From e6764f0718178e51e2a1db92ef3fdd2f259a088e Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 11:39:26 +0100 Subject: [PATCH 1/9] Fix release of manifests (#340) (#341) * clean up create-release.yml Clean up the create-release.yml by removing a number of unused and outcommented lines. * rename release.sh to render_and_upload_manifests.sh Rename the scripts/release.sh to render_and_upload_manifests.sh to point clearly out, what the script is about. * call manifest release from create-release.yml Call the render_and_upload_manifests.sh because it no longer created by a prow job. * deactivate module-template upload Deactivate the upload of the module-template. All functionality for the module-template will be removed eventually, in a follow up PR. * fix reference of env var --- .github/workflows/create-release.yml | 9 +++------ scripts/render_and_upload_manifests.sh | 9 +++++---- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index af73a0d3..07dd8687 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -66,13 +66,10 @@ jobs: - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml env: - PULL_BASE_REF: ${{ github.event.inputs.name }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}" - MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" - KUSTOMIZE_VERSION: "v4.5.6" + PULL_BASE_REF: ${{ PULL_BASE_REF }} + BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} run: | - ./scripts/render_and_upload_manifests.sh + ./scripts/render_and_upload_manifests.sh ${{ PULL_BASE_REF }} ${{ BOT_GITHUB_TOKEN }} outputs: release_id: ${{ steps.create-draft.outputs.release_id }} diff --git a/scripts/render_and_upload_manifests.sh b/scripts/render_and_upload_manifests.sh index 8ca2f33a..16a1e773 100755 --- a/scripts/render_and_upload_manifests.sh +++ b/scripts/render_and_upload_manifests.sh @@ -8,7 +8,7 @@ set -o pipefail # prevents errors in a pipeline from being masked # Expected variables: # PULL_BASE_REF - name of the tag -# GITHUB_TOKEN - github token used to upload the template yaml +# BOT_GITHUB_TOKEN - github token used to upload the template yaml uploadFile() { filePath=${1} @@ -17,7 +17,7 @@ uploadFile() { echo "Uploading ${filePath} as ${ghAsset}" response=$(curl -s -o output.txt -w "%{http_code}" \ --request POST --data-binary @"$filePath" \ - -H "Authorization: token $GITHUB_TOKEN" \ + -H "Authorization: token $BOT_GITHUB_TOKEN" \ -H "Content-Type: text/yaml" \ $ghAsset) if [[ "$response" != "201" ]]; then @@ -37,7 +37,8 @@ MODULE_VERSION=${PULL_BASE_REF} make render-manifest echo "Generated eventing-manager.yaml:" cat eventing-manager.yaml -# MODULE_VERSION=${PULL_BASE_REF} make module-build +MODULE_VERSION=${PULL_BASE_REF} make module-build + # TODO completly remove the rendering of the module-template from the repository. # echo "Generated moduletemplate.yaml:" # cat module-template.yaml @@ -47,7 +48,7 @@ echo "Updating github release with eventing-manager.yaml" echo "Finding release id for: ${PULL_BASE_REF}" CURL_RESPONSE=$(curl -w "%{http_code}" -sL \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ + -H "Authorization: Bearer $BOT_GITHUB_TOKEN" \ https://api.github.com/repos/kyma-project/eventing-manager/releases) JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}") HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}") From aff18c6c273bbdd6b625e0a59d387a7b4498bbbb Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 12:11:26 +0100 Subject: [PATCH 2/9] fix reference to release name (#342) --- .github/workflows/create-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 07dd8687..352c9dd8 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -66,10 +66,10 @@ jobs: - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml env: - PULL_BASE_REF: ${{ PULL_BASE_REF }} + PULL_BASE_REF: ${{ github.event.input.name }} BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} run: | - ./scripts/render_and_upload_manifests.sh ${{ PULL_BASE_REF }} ${{ BOT_GITHUB_TOKEN }} + ./scripts/render_and_upload_manifests.sh outputs: release_id: ${{ steps.create-draft.outputs.release_id }} From a4550761ff093e413a9ab414f8144d038e94cfd6 Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 13:11:26 +0100 Subject: [PATCH 3/9] add missing env vars for IMG and MODULE_REGISTERY (#343) * add missing env vars for IMG and MODULE_REGISTERY * remove arg * add KUSTOMIZE_VERSION --- .github/workflows/create-release.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 352c9dd8..77e60ca2 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -68,6 +68,9 @@ jobs: env: PULL_BASE_REF: ${{ github.event.input.name }} BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} + IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.input.name }}" + MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" + KUSTOMIZE_VERSION: "v4.5.6" run: | ./scripts/render_and_upload_manifests.sh From c4326c4528aa94439a1ded2a204c9613ab741239 Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 14:03:26 +0100 Subject: [PATCH 4/9] fix wrong token (#344) * add missing env vars for IMG and MODULE_REGISTERY * remove arg * replace the BOT_GITHUB_TOKEN with the GITHUB_TOKEN --- .github/workflows/create-release.yml | 2 +- scripts/render_and_upload_manifests.sh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 77e60ca2..0597cfe5 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -67,7 +67,7 @@ jobs: - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml env: PULL_BASE_REF: ${{ github.event.input.name }} - BOT_GITHUB_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.input.name }}" MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" KUSTOMIZE_VERSION: "v4.5.6" diff --git a/scripts/render_and_upload_manifests.sh b/scripts/render_and_upload_manifests.sh index 16a1e773..06739a1b 100755 --- a/scripts/render_and_upload_manifests.sh +++ b/scripts/render_and_upload_manifests.sh @@ -8,7 +8,7 @@ set -o pipefail # prevents errors in a pipeline from being masked # Expected variables: # PULL_BASE_REF - name of the tag -# BOT_GITHUB_TOKEN - github token used to upload the template yaml +# GITHUB_TOKEN - github token used to upload the template yaml uploadFile() { filePath=${1} @@ -17,7 +17,7 @@ uploadFile() { echo "Uploading ${filePath} as ${ghAsset}" response=$(curl -s -o output.txt -w "%{http_code}" \ --request POST --data-binary @"$filePath" \ - -H "Authorization: token $BOT_GITHUB_TOKEN" \ + -H "Authorization: token $GITHUB_TOKEN" \ -H "Content-Type: text/yaml" \ $ghAsset) if [[ "$response" != "201" ]]; then @@ -48,7 +48,7 @@ echo "Updating github release with eventing-manager.yaml" echo "Finding release id for: ${PULL_BASE_REF}" CURL_RESPONSE=$(curl -w "%{http_code}" -sL \ -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $BOT_GITHUB_TOKEN" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ https://api.github.com/repos/kyma-project/eventing-manager/releases) JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}") HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}") From 11ac4ad9b325773099e5f3ddd2262e5f1746632f Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 15:53:26 +0100 Subject: [PATCH 5/9] remove call of make module-build (#347) * remove call of make module-build We really only need to render the manifests so lets remove module-build. * revert removal of MODULE_REGISTERY --- scripts/render_and_upload_manifests.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/render_and_upload_manifests.sh b/scripts/render_and_upload_manifests.sh index 06739a1b..8ca2f33a 100755 --- a/scripts/render_and_upload_manifests.sh +++ b/scripts/render_and_upload_manifests.sh @@ -37,8 +37,7 @@ MODULE_VERSION=${PULL_BASE_REF} make render-manifest echo "Generated eventing-manager.yaml:" cat eventing-manager.yaml -MODULE_VERSION=${PULL_BASE_REF} make module-build - +# MODULE_VERSION=${PULL_BASE_REF} make module-build # TODO completly remove the rendering of the module-template from the repository. # echo "Generated moduletemplate.yaml:" # cat module-template.yaml From 06f9d6b870edccf485aa4799fb7bf6ad1b1ce83e Mon Sep 17 00:00:00 2001 From: Friedrich Date: Fri, 15 Dec 2023 16:23:27 +0100 Subject: [PATCH 6/9] fix spelling of env var name (#348) --- .github/workflows/create-release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 0597cfe5..af73a0d3 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -66,9 +66,9 @@ jobs: - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml env: - PULL_BASE_REF: ${{ github.event.input.name }} + PULL_BASE_REF: ${{ github.event.inputs.name }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.input.name }}" + IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}" MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" KUSTOMIZE_VERSION: "v4.5.6" run: | From e9e7252d1798a72a96cfb854eee2a1ba6746b400 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Mon, 15 Jan 2024 18:22:04 +0100 Subject: [PATCH 7/9] release-without-version-input --- .github/workflows/create-release.yml | 47 +++++++++++++--------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index af73a0d3..ffd7cbb1 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -2,15 +2,10 @@ name: "Create release" on: workflow_dispatch: - inputs: - name: - description: 'Release name ( e.g. "2.1.3" )' - default: "" - required: true jobs: - verify-head-status: - name: Verify head (image version and prow job) + verify-release: + name: Verify release runs-on: ubuntu-latest steps: @@ -19,23 +14,28 @@ jobs: with: fetch-depth: 0 - - name: Verify that the current branch has a name that starts with 'release-' + - name: Generate version number + id: version run: | - CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) - if [[ "$CURRENT_BRANCH" == release-* ]]; then - echo "Branch name starts with 'release-'." - else - echo "Branch name does not start with 'release-'." - exit 1 - fi + GET_VERSION=$(mktemp /tmp/get-version-from-branch.sh) + curl -L https://raw.githubusercontent.com/kyma-project/eventing-tools/main/hack/scripts/get-version-from-branch.sh -o "${GET_VERSION}" + chmod +x "${GET_VERSION}" + VERSION="${GET_VERSION}" + echo "::set-output name=version::$version" - name: Check image Tag - run: ./scripts/check_tag_info.sh ${{ github.event.inputs.name }} + env: + VERSION: ${{ steps.gen-version.outputs.VERSION }} + run: ./scripts/check_tag_info.sh $VERSION create-draft: name: Create draft release needs: verify-head-status runs-on: ubuntu-latest + env: + VERSION: ${{ needs.verify-release.outputs.VERSION }} + outputs: + release_id: ${{ steps.create-draft.outputs.release_id }} steps: - name: Checkout code @@ -46,37 +46,34 @@ jobs: - name: Create changelog env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: ./scripts/create_changelog.sh ${{ github.event.inputs.name }} + run: ./scripts/create_changelog.sh $VERSION - name: Create draft release id: create-draft env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.name }}) + RELEASE_ID=$(./scripts/create_draft_release.sh $VERSION echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT - name: Create lightweight tag run: | - git tag ${{ github.event.inputs.name }} - git push origin ${{ github.event.inputs.name }} + git tag $VERSION + git push origin $VERSION - name: Verify job status run: ./scripts/verify-status.sh ${{ github.ref_name }} 600 10 30 - name: Create and upload eventing-manager.yaml and eventing-default-cr.yaml env: - PULL_BASE_REF: ${{ github.event.inputs.name }} + PULL_BASE_REF: $VERSION GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${{ github.event.inputs.name }}" + IMG: "europe-docker.pkg.dev/kyma-project/prod/eventing-manager:${VERSION}" MODULE_REGISTRY: "europe-docker.pkg.dev/kyma-project/prod/unsigned" KUSTOMIZE_VERSION: "v4.5.6" run: | ./scripts/render_and_upload_manifests.sh - outputs: - release_id: ${{ steps.create-draft.outputs.release_id }} - publish-release: name: Publish release needs: [verify-head-status, create-draft] From e22cadedde3219655ba6788d8c310472bf19f61b Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Mon, 15 Jan 2024 18:32:48 +0100 Subject: [PATCH 8/9] improve check_sec-scanners-config.sh rename from check_tag_info.sh to check_sec-scanners-config.sh and add error handling and desciption. --- .github/workflows/create-release.yml | 2 +- ..._tag_info.sh => check_sec-scanners-config.sh} | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) rename scripts/{check_tag_info.sh => check_sec-scanners-config.sh} (61%) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index ffd7cbb1..b61e652d 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -26,7 +26,7 @@ jobs: - name: Check image Tag env: VERSION: ${{ steps.gen-version.outputs.VERSION }} - run: ./scripts/check_tag_info.sh $VERSION + run: ./scripts/check_sec-scanners-config.sh $VERSION create-draft: name: Create draft release diff --git a/scripts/check_tag_info.sh b/scripts/check_sec-scanners-config.sh similarity index 61% rename from scripts/check_tag_info.sh rename to scripts/check_sec-scanners-config.sh index 28a5c8b9..40497b80 100755 --- a/scripts/check_tag_info.sh +++ b/scripts/check_sec-scanners-config.sh @@ -1,10 +1,12 @@ #!/usr/bin/env bash -############################## -# Check tags in security-scan-config.yaml -# Image Tag, rc-tag -############################## +# This script checks thate the RC-Tag and the eventing-manager image have the tag of the corresponding release. +# Error handling: +set -o nounset # treat unset variables as an error and exit immediately. +set -o errexit # exit immediately when a command fails. +set -E # needs to be set if we want the ERR trap +set -o pipefail # prevents errors in a pipeline from being masked # Get release version DESIRED_TAG="${1:-"main"}" @@ -19,12 +21,12 @@ RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f # Check IMAGE_TAG and required image tag if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then - # ERROR: Tag issue - echo "Tags are not correct: + # ERROR: Tag issue + echo "Tags are not correct: - wanted: $DESIRED_TAG - security-scanner image tag: $IMAGE_TAG - rc-tag: $RC_TAG" - exit 1 + exit 1 fi # OK: Everything is fine From 643b01c27443e6102cd3782eaf32b6de5efaa3b6 Mon Sep 17 00:00:00 2001 From: Friedrich Wilken Date: Mon, 15 Jan 2024 18:41:38 +0100 Subject: [PATCH 9/9] clean up --- .github/workflows/create-release.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index b61e652d..c372a920 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -7,6 +7,8 @@ jobs: verify-release: name: Verify release runs-on: ubuntu-latest + outputs: + version: ${{ steps.gen-version.outputs.VERSION }} steps: - name: Checkout code @@ -15,13 +17,16 @@ jobs: fetch-depth: 0 - name: Generate version number - id: version + id: gen-version run: | - GET_VERSION=$(mktemp /tmp/get-version-from-branch.sh) + # get script + GET_VERSION=$(mktemp /tmp/get-version-from-branch.XXXXX) curl -L https://raw.githubusercontent.com/kyma-project/eventing-tools/main/hack/scripts/get-version-from-branch.sh -o "${GET_VERSION}" chmod +x "${GET_VERSION}" - VERSION="${GET_VERSION}" - echo "::set-output name=version::$version" + # get version via script + VERSION=$("${GET_VERSION}") + # push version to output environment file + echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT - name: Check image Tag env: