Release without version input (kyma-project#396)

* Fix release of manifests (kyma-project#340) (kyma-project#341) * clean up create-release.yml Clean up the create-release.yml by removing a number of unused and outcommented lines. * rename release.sh to render_and_upload_manifests.sh Rename the scripts/release.sh to render_and_upload_manifests.sh to point clearly out, what the script is about. * call manifest release from create-release.yml Call the render_and_upload_manifests.sh because it no longer created by a prow job. * deactivate module-template upload Deactivate the upload of the module-template. All functionality for the module-template will be removed eventually, in a follow up PR. * fix reference of env var * fix reference to release name (kyma-project#342) * add missing env vars for IMG and MODULE_REGISTERY (kyma-project#343) * add missing env vars for IMG and MODULE_REGISTERY * remove arg * add KUSTOMIZE_VERSION * fix wrong token (kyma-project#344) * add missing env vars for IMG and MODULE_REGISTERY * remove arg * replace the BOT_GITHUB_TOKEN with the GITHUB_TOKEN * remove call of make module-build (kyma-project#347) * remove call of make module-build We really only need to render the manifests so lets remove module-build. * revert removal of MODULE_REGISTERY * fix spelling of env var name (kyma-project#348) * release-without-version-input * improve check_sec-scanners-config.sh rename from check_tag_info.sh to check_sec-scanners-config.sh and add error handling and desciption. * clean up
friedrichwilken · Jan 16, 2024 · e19a83e · e19a83e
1 parent b784090
commit e19a83e
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 32 deletions.
diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
@@ -2,40 +2,45 @@ name: "Create release"
 
 on:
   workflow_dispatch:
-    inputs:
-      name:
-        description: 'Release name ( e.g. "2.1.3" )'
-        default: ""
-        required: true
 
 jobs:
-  verify-head-status:
-    name: Verify head (image version and prow job)
+  verify-release:
+    name: Verify release
     runs-on: ubuntu-latest
+    outputs:
+      version: ${{ steps.gen-version.outputs.VERSION }}
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Verify that the current branch has a name that starts with 'release-'
+      - name: Generate version number
+        id: gen-version
         run: |
-          CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
-          if [[ "$CURRENT_BRANCH" == release-* ]]; then
-            echo "Branch name starts with 'release-'."
-          else
-            echo "Branch name does not start with 'release-'."
-            exit 1
-          fi
+          # get script
+          GET_VERSION=$(mktemp /tmp/get-version-from-branch.XXXXX)
+          curl -L https://raw.githubusercontent.com/kyma-project/eventing-tools/main/hack/scripts/get-version-from-branch.sh -o "${GET_VERSION}"
+          chmod +x "${GET_VERSION}"
+          # get version via script
+          VERSION=$("${GET_VERSION}")
+          # push version to output environment file
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
 
       - name: Check image Tag
-        run: ./scripts/check_tag_info.sh ${{ github.event.inputs.name }}
+        env:
+          VERSION: ${{ steps.gen-version.outputs.VERSION }}
+        run: ./scripts/check_sec-scanners-config.sh $VERSION
 
   create-draft:
     name: Create draft release
     needs: verify-head-status
     runs-on: ubuntu-latest
+    env:
+      VERSION: ${{ needs.verify-release.outputs.VERSION }}
+    outputs:
+      release_id: ${{ steps.create-draft.outputs.release_id }}
 
     steps:
       - name: Checkout code
@@ -46,37 +51,34 @@ jobs:
       - name: Create changelog
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: ./scripts/create_changelog.sh ${{ github.event.inputs.name }}
+        run: ./scripts/create_changelog.sh $VERSION
 
       - name: Create draft release
         id: create-draft
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.name }})
+          RELEASE_ID=$(./scripts/create_draft_release.sh $VERSION
           echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT
 
       - name: Create lightweight tag
         run: |
-          git tag ${{ github.event.inputs.name }}
-          git push origin ${{ github.event.inputs.name }}
+          git tag $VERSION
+          git push origin $VERSION
 
       - name: Verify job status
         run: ./scripts/verify-status.sh ${{ github.ref_name }} 600 10 30
 
       - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml
         env:
-          PULL_BASE_REF: ${{ github.event.inputs.name }}
+          PULL_BASE_REF: $VERSION
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}"
+          IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${VERSION}"
           MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned"
           KUSTOMIZE_VERSION: "v4.5.6"
         run: |
           ./scripts/render_and_upload_manifests.sh
 
-    outputs:
-      release_id: ${{ steps.create-draft.outputs.release_id }}
-
   publish-release:
     name: Publish release
     needs: [verify-head-status, create-draft]

diff --git a/scripts/check_tag_info.sh → scripts/check_sec-scanners-config.sh b/scripts/check_tag_info.sh → scripts/check_sec-scanners-config.sh
@@ -1,10 +1,12 @@
 #!/usr/bin/env bash
 
-##############################
-# Check tags in security-scan-config.yaml
-# Image Tag, rc-tag
-##############################
+# This script checks thate the RC-Tag and the eventing-manager image have the tag of the corresponding release.
 
+# Error handling:
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
 
 # Get release version
 DESIRED_TAG="${1:-"main"}"
@@ -19,12 +21,12 @@ RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f
 
 # Check IMAGE_TAG and required image tag
 if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then
-  # ERROR: Tag issue
-  echo "Tags are not correct:
+	# ERROR: Tag issue
+	echo "Tags are not correct:
   - wanted: $DESIRED_TAG
   - security-scanner image tag: $IMAGE_TAG
   - rc-tag: $RC_TAG"
-  exit 1
+	exit 1
 fi
 
 # OK: Everything is fine