diff --git a/.github/workflows/e2e-mini.yml b/.github/workflows/e2e-mini.yml index ac61e6f38..61a0022e1 100644 --- a/.github/workflows/e2e-mini.yml +++ b/.github/workflows/e2e-mini.yml @@ -2,6 +2,17 @@ name: e2e test qemu (MiniConstellation) on: workflow_dispatch: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: false + workflow_call: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: true permissions: id-token: write @@ -15,6 +26,8 @@ jobs: - name: Checkout id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ inputs.ref || github.head_ref }} - name: Azure login OIDC uses: azure/login@92a5484dfaf04ca78a94597f4f19fea633851fa2 # v1.4.7 diff --git a/.github/workflows/e2e-test-manual.yml b/.github/workflows/e2e-test-manual.yml index 6d963ec91..465b41a6c 100644 --- a/.github/workflows/e2e-test-manual.yml +++ b/.github/workflows/e2e-test-manual.yml @@ -63,6 +63,48 @@ on: type: string default: "head" required: false + workflow_call: + inputs: + workerNodesCount: + description: "Number of worker nodes to spawn." + type: number + required: true + controlNodesCount: + description: "Number of control-plane nodes to spawn." + type: number + required: true + cloudProvider: + description: "Which cloud provider to use." + type: string + required: true + runner: + description: "Architecture of the runner that executes the CLI" + type: string + required: true + test: + description: "The test to run." + type: string + required: true + kubernetesVersion: + description: "Kubernetes version to create the cluster from." + type: string + required: true + keepMeasurements: + description: "Keep measurements embedded in the CLI." + type: boolean + required: true + osImage: + description: "Full name of OS image (CSP independent image version UID). Leave empty for latest debug image on main." + type: string + required: true + machineType: + description: "Override VM machine type. Leave as 'default' or empty to use the default VM type for the selected cloud provider." + type: string + required: true + git-ref: + description: "Git ref to checkout." + type: string + required: true env: ARM_CLIENT_ID: ${{ secrets.AZURE_E2E_CLIENT_ID }} @@ -93,11 +135,18 @@ jobs: exit 0 fi - - name: Checkout + - name: Checkout head + if: inputs.git-ref == 'head' uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + - name: Checkout ref + if: inputs.git-ref != 'head' + uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ inputs.git-ref }} + - name: Find latest image id: find-latest-image if: steps.check-input.outputs.image == '' @@ -218,16 +267,16 @@ jobs: id: e2e_test uses: ./.github/actions/e2e_test with: - workerNodesCount: ${{ github.event.inputs.workerNodesCount }} - controlNodesCount: ${{ github.event.inputs.controlNodesCount }} - cloudProvider: ${{ github.event.inputs.cloudProvider }} - machineType: ${{ github.event.inputs.machineType }} + workerNodesCount: ${{ inputs.workerNodesCount }} + controlNodesCount: ${{ inputs.controlNodesCount }} + cloudProvider: ${{ inputs.cloudProvider }} + machineType: ${{ inputs.machineType }} gcpProject: ${{ secrets.GCP_E2E_PROJECT }} gcp_service_account_json: ${{ secrets.GCP_SERVICE_ACCOUNT }} gcpClusterServiceAccountKey: ${{ secrets.GCP_CLUSTER_SERVICE_ACCOUNT }} - test: ${{ github.event.inputs.test }} - kubernetesVersion: ${{ github.event.inputs.kubernetesVersion }} - keepMeasurements: ${{ github.event.inputs.keepMeasurements }} + test: ${{ inputs.test }} + kubernetesVersion: ${{ inputs.kubernetesVersion }} + keepMeasurements: ${{ inputs.keepMeasurements }} azureSubscription: ${{ secrets.AZURE_E2E_SUBSCRIPTION_ID }} azureTenant: ${{ secrets.AZURE_E2E_TENANT_ID }} azureClientID: ${{ secrets.AZURE_E2E_CLIENT_ID }} diff --git a/.github/workflows/release-cli.yml b/.github/workflows/release-cli.yml index ab415d1c7..0e4778b88 100644 --- a/.github/workflows/release-cli.yml +++ b/.github/workflows/release-cli.yml @@ -2,6 +2,17 @@ name: Build CLI and prepare release on: workflow_dispatch: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: false + workflow_call: + inputs: + ref: + type: string + description: "Git ref to checkout" + required: true jobs: build-cli: @@ -16,7 +27,7 @@ jobs: id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + ref: ${{ inputs.ref || github.head_ref }} - name: Setup Go environment uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0 with: @@ -85,7 +96,7 @@ jobs: id: checkout uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 with: - ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }} + ref: ${{ inputs.ref || github.head_ref }} - name: Download syft & grype run: | SYFT_VERSION=0.62.1 @@ -190,7 +201,7 @@ jobs: release: runs-on: ubuntu-22.04 - if: startsWith(github.ref, 'refs/tags/v') + if: startsWith(inputs.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/v') needs: - build-cli - provenance diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 102896309..3a078e434 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -54,6 +54,47 @@ jobs: echo "RELEASE_BRANCH=release/v${PART_MAJOR}.${PART_MINOR}" } | tee "$GITHUB_OUTPUT" + docs: + name: Create docs release + runs-on: ubuntu-22.04 + if: inputs.kind == 'minor' + needs: verify-inputs + env: + VERSION: ${{ inputs.version }} + MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }} + BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }} + steps: + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ github.head_ref }} + - name: Create docs branch + run: | + git fetch + git pull + git checkout "${BRANCH}" || git checkout -B "${BRANCH}" + - name: Create docs release + working-directory: docs + run: | + npm install + npm run docusaurus docs:version "${MAJOR_MINOR}" + - name: Commit + run: | + git config --global user.name "release[bot]" + git config --global user.email "release[bot]@users.noreply.github.com" + git add docs + git commit -m "docs: generate docs for ${VERSION}" + git push --set-upstream origin "${BRANCH}" + - name: Create docs pull request + uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2 + with: + source_branch: ${{env.BRANCH}} + destination_branch: "main" + pr_title: "docs: add release ${VERSION}" + pr_body: | + :robot: *This is an automated PR.* :robot: + pr_label: "no-changelog" + github_token: ${{ secrets.GITHUB_TOKEN }} + prepare-release-branch: name: Prepare release branch runs-on: ubuntu-22.04 @@ -213,3 +254,90 @@ jobs: git config --global user.email "release[bot]@users.noreply.github.com" git commit -m "attestation: hardcode measurements for ${VERSION}" git push + + e2e-tests: + name: Run E2E tests + needs: [verify-inputs, update-hardcoded-measurements] + secrets: inherit + strategy: + matrix: + runner: [ubuntu-22.04, macos-12] + csp: [aws, azure, gcp] + uses: ./.github/workflows/e2e-test-manual.yml + with: + workerNodesCount: 2 + controlNodesCount: 3 + cloudProvider: ${{ matrix.csp }} + runner: ${{ matrix.runner }} + test: "sonobuoy full" + kubernetesVersion: "1.25" + keepMeasurements: true + osImage: ${{ inputs.version }} + machineType: "default" + git-ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + e2e-mini: + name: Run E2E tests for mini Constellation + needs: [verify-inputs, update-hardcoded-measurements] + uses: ./.github/workflows/e2e-mini.yml + secrets: inherit + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + tag-release: + name: Tag release + needs: [verify-inputs, e2e-tests, e2e-mini] + runs-on: ubuntu-22.04 + env: + VERSION: ${{ inputs.version }} + steps: + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + - name: Tag release + run: | + git config --global user.name "release[bot]" + git config --global user.email "release[bot]@users.noreply.github.com" + git tag -a "${VERSION}" -m "Release ${VERSION}" + git push origin "refs/tags/${VERSION}" + + draft-release-cli: + name: Draft release (CLI) + needs: [verify-inputs, tag-release] + uses: ./.github/workflows/release-cli.yml + secrets: inherit + with: + ref: "refs/tags/${{ inputs.version }}" + + pr-get-changes-back-into-main: + name: PR to Merge changes from release branch into main + if: inputs.kind == 'minor' + runs-on: ubuntu-22.04 + needs: [verify-inputs, tag-release] + env: + VERSION: ${{ inputs.version }} + NEW_BRANCH: feat/release/${{ inputs.version }}/changes-to-main + steps: + - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0 + with: + ref: ${{ needs.verify-inputs.outputs.RELEASE_BRANCH }} + + - name: Create branch with changes + run: | + git config --global user.name "release[bot]" + git config --global user.email "release[bot]@users.noreply.github.com" + git fetch + git checkout -b "${NEW_BRANCH}" + git push --set-upstream origin "${NEW_BRANCH}" + + - name: Create pull request + uses: repo-sync/pull-request@65785d95a5a466e46a9d0708933a3bd51bbf9dde # tag=v2.6.2 + with: + source_branch: ${{ env.NEW_BRANCH }} + destination_branch: "main" + pr_title: "release: bring back changes from ${VERSION}" + pr_body: | + :robot: *This is an automated PR.* :robot: + pr_label: "no-changelog" + github_token: ${{ secrets.GITHUB_TOKEN }}