Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-26 10:09:14 -04:00
Code Issues Packages Projects Releases Wiki Activity

ci: don't automatically create git tag in release pipeline (#2316)

Browse Source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-09-07 08:47:01 +02:00 committed by GitHub
parent 327315d5de
commit 442f904ceb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 58 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/release-cli.yml vendored
View File

@ -3,6 +3,10 @@ name: Build CLI and prepare release
on: on:
workflow_dispatch: workflow_dispatch:
inputs: inputs:
versionName:
type: string
description: "Version to use for the release (e.g. v1.2.3)"
required: true
ref: ref:
type: string type: string
description: "Git ref to checkout" description: "Git ref to checkout"
@ -22,6 +26,10 @@ on:
required: true required: true
workflow_call: workflow_call:
inputs: inputs:
versionName:
type: string
description: "Version to use for the release (e.g. v1.2.3)"
required: true
ref: ref:
type: string type: string
description: "Git ref to checkout" description: "Git ref to checkout"
@ -387,7 +395,7 @@ jobs:
with: with:
draft: true draft: true
generate_release_notes: true generate_release_notes: true
tag_name: ${{ inputs.ref }} tag_name: ${{ inputs.versionName || inputs.ref || github.head_ref }}
files: | files: |
constellation-* constellation-*
cosign.pub cosign.pub

26
.github/workflows/release.yml vendored
View File

@ -239,30 +239,9 @@ jobs:
git commit -m "attestation: hardcode measurements for ${VERSION}" git commit -m "attestation: hardcode measurements for ${VERSION}"
git push git push
tag-release:
name: Tag release
needs: [verify-inputs, update-hardcoded-measurements]
runs-on: ubuntu-22.04
permissions:
contents: write
env:
VERSION: ${{ inputs.version }}
steps:
- name: Checkout
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
with:
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
- name: Tag release
run: |
git config --global user.name "edgelessci"
git config --global user.email "edgelessci@users.noreply.github.com"
git tag -a "${VERSION}" -m "Release ${VERSION}"
git push --force origin "refs/tags/${VERSION}" # force push to overwrite existing tag
draft-release-cli: draft-release-cli:
name: Draft release (CLI) name: Draft release (CLI)
needs: [verify-inputs, tag-release] needs: [verify-inputs, update-hardcoded-measurements]
uses: ./.github/workflows/release-cli.yml uses: ./.github/workflows/release-cli.yml
permissions: permissions:
actions: read actions: read
@ -271,7 +250,8 @@ jobs:
packages: write packages: write
secrets: inherit secrets: inherit
with: with:
ref: "refs/tags/${{ inputs.version }}" versionName: ${{ inputs.version }}
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
pushContainers: true pushContainers: true
key: 'release' key: 'release'

72
dev-docs/workflows/release.md
View File

@ -5,9 +5,7 @@ This checklist will prepare `v1.3.0` from `v1.2.0` (minor release) or `v1.3.1` f
## Preparation ## Preparation
1. Search the code for TODOs and FIXMEs that should be resolved before releasing. 1. Search the code for TODOs and FIXMEs that should be resolved before releasing.
2. [Update titles and labels for all PRs relevant for this release](/dev-docs/conventions.md#pr-conventions) to aid in the [changelog generation](/.github/release.yml). 2. [Update titles and labels for all PRs relevant for this release](/dev-docs/workflows/pull-request.md) to aid in the [changelog generation](/.github/release.yml).
## Automated release ## Automated release
@ -16,6 +14,7 @@ Releases should be performed using [the automated release pipeline](https://gith
### Prepare temporary working branch ### Prepare temporary working branch
1. Create a temporary working branch to prepare the release. This branch should be based on main if preparing a minor release or be based on the existing release branch if it is a patch release. 1. Create a temporary working branch to prepare the release. This branch should be based on main if preparing a minor release or be based on the existing release branch if it is a patch release.
```sh ```sh
ver=v1.3.1 # replace me ver=v1.3.1 # replace me
minor=$(echo ${ver} | cut -d '.' -f 1,2) minor=$(echo ${ver} | cut -d '.' -f 1,2)
@ -31,41 +30,51 @@ Releases should be performed using [the automated release pipeline](https://gith
git push origin ${working_branch} git push origin ${working_branch}
``` ```
### Patch release ### Patch release
1. `cherry-pick` (only) the required commits from `main` 1. `cherry-pick` (only) the required commits from `main`
* Check PRs with label [needs-backport](https://github.com/edgelesssys/constellation/pulls?q=is%3Apr+is%3Aclosed+label%3A%22needs+backport%22) to find candidates that should be included in a patch release. * Check PRs with label [needs-backport](https://github.com/edgelesssys/constellation/pulls?q=is%3Apr+is%3Aclosed+label%3A%22needs+backport%22) to find candidates that should be included in a patch release.
2. trigger the automated release pipeline from the working branch created above: 2. trigger the automated release pipeline from the working branch created above:
```sh ```sh
gh workflow run release.yml --ref ${working_branch} -F version=${ver} -F kind=patch gh workflow run release.yml --ref ${working_branch} -F version=${ver} -F kind=patch
``` ```
3. wait for the pipeline to finish 3. wait for the pipeline to finish
4. while in editing mode for the release, clear the textbox, select the last patch release for the current release branch and click "Generate release notes". 4. while in editing mode for the release, clear the textbox, select the last patch release for the current release branch and click "Generate release notes".
5. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this. 5. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
6. publish. 6. in the GitHub release UI, set the tag to create on publish to `$ver`.
7. publish.
### Minor release ### Minor release
1. Merge ready PRs 1. Merge ready PRs
2. trigger the automated release pipeline from the working branch created above: 2. trigger the automated release pipeline from the working branch created above:
```sh ```sh
gh workflow run release.yml --ref ${working_branch} -F version=${ver} -F kind=minor gh workflow run release.yml --ref ${working_branch} -F version=${ver} -F kind=minor
``` ```
3. wait for the pipeline to finish 3. wait for the pipeline to finish
4. upgrade the dogfooding cluster. Note that `upgrade check --update-config` will not yet show the new image. But you can manually set it in the config: 4. upgrade the dogfooding cluster. Note that `upgrade check --update-config` will not yet show the new image. But you can manually set it in the config:
```sh
./constellation upgrade check --update-config ```sh
yq eval -i '.image="vX.YY.Z"' constellation-conf.yaml ./constellation upgrade check --update-config
./constellation config fetch-measurements yq eval -i '.image="vX.YY.Z"' constellation-conf.yaml
./constellation upgrade apply --yes --debug ./constellation config fetch-measurements
``` ./constellation upgrade apply --yes --debug
Then wait until the node / Kubernetes upgrades are finished by periodically checking: ```
```sh
./constellation status Then wait until the node / Kubernetes upgrades are finished by periodically checking:
```
```sh
./constellation status
```
5. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes". 5. while in editing mode for the release, clear the textbox, select the last minor release and click "Generate release notes".
6. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this. 6. look over the autogenerated draft release. When fixing the changelog, prioritize updating the PR title/labels/description and regenerating the changelog over fixing things in the final changelog. The changelog should be primarily aimed at users. Rule of thumb: first part of the sentence should describe what changed for the user, second part can describe what has been changed to achieve this.
7. publish. 7. in the GitHub release UI, set the tag to create on publish to `$ver`.
8. publish.
## Post release steps ## Post release steps
@ -80,20 +89,24 @@ Then wait until the node / Kubernetes upgrades are finished by periodically chec
5. Reset `upgradeRequiresIAMMigration` in `iamupgradeapply.go`. 5. Reset `upgradeRequiresIAMMigration` in `iamupgradeapply.go`.
## Troubleshooting: Pipeline cleanup ## Troubleshooting: Pipeline cleanup
No manual steps should be necessary anymore but in case you encounter issues, create a ticket to fix it. These are instructions to do some cleanup steps manually: No manual steps should be necessary anymore but in case you encounter issues, create a ticket to fix it. These are instructions to do some cleanup steps manually:
### General ### General
Depending on how far the pipeline ran we need to delete: Depending on how far the pipeline ran we need to delete:
- the working branch (remove automated commits made by the process, keep any cherry picks)
- the release tag create by the pipeline: `v1.3.0`/`v1.3.1` * the working branch (remove automated commits made by the process, keep any cherry picks)
- (only minor releases) the branch to merge changes back to main: `feat/release/v1.3.0` * (only minor releases) the branch to merge changes back to main: `feat/release/v1.3.0`
### GCP ### GCP
1. Navigate to [Images](https://console.cloud.google.com/compute/images?tab=images&project=constellation-images) tab of the "constellation-images" project 1. Navigate to [Images](https://console.cloud.google.com/compute/images?tab=images&project=constellation-images) tab of the "constellation-images" project
2. Search for the image versions "v1-3-0-gcp-sev-es-stable" and "v1-3-0-gcp-sev-snp-stable" 2. Search for the image versions "v1-3-0-gcp-sev-es-stable" and "v1-3-0-gcp-sev-snp-stable"
3. Select the images and press "DELETE"  3. Select the images and press "DELETE"
### Azure ### Azure
1. Navigate to [Azure compute galleries](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Compute%2Fgalleries) 1. Navigate to [Azure compute galleries](https://portal.azure.com/#view/HubsExtension/BrowseResource/resourceType/Microsoft.Compute%2Fgalleries)
2. Select "Constellation_CVM" (this is for confidential vms on AMD SEV SNP) 2. Select "Constellation_CVM" (this is for confidential vms on AMD SEV SNP)
3. Select image definition "constellation" 3. Select image definition "constellation"
@ -101,17 +114,21 @@ Depending on how far the pipeline ran we need to delete:
5. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition. 5. Press "Delete" button NEXT TO THE IMAGE VERSION TABLE. Do no delete the image definition.
### AWS ### AWS
**Important:** You need to repeat the following steps for every region supported by Constellation! **Important:** You need to repeat the following steps for every region supported by Constellation!
Currently, this includes:  Currently, this includes:
- Frankfurt (eu-central-1)
- Ireland (eu-west-1) * Frankfurt (eu-central-1)
- Paris (eu-west-3) * Ireland (eu-west-1)
- Ohio (us-east-2) * Paris (eu-west-3)
- Mumbai (ap-south-1)  * Ohio (us-east-2)
* Mumbai (ap-south-1)
#### Automated script #### Automated script
This is a script to automate the deletion but please be super careful to set the version correctly. This is a script to automate the deletion but please be super careful to set the version correctly.
```
```shell
VERSION=vX.XX.X # !! DOUBLE CHECK CORRECTNESS! VERSION=vX.XX.X # !! DOUBLE CHECK CORRECTNESS!
regions=("eu-central-1" "eu-west-1" "eu-west-3" "us-east-2" "ap-south-1") regions=("eu-central-1" "eu-west-1" "eu-west-3" "us-east-2" "ap-south-1")
for region in "${regions[@]}" for region in "${regions[@]}"
@ -124,6 +141,7 @@ done
``` ```
#### Manual GUI steps #### Manual GUI steps
1. Navigate to [AMI](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Images:visibility=owned-by-me) 1. Navigate to [AMI](https://eu-central-1.console.aws.amazon.com/ec2/home?region=eu-central-1#Images:visibility=owned-by-me)
2. Search for release version "constellation-v1.3.0" and select the AMIs for both variants ("constellation-v1.3.0-aws-sev-snp" and "constellation-v1.3.0-aws-nitro-tpm") 2. Search for release version "constellation-v1.3.0" and select the AMIs for both variants ("constellation-v1.3.0-aws-sev-snp" and "constellation-v1.3.0-aws-nitro-tpm")
3. On the "Actions" button (top right) select "Deregister AMI" 3. On the "Actions" button (top right) select "Deregister AMI"