to run." + type: string + required: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + type: string + required: true + keepMeasurements: + description: "Keep measurements embedded in the CLI." + type: boolean + required: true + osImage: + description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main." + type: string + required: true + isDebugImage: + description: "Is OS image a debug image?" + type: boolean + required: true + machineType: + description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider." + type: string + required: true + git-ref: + description: "Git ref to checkout." + type: string + required: true env: ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }} @@ -66,7 +113,7 @@ jobs: build-bootstrapper-linux: name: "Build bootstrapper (debug image)" runs-on: ubuntu-22.04 - if: ${{ github.event.inputs.isDebugImage == 'true' }} + if: ${{ inputs.isDebugImage == 'true' }} steps: - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 @@ -75,11 +122,17 @@ jobs: go-version: "1.19.4" - name: Check out repository - if: ${{ github.event.steps.check-bootstrapper-cache.cache-hit != 'true'}} + if: inputs.git-ref == 'head' && github.event.steps.check-bootstrapper-cache.cache-hit != 'true' uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + - name: Checkout ref + if: inputs.git-ref != 'head' && github.event.steps.check-bootstrapper-cache.cache-hit != 'true' + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ inputs.git-ref }} + - name: Build bootstrapper if: ${{ github.event.steps.check-bootstrapper-cache.cache-hit != 'true'}} uses: ./.github/actions/build_bootstrapper @@ -138,25 +191,32 @@ jobs: shell: bash run: brew install coreutils kubectl bash - - name: Check out repository + - name: Checkout head + if: inputs.git-ref == 'head' uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + - name: Checkout ref + if: inputs.git-ref != 'head' + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + with: + ref: ${{ inputs.git-ref }} + - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: go-version: "1.19.4" - name: Login to Azure - if: ${{ github.event.inputs.cloudProvider == 'azure' }} + if: ${{ inputs.cloudProvider == 'azure' }} uses: ./.github/actions/login_azure with: azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} - name: Create Azure resource group id: az_resource_group_gen - if: ${{ github.event.inputs.cloudProvider == 'azure' }} + if: ${{ inputs.cloudProvider == 'azure' }} shell: bash run: | uuid=$(uuidgen) @@ -165,23 +225,23 @@ jobs: echo "res_group_name=$name" >> "$GITHUB_OUTPUT" - name: Set up gcloud CLI - if: ${{ github.event.inputs.cloudProvider == 'gcp' }} + if: ${{ inputs.cloudProvider == 'gcp' }} uses: google-github-actions/setup-gcloud@d51b5346f85640ec2aa2fa057354d2b82c2fcbce # v1.0.1 - name: Run manual E2E test id: e2e_test uses: ./.github/actions/e2e_test with: - workerNodesCount: ${{ github.event.inputs.workerNodesCount }} - controlNodesCount: ${{ github.event.inputs.controlNodesCount }} - cloudProvider: ${{ github.event.inputs.cloudProvider }} - machineType: ${{ github.event.inputs.machineType }} + workerNodesCount: ${{ inputs.workerNodesCount }} + controlNodesCount: ${{ inputs.controlNodesCount }} + cloudProvider: ${{ inputs.cloudProvider }} + machineType: ${{ inputs.machineType }} gcpProject: ${{ secrets.GCP_E2E_PROJECT }} gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} - test: ${{ github.event.inputs.test }} - kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} - keepMeasurements: ${{ github.event.inputs.keepMeasurements }} + test: ${{ inputs.test }} + kubernetesVersion: ${{ inputs.kubernetesVersion }} + keepMeasurements: ${{ inputs.keepMeasurements }} azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }} azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }} azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }} @@ -189,7 +249,7 @@ jobs: azureUserAssignedIdentity: ${{ secrets.AZURE_E2E_USER_ASSIGNED_IDENTITY }} azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }} osImage: ${{ needs.find-latest-image.outputs.image }} - isDebugImage: ${{ github.event.inputs.isDebugImage }} + isDebugImage: ${{ inputs.isDebugImage }} - name: Always terminate cluster if: always() @@ -202,7 +262,7 @@ jobs: if: ${{ failure() && github.ref == 'refs/heads/main' }} run: | brew install gettext && brew link --force gettext - export TEAMS_JOB_NAME="${{ github.event.inputs.cloudProvider }} (macOS, manual)" + export TEAMS_JOB_NAME="${{ inputs.cloudProvider }} (macOS, manual)" export TEAMS_RUN_ID=${{ github.run_id }} envsubst < teams-payload.json > to-be-send.json curl \ @@ -213,7 +273,7 @@ jobs: working-directory: .github/actions/e2e_test - name: Always destroy Azure resource group - if: ${{ always() && github.event.inputs.cloudProvider == 'azure' }} + if: ${{ always() && inputs.cloudProvider == 'azure' }} shell: bash run: | az group delete \ diff --git a/.github/workflows/e2e-test-manual.yml b/.github/workflows/e2e-test-manual.yml index aa2278be2..d118ed556 100644 --- a/.github/workflows/e2e-test-manual.yml +++ b/.github/workflows/e2e-test-manual.yml @@ -61,6 +61,48 @@ on: type: string default: "head" required: false + workflow_call: + inputs: + workerNodesCount: + description: "Number of worker nodes to spawn." + type: number + required: true + controlNodesCount: + description: "Number of control-plane nodes to spawn." + type: number + required: true + cloudProvider: + description: "Which cloud provider to use." + type: string + required: true + test: + description: "The test to run." + type: string + required: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + type: string + required: true + keepMeasurements: + description: "Keep measurements embedded in the CLI." + type: boolean + required: true + osImage: + description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main." + type: string + required: true + isDebugImage: + description: "Is OS image a debug image?" + type: boolean + required: true + machineType: + description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider." + type: string + required: true + git-ref: + description: "Git ref to checkout." + type: string + required: true env: ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }} @@ -90,11 +132,18 @@ jobs: exit 0 fi - - name: Checkout + - name: Checkout head + if: inputs.git-ref == 'head' uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + - name: Checkout ref + if: inputs.git-ref != 'head' + uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0 + with: + ref: ${{ inputs.git-ref }} + - name: Find latest image id: find-latest-image if: steps.check-input.outputs.image == '' @@ -127,14 +176,14 @@ jobs: go-version: "1.19.4" - name: Login to Azure - if: ${{ github.event.inputs.cloudProvider == 'azure' }} + if: ${{ inputs.cloudProvider == 'azure' }} uses: ./.github/actions/login_azure with: azure_credentials: ${{ secrets.AZURE_E2E_CREDENTIALS }} - name: Create Azure resource group id: az_resource_group_gen - if: ${{ github.event.inputs.cloudProvider == 'azure' }} + if: ${{ inputs.cloudProvider == 'azure' }} shell: bash run: | uuid=$(cat /proc/sys/kernel/random/uuid) @@ -146,16 +195,16 @@ jobs: id: e2e_test uses: ./.github/actions/e2e_test with: - workerNodesCount: ${{ github.event.inputs.workerNodesCount }} - controlNodesCount: ${{ github.event.inputs.controlNodesCount }} - cloudProvider: ${{ github.event.inputs.cloudProvider }} - machineType: ${{ github.event.inputs.machineType }} + workerNodesCount: ${{ inputs.workerNodesCount }} + controlNodesCount: ${{ inputs.controlNodesCount }} + cloudProvider: ${{ inputs.cloudProvider }} + machineType: ${{ inputs.machineType }} gcpProject: ${{ secrets.GCP_E2E_PROJECT }} gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} - test: ${{ github.event.inputs.test }} - kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} - keepMeasurements: ${{ github.event.inputs.keepMeasurements }} + test: ${{ inputs.test }} + kubernetesVersion: ${{ inputs.kubernetesVersion }} + keepMeasurements: ${{ inputs.keepMeasurements }} azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }} azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }} azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }} @@ -163,7 +212,7 @@ jobs: azureUserAssignedIdentity: ${{ secrets.AZURE_E2E_USER_ASSIGNED_IDENTITY }} azureResourceGroup: ${{ steps.az_resource_group_gen.outputs.res_group_name }} osImage: ${{ needs.find-latest-image.outputs.image }} - isDebugImage: ${{ github.event.inputs.isDebugImage }} + isDebugImage: ${{ inputs.isDebugImage }} - name: Always terminate cluster if: always() @@ -176,7 +225,7 @@ jobs: if: ${{ failure() && github.ref == 'refs/heads/main' }} run: | sudo apt-get install gettext-base -y - export TEAMS_JOB_NAME="${{ github.event.inputs.cloudProvider }} (manual)" + export TEAMS_JOB_NAME="${{ inputs.cloudProvider }} (manual)" export TEAMS_RUN_ID=${{ github.run_id }} envsubst < teams-payload.json > to-be-send.json curl \ @@ -187,7 +236,7 @@ jobs: working-directory: .github/actions/e2e_test - name: Always destroy Azure resource group - if: ${{ always() && github.event.inputs.cloudProvider == 'azure' }} + if: ${{ always() && inputs.cloudProvider == 'azure' }} shell: bash run: | az group delete \ diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index 68786c033..20ca30d0b 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -2,6 +2,17 @@ name: Build CLI and prepare release on: workflow_dispatch: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: false + workflow_call: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: true jobs: build-cli: @@ -16,7 +27,7 @@ jobs: id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + ref: ${{ inputs.ref || github.head_ref }} - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: @@ -85,7 +96,7 @@ jobs: id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + ref: ${{ inputs.ref || github.head_ref }} - name: Download syft & grype run: | SYFT_VERSION=0.62.1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf70d28b7..09cd850ef 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -54,6 +54,46 @@ jobs: echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}" } >> "$GITHUB_OUTPUT" + docs: + name: Create docs release + runs-on: ubuntu-22.04 + if: inputs.kind == 'minor' + needs: verify-inputs + env: + VERSION: ${{ inputs.version }} + MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} + BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} + steps: + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + with: + ref: ${{ github.head_ref }} + - name: Create docs branch + run: | + git fetch + git pull + git checkout "${BRANCH}" || git checkout -B "${BRANCH}" + - name: Create docs release + working-directory: docs + run: | + npm install + npm run docusaurus docs:version "${MAJOR_MINOR}" + - name: Commit + run: | + git config --global user.name "release[bot]" + git config --global user.email "release[bot]@users.noreply.github.com" + git add docs + git commit -m "Generate docs for ${VERSION}" + git push --set-upstream origin "${BRANCH}" + - name: Create docs pull request + uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2 + with: + source_branch: ${{env.BRANCH}} + destination_branch: "main" + pr_title: "Update docs for ${VERSION}" + pr_body: | + :robot: *This is an automated PR.* :robot: + github_token: ${{ secrets.GITHUB_TOKEN }} + prepare-release-branch: name: Prepare release branch if: inputs.kind == 'minor' @@ -213,3 +253,108 @@ jobs: git config --global user.email "release[bot]@users.noreply.github.com" git commit -m "Hardcode measurements for ${VERSION}" git push + + e2e-tests: + name: Run E2E tests + needs: [verify-inputs, update-hardcoded-measurements] + secrets: inherit + strategy: + matrix: + csp: [aws, azure, gcp] + uses: ./.github/workflows/e2e-test-manual.yml + with: + workerNodesCount: 2 + controlNodesCount: 3 + cloudProvider: ${{ matrix.csp }} + test: "sonobuoy full" + kubernetesVersion: "1.25" + keepMeasurements: true + osImage: ${{ inputs.version }} + isDebugImage: false + machineType: "default" + git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + e2e-tests-macos: + name: Run E2E tests (macOS) + needs: [verify-inputs, update-hardcoded-measurements] + secrets: inherit + strategy: + matrix: + csp: [aws, azure, gcp] + uses: ./.github/workflows/e2e-test-manual-macos.yml + with: + workerNodesCount: 2 + controlNodesCount: 3 + cloudProvider: ${{ matrix.csp }} + test: "sonobuoy full" + kubernetesVersion: "1.25" + keepMeasurements: true + osImage: ${{ inputs.version }} + isDebugImage: false + machineType: "default" + git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + e2e-mini: + name: Run E2E tests for mini Constellation + needs: [verify-inputs, update-hardcoded-measurements] + uses: ./.github/workflows/e2e-mini.yml + secrets: inherit + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + tag-release: + name: Tag release + needs: [verify-inputs, e2e-tests, e2e-tests-macos, e2e-mini] + runs-on: ubuntu-22.04 + env: + VERSION: ${{ inputs.version }} + steps: + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + - name: Tag release + run: | + git config --global user.name "release[bot]" + git config --global user.email "release[bot]@users.noreply.github.com" + git tag -a "${VERSION}" -m "Release ${VERSION}" + git push origin "refs/tags/${VERSION}" + + draft-release-cli: + name: Draft release (CLI) + needs: [verify-inputs, tag-release] + uses: ./.github/workflows/release-cli.yml + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + pr-get-changes-back-into-main: + name: PR to Merge changes from release branch into main + if: inputs.kind == 'minor' + runs-on: ubuntu-22.04 + needs: [verify-inputs, tag-release] + env: + VERSION: ${{ inputs.version }} + NEW_BRANCH: feat/release/${{ inputs.version }}/changes-to-main + steps: + - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0 + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + - name: Create branch with changes + run: | + git config --global user.name "release[bot]" + git config --global user.email "release[bot]@users.noreply.github.com" + git fetch + git checkout -b "${NEW_BRANCH}" + git rebase origin/main + git push --set-upstream origin "${NEW_BRANCH}" + + - name: Create docs pull request + uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2 + with: + source_branch: ${{ env.NEW_BRANCH }} + destination_branch: "main" + pr_title: "Bring back changes from release branch ${VERSION}" + pr_body: | + :robot: *This is an automated PR.* :robot: + github_token: ${{ secrets.GITHUB_TOKEN }}