Skip to content

Commit

Permalink
Release without version input (kyma-project#396)
Browse files Browse the repository at this point in the history
* Fix release of manifests (kyma-project#340) (kyma-project#341)

* clean up create-release.yml

Clean up the create-release.yml by removing a number of unused and outcommented lines.

* rename release.sh to render_and_upload_manifests.sh

Rename the scripts/release.sh to render_and_upload_manifests.sh to point clearly out, what the script is about.

* call manifest release from create-release.yml

Call the render_and_upload_manifests.sh because it no longer created by a prow job.

* deactivate module-template upload

Deactivate the upload of the module-template. All functionality for the module-template will be removed eventually, in a follow up PR.

* fix reference of env var

* fix reference to release name (kyma-project#342)

* add missing env vars for IMG and MODULE_REGISTERY (kyma-project#343)

* add missing env vars for IMG and MODULE_REGISTERY

* remove arg

* add KUSTOMIZE_VERSION

* fix wrong token (kyma-project#344)

* add missing env vars for IMG and MODULE_REGISTERY

* remove arg

* replace the BOT_GITHUB_TOKEN with the GITHUB_TOKEN

* remove call of make module-build (kyma-project#347)

* remove call of make module-build

We really only need to render the manifests so lets remove module-build.

* revert removal of MODULE_REGISTERY

* fix spelling of env var name (kyma-project#348)

* release-without-version-input

* improve check_sec-scanners-config.sh

rename from check_tag_info.sh to check_sec-scanners-config.sh and add error handling and desciption.

* clean up
  • Loading branch information
friedrichwilken committed Jan 16, 2024
1 parent 2904494 commit 3448c8e
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 32 deletions.
52 changes: 27 additions & 25 deletions .github/workflows/create-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,40 +2,45 @@ name: "Create release"

on:
workflow_dispatch:
inputs:
name:
description: 'Release name ( e.g. "2.1.3" )'
default: ""
required: true

jobs:
verify-head-status:
name: Verify head (image version and prow job)
verify-release:
name: Verify release
runs-on: ubuntu-latest
outputs:
version: ${{ steps.gen-version.outputs.VERSION }}

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Verify that the current branch has a name that starts with 'release-'
- name: Generate version number
id: gen-version
run: |
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
if [[ "$CURRENT_BRANCH" == release-* ]]; then
echo "Branch name starts with 'release-'."
else
echo "Branch name does not start with 'release-'."
exit 1
fi
# get script
GET_VERSION=$(mktemp /tmp/get-version-from-branch.XXXXX)
curl -L https://raw.githubusercontent.com/kyma-project/eventing-tools/main/hack/scripts/get-version-from-branch.sh -o "${GET_VERSION}"
chmod +x "${GET_VERSION}"
# get version via script
VERSION=$("${GET_VERSION}")
# push version to output environment file
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
- name: Check image Tag
run: ./scripts/check_tag_info.sh ${{ github.event.inputs.name }}
env:
VERSION: ${{ steps.gen-version.outputs.VERSION }}
run: ./scripts/check_sec-scanners-config.sh $VERSION

create-draft:
name: Create draft release
needs: verify-head-status
runs-on: ubuntu-latest
env:
VERSION: ${{ needs.verify-release.outputs.VERSION }}
outputs:
release_id: ${{ steps.create-draft.outputs.release_id }}

steps:
- name: Checkout code
Expand All @@ -46,37 +51,34 @@ jobs:
- name: Create changelog
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: ./scripts/create_changelog.sh ${{ github.event.inputs.name }}
run: ./scripts/create_changelog.sh $VERSION

- name: Create draft release
id: create-draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.name }})
RELEASE_ID=$(./scripts/create_draft_release.sh $VERSION
echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT
- name: Create lightweight tag
run: |
git tag ${{ github.event.inputs.name }}
git push origin ${{ github.event.inputs.name }}
git tag $VERSION
git push origin $VERSION
- name: Verify job status
run: ./scripts/verify-status.sh ${{ github.ref_name }} 600 10 30

- name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml
env:
PULL_BASE_REF: ${{ github.event.inputs.name }}
PULL_BASE_REF: $VERSION
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}"
IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${VERSION}"
MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned"
KUSTOMIZE_VERSION: "v4.5.6"
run: |
./scripts/render_and_upload_manifests.sh
outputs:
release_id: ${{ steps.create-draft.outputs.release_id }}

publish-release:
name: Publish release
needs: [verify-head-status, create-draft]
Expand Down
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
#!/usr/bin/env bash

##############################
# Check tags in security-scan-config.yaml
# Image Tag, rc-tag
##############################
# This script checks thate the RC-Tag and the eventing-manager image have the tag of the corresponding release.

# Error handling:
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

# Get release version
DESIRED_TAG="${1:-"main"}"
Expand All @@ -19,12 +21,12 @@ RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f

# Check IMAGE_TAG and required image tag
if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then
# ERROR: Tag issue
echo "Tags are not correct:
# ERROR: Tag issue
echo "Tags are not correct:
- wanted: $DESIRED_TAG
- security-scanner image tag: $IMAGE_TAG
- rc-tag: $RC_TAG"
exit 1
exit 1
fi

# OK: Everything is fine
Expand Down

0 comments on commit 3448c8e

Please sign in to comment.