Skip to content

Commit

Permalink
release with semantic versioning (#259)
Browse files Browse the repository at this point in the history
* clean and format code

* change name and description

* check the version format

s

* remove module template rendering

* fix script name

* improve check_sec-scanners-config

* improve render_and_upload

s

* update sec-scanners-config

* improve scripts

* improve comments

* improve scripts
  • Loading branch information
friedrichwilken authored Dec 20, 2023
1 parent 13159cf commit 5089dc6
Show file tree
Hide file tree
Showing 14 changed files with 298 additions and 193 deletions.
25 changes: 25 additions & 0 deletions .github/scripts/check-prow-build-job.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
#!/usr/bin/env bash

# This script checks the state of the prow job "release-build-nats-manager"

# Error handling.
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

echo "Checking status of POST Jobs for NATS-Manager"

REF_NAME="${1:-"main"}"
STATUS_URL="https://api.github.com/repos/kyma-project/nats-manager/commits/${REF_NAME}/status"
fullstatus=$(curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL} | head -n 2)

sleep 10
echo $fullstatus

if [[ "$fullstatus" == *"success"* ]]; then
echo "All jobs succeeded"
else
echo "Jobs failed or pending - Check Prow status"
exit 1
fi
37 changes: 37 additions & 0 deletions .github/scripts/check_sec-scanners-config.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
#!/usr/bin/env bash

##############################
# Check tags in sec-scanners-config.yaml
# Image Tag, rc-tag
##############################

# Error handling:
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

# The desired tag is the release version.
DESIRED_TAG="${1}"

# Get nats-manager image tag from sec-scanners-config.yaml.
IMAGE_TAG_TO_CHECK="${2:-europe-docker.pkg.dev/kyma-project/prod/nats-manager}"
IMAGE_TAG=$(cat sec-scanners-config.yaml | grep "${IMAGE_TAG_TO_CHECK}" | cut -d : -f 2)

# Get rc-tag from sec-scanners-config.yaml.
RC_TAG_TO_CHECK="${3:-rc-tag}"
RC_TAG=$(cat sec-scanners-config.yaml | grep "${RC_TAG_TO_CHECK}" | cut -d : -f 2 | xargs)

# Check if the image tag and the rc-tag match the desired tag.
if [[ "$IMAGE_TAG" != "$DESIRED_TAG" ]] || [[ "$RC_TAG" != "$DESIRED_TAG" ]]; then
# ERROR: Tag issue
echo "Tags are not correct:
- wanted: $DESIRED_TAG
- security-scanner image tag: $IMAGE_TAG
- rc-tag: $RC_TAG"
exit 1
fi

# OK; Everything is fine.
echo "Tags are correct"
exit 0
18 changes: 18 additions & 0 deletions .github/scripts/check_tag_does_not_exist.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/usr/bin/env bash

# Error handling:
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

# This script checks that the tag does not exist in git.

TAG="$1"

if [ $(git tag -l $TAG) ]; then
echo "Error; tag $TAG already exists"
exit 1
else
echo "tag $TAG does not exist"
fi
20 changes: 20 additions & 0 deletions .github/scripts/check_version_format.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/usr/bin/env bash

# Error handling:
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

# This script checks that the RELEASE_TAG does follow the pattern x.y.z where x, y and z are integers.

RELEASE_TAG="$1"

if [[ $RELEASE_TAG =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "Version format is valid."
else
echo "Version format is invalid: ${RELEASE_TAG}"
echo "Version should follow pattern x.y.z, where x, y and z are integers."
echo "(e.g. 1.2.3)"
exit 1
fi
62 changes: 62 additions & 0 deletions .github/scripts/create_changelog.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#!/usr/bin/env bash

# Optional args need to be handled before 'set -o nonset'.
PREVIOUS_RELEASE=$2 # for testability

# Error handling.
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

RELEASE_TAG=$1

REPOSITORY=${REPOSITORY:-kyma-project/nats-manager}
GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
GITHUB_AUTH_HEADER="Authorization: token ${GITHUB_TOKEN}"
CHANGELOG_FILE="CHANGELOG.md"

# If the previous release was not passed, we will
if [ "${PREVIOUS_RELEASE}" == "" ]; then
# The git describe --tag --abbrev=0 command is used to find the most recent tag that is reachable from a commit.
# The --tag option tells git describe to consider any tag found in the refs/tags namespace, enabling matching a lightweight (non-annotated) tag.
PREVIOUS_RELEASE=$(git describe --tags --abbrev=0)
fi

# Generate the changelog in the CHANGELOG.md.
echo "## What has changed" >>${CHANGELOG_FILE}

# Iterate over all commits since the previous release.
git log ${PREVIOUS_RELEASE}..HEAD --pretty=tformat:"%h" --reverse | while read -r commit; do
# If the author of the commit is not kyma-bot, show append the commit message to the changelog.
COMMIT_AUTHOR=$(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/commits/${commit}" | jq -r '.author.login')
if [ "${COMMIT_AUTHOR}" != "kyma-bot" ]; then
git show -s ${commit} --format="* %s by @${COMMIT_AUTHOR}" >>${CHANGELOG_FILE}
fi
done

# Create a new file (with a unique name based on the process ID of the current shell).
NEW_CONTRIB=$$.new

# Find unique authors that contribute since the last release, but not before it, and to the NEW_CONTRIB file.
join -v2 \
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/$(git rev-list --max-parents=0 HEAD)...${PREVIOUS_RELEASE}" | jq -r '.commits[].author.login' | sort -u) \
<(curl -H "${GITHUB_AUTH_HEADER}" -sS "${GITHUB_URL}/compare/${PREVIOUS_RELEASE}...HEAD" | jq -r '.commits[].author.login' | sort -u) >${NEW_CONTRIB}

# Add new contributors to the 'new contributors' section of the changelog.
if [ -s ${NEW_CONTRIB} ]; then
echo -e "\n## New contributors" >>${CHANGELOG_FILE}
while read -r user; do
REF_PR=$(grep "@${user}" ${CHANGELOG_FILE} | head -1 | grep -o " (#[0-9]\+)" || true)
if [ -n "${REF_PR}" ]; then #reference found
REF_PR=" in ${REF_PR}"
fi
echo "* @${user} made first contribution${REF_PR}" >>${CHANGELOG_FILE}
done <${NEW_CONTRIB}
fi

# Append link to the full-changelog this changelog.
echo -e "\n**Full changelog**: https://github.com/$REPOSITORY/compare/${PREVIOUS_RELEASE}...${RELEASE_TAG}" >>${CHANGELOG_FILE}

# Cleanup the NEW_CONTRIB file.
rm ${NEW_CONTRIB} || echo "cleaned up"
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/usr/bin/env bash

# This script returns the id of the draft release
# This script creates a draft release and returns its id .

# standard bash error handling
# Error handling:
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
Expand All @@ -15,23 +15,26 @@ GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
CHANGELOG_FILE=$(cat CHANGELOG.md)

# Create the json payload to create a draft release.
JSON_PAYLOAD=$(jq -n \
--arg tag_name "$RELEASE_TAG" \
--arg name "$RELEASE_TAG" \
--arg body "$CHANGELOG_FILE" \
'{
--arg tag_name "$RELEASE_TAG" \
--arg name "$RELEASE_TAG" \
--arg body "$CHANGELOG_FILE" \
'{
"tag_name": $tag_name,
"name": $name,
"body": $body,
"draft": true
}')

# Send the payload to github to create the draft release. The response contains the id of the release.
CURL_RESPONSE=$(curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "${GITHUB_AUTH_HEADER}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${GITHUB_URL}/releases \
-d "$JSON_PAYLOAD")
-X POST \
-H "Accept: application/vnd.github+json" \
-H "${GITHUB_AUTH_HEADER}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${GITHUB_URL}/releases \
-d "$JSON_PAYLOAD")

# Return the draft release id.
echo "$(echo $CURL_RESPONSE | jq -r ".id")"
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"

CURL_RESPONSE=$(curl -L \
-X POST \
-H "Accept: application/vnd.github+json" \
-H "${GITHUB_AUTH_HEADER}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${GITHUB_URL}/releases/${RELEASE_ID} \
-d '{"draft":false}')
-X POST \
-H "Accept: application/vnd.github+json" \
-H "${GITHUB_AUTH_HEADER}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
${GITHUB_URL}/releases/${RELEASE_ID} \
-d '{"draft":false}')
65 changes: 65 additions & 0 deletions .github/scripts/render_and_upload_manifests.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#!/usr/bin/env bash

# This script will render the latest manifests and it will uploaded them to the release on github.com.

# Error handling
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

RELEASE_TAG=${1}
GITHUB_TOKEN=${2}

# uploadFile uploads the rendered assets to the github release.
uploadFile() {
filePath=${1}
ghAsset=${2}

response=$(curl -s -o output.txt -w "%{http_code}" \
--request POST --data-binary @"$filePath" \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: text/yaml" \
$ghAsset)
if [[ "$response" != "201" ]]; then
echo "Unable to upload the asset ($filePath): "
echo "HTTP Status: $response"
cat output.txt
exit 1
else
echo "$filePath uploaded"
fi
}

# Render the nats-manager.yaml.
echo "RELEASE_TAG: ${RELEASE_TAG}"
MODULE_VERSION=${RELEASE_TAG} make render-manifest
echo "Generated nats-manager.yaml:"
cat nats-manager.yaml

# Find the release on github.com via the release tag.
echo -e "\n Updating github release with nats-manager.yaml"
echo "Finding release id for: ${RELEASE_TAG}"
CURL_RESPONSE=$(curl -w "%{http_code}" -sL \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
https://api.github.com/repos/kyma-project/nats-manager/releases)
JSON_RESPONSE=$(sed '$ d' <<<"${CURL_RESPONSE}")
HTTP_CODE=$(tail -n1 <<<"${CURL_RESPONSE}")
if [[ "${HTTP_CODE}" != "200" ]]; then
echo "${JSON_RESPONSE}" && exit 1
fi

# Extract the release id out of the github.com response.
RELEASE_ID=$(jq <<<${JSON_RESPONSE} --arg tag "${RELEASE_TAG}" '.[] | select(.tag_name == $ARGS.named.tag) | .id')
if [ -z "${RELEASE_ID}" ]; then
echo "No release with tag = ${RELEASE_TAG}"
exit 1
fi

# With the id of the release we can build the URL to upload the assets.
UPLOAD_URL="https://uploads.github.com/repos/kyma-project/nats-manager/releases/${RELEASE_ID}/assets"

# Finally we will upload the nats-manager.yaml and the default.yaml.
uploadFile "nats-manager.yaml" "${UPLOAD_URL}?name=nats-manager.yaml"
uploadFile "config/samples/default.yaml" "${UPLOAD_URL}?name=nats_default_cr.yaml"
17 changes: 17 additions & 0 deletions .github/scripts/verify_is_on_release_branch.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
#!/usr/bin/env bash

# This script verifies, that the current branch name starts with 'release-'
#
# Error handling:
set -o nounset # treat unset variables as an error and exit immediately.
set -o errexit # exit immediately when a command fails.
set -E # needs to be set if we want the ERR trap
set -o pipefail # prevents errors in a pipeline from being masked

CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
if [[ "$CURRENT_BRANCH" == release-* ]]; then
echo "Branch name starts with 'release-'."
else
echo "Branch name does not start with 'release-': ${CURRENT_BRANCH}"
exit 1
fi
Loading

0 comments on commit 5089dc6

Please sign in to comment.