generated from kyma-project/template-repository
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
release with semantic versioning (#259)
* clean and format code * change name and description * check the version format s * remove module template rendering * fix script name * improve check_sec-scanners-config * improve render_and_upload s * update sec-scanners-config * improve scripts * improve comments * improve scripts
- Loading branch information
1 parent
13159cf
commit 5089dc6
Showing
14 changed files
with
298 additions
and
193 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
#!/usr/bin/env bash | ||
|
||
# This script checks the state of the prow job "release-build-nats-manager" | ||
|
||
# Error handling. | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
echo "Checking status of POST Jobs for NATS-Manager" | ||
|
||
REF_NAME="${1:-"main"}" | ||
STATUS_URL="https://api.github.com/repos/kyma-project/nats-manager/commits/${REF_NAME}/status" | ||
fullstatus=$(curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL} | head -n 2) | ||
|
||
sleep 10 | ||
echo $fullstatus | ||
|
||
if [[ "$fullstatus" == *"success"* ]]; then | ||
echo "All jobs succeeded" | ||
else | ||
echo "Jobs failed or pending - Check Prow status" | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
#!/usr/bin/env bash | ||
|
||
############################## | ||
# Check tags in sec-scanners-config.yaml | ||
# Image Tag, rc-tag | ||
############################## | ||
|
||
# Error handling: | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
# The desired tag is the release version. | ||
DESIRED_TAG="${1}" | ||
|
||
# Get nats-manager image tag from sec-scanners-config.yaml. | ||
IMAGE_TAG_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/nats-manager}" | ||
IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${IMAGE_TAG_TO_CHECK}" | cut -d : -f 2) | ||
|
||
# Get rc-tag from sec-scanners-config.yaml. | ||
RC_TAG_TO_CHECK="${3:-rc-tag}" | ||
RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2 | xargs) | ||
|
||
# Check if the image tag and the rc-tag match the desired tag. | ||
if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then | ||
# ERROR: Tag issue | ||
echo "Tags are not correct: | ||
- wanted: $DESIRED_TAG | ||
- security-scanner image tag: $IMAGE_TAG | ||
- rc-tag: $RC_TAG" | ||
exit 1 | ||
fi | ||
|
||
# OK; Everything is fine. | ||
echo "Tags are correct" | ||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Error handling: | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
# This script checks that the tag does not exist in git. | ||
|
||
TAG="$1" | ||
|
||
if [ $(git tag -l $TAG) ]; then | ||
echo "Error; tag $TAG already exists" | ||
exit 1 | ||
else | ||
echo "tag $TAG does not exist" | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Error handling: | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
# This script checks that the RELEASE_TAG does follow the pattern x.y.z where x, y and z are integers. | ||
|
||
RELEASE_TAG="$1" | ||
|
||
if [[ $RELEASE_TAG =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | ||
echo "Version format is valid." | ||
else | ||
echo "Version format is invalid: ${RELEASE_TAG}" | ||
echo "Version should follow pattern x.y.z, where x, y and z are integers." | ||
echo "(e.g. 1.2.3)" | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
#!/usr/bin/env bash | ||
|
||
# Optional args need to be handled before 'set -o nonset'. | ||
PREVIOUS_RELEASE=$2 # for testability | ||
|
||
# Error handling. | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
RELEASE_TAG=$1 | ||
|
||
REPOSITORY=${REPOSITORY:-kyma-project/nats-manager} | ||
GITHUB_URL=https://api.github.com/repos/${REPOSITORY} | ||
GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}" | ||
CHANGELOG_FILE="CHANGELOG.md" | ||
|
||
# If the previous release was not passed, we will | ||
if [ "${PREVIOUS_RELEASE}" == "" ]; then | ||
# The git describe --tag --abbrev=0 command is used to find the most recent tag that is reachable from a commit. | ||
# The --tag option tells git describe to consider any tag found in the refs/tags namespace, enabling matching a lightweight (non-annotated) tag. | ||
PREVIOUS_RELEASE=$(git describe --tags --abbrev=0) | ||
fi | ||
|
||
# Generate the changelog in the CHANGELOG.md. | ||
echo "## What has changed" >>${CHANGELOG_FILE} | ||
|
||
# Iterate over all commits since the previous release. | ||
git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit; do | ||
# If the author of the commit is not kyma-bot, show append the commit message to the changelog. | ||
COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login') | ||
if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then | ||
git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >>${CHANGELOG_FILE} | ||
fi | ||
done | ||
|
||
# Create a new file (with a unique name based on the process ID of the current shell). | ||
NEW_CONTRIB=$$.new | ||
|
||
# Find unique authors that contribute since the last release, but not before it, and to the NEW_CONTRIB file. | ||
join -v2 \ | ||
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \ | ||
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB} | ||
|
||
# Add new contributors to the 'new contributors' section of the changelog. | ||
if [ -s ${NEW_CONTRIB} ]; then | ||
echo -e "\n## New contributors" >>${CHANGELOG_FILE} | ||
while read -r user; do | ||
REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true) | ||
if [ -n "${REF_PR}" ]; then #reference found | ||
REF_PR=" in ${REF_PR}" | ||
fi | ||
echo "* @${user} made first contribution${REF_PR}" >>${CHANGELOG_FILE} | ||
done <${NEW_CONTRIB} | ||
fi | ||
|
||
# Append link to the full-changelog this changelog. | ||
echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >>${CHANGELOG_FILE} | ||
|
||
# Cleanup the NEW_CONTRIB file. | ||
rm ${NEW_CONTRIB} || echo "cleaned up" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
#!/usr/bin/env bash | ||
|
||
# This script will render the latest manifests and it will uploaded them to the release on github.com. | ||
|
||
# Error handling | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
RELEASE_TAG=${1} | ||
GITHUB_TOKEN=${2} | ||
|
||
# uploadFile uploads the rendered assets to the github release. | ||
uploadFile() { | ||
filePath=${1} | ||
ghAsset=${2} | ||
|
||
response=$(curl -s -o output.txt -w "%{http_code}" \ | ||
--request POST --data-binary @"$filePath" \ | ||
-H "Authorization: token $GITHUB_TOKEN" \ | ||
-H "Content-Type: text/yaml" \ | ||
$ghAsset) | ||
if [[ "$response" != "201" ]]; then | ||
echo "Unable to upload the asset ($filePath): " | ||
echo "HTTP Status: $response" | ||
cat output.txt | ||
exit 1 | ||
else | ||
echo "$filePath uploaded" | ||
fi | ||
} | ||
|
||
# Render the nats-manager.yaml. | ||
echo "RELEASE_TAG: ${RELEASE_TAG}" | ||
MODULE_VERSION=${RELEASE_TAG} make render-manifest | ||
echo "Generated nats-manager.yaml:" | ||
cat nats-manager.yaml | ||
|
||
# Find the release on github.com via the release tag. | ||
echo -e "\n Updating github release with nats-manager.yaml" | ||
echo "Finding release id for: ${RELEASE_TAG}" | ||
CURL_RESPONSE=$(curl -w "%{http_code}" -sL \ | ||
-H "Accept: application/vnd.github+json" \ | ||
-H "Authorization: Bearer $GITHUB_TOKEN" \ | ||
https://api.github.com/repos/kyma-project/nats-manager/releases) | ||
JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}") | ||
HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}") | ||
if [[ "${HTTP_CODE}" != "200" ]]; then | ||
echo "${JSON_RESPONSE}" && exit 1 | ||
fi | ||
|
||
# Extract the release id out of the github.com response. | ||
RELEASE_ID=$(jq <<<${JSON_RESPONSE} --arg tag "${RELEASE_TAG}" '.[] | select(.tag_name == $ARGS.named.tag) | .id') | ||
if [ -z "${RELEASE_ID}" ]; then | ||
echo "No release with tag = ${RELEASE_TAG}" | ||
exit 1 | ||
fi | ||
|
||
# With the id of the release we can build the URL to upload the assets. | ||
UPLOAD_URL="https://uploads.github.com/repos/kyma-project/nats-manager/releases/${RELEASE_ID}/assets" | ||
|
||
# Finally we will upload the nats-manager.yaml and the default.yaml. | ||
uploadFile "nats-manager.yaml" "${UPLOAD_URL}?name=nats-manager.yaml" | ||
uploadFile "config/samples/default.yaml" "${UPLOAD_URL}?name=nats_default_cr.yaml" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
#!/usr/bin/env bash | ||
|
||
# This script verifies, that the current branch name starts with 'release-' | ||
# | ||
# Error handling: | ||
set -o nounset # treat unset variables as an error and exit immediately. | ||
set -o errexit # exit immediately when a command fails. | ||
set -E # needs to be set if we want the ERR trap | ||
set -o pipefail # prevents errors in a pipeline from being masked | ||
|
||
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) | ||
if [[ "$CURRENT_BRANCH" == release-* ]]; then | ||
echo "Branch name starts with 'release-'." | ||
else | ||
echo "Branch name does not start with 'release-': ${CURRENT_BRANCH}" | ||
exit 1 | ||
fi |
Oops, something went wrong.