-
Notifications
You must be signed in to change notification settings - Fork 14
154 lines (127 loc) · 5.33 KB
/
promote-to-release-channel.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
name: promote to release channel
on:
workflow_dispatch:
inputs:
new_warden_tag:
description: 'New warden tag (`x.x.x`)'
default: ""
required: true
warden_skr_config_version:
description: 'Warden SKR config version (`y.y`)'
default: ""
required: true
channel:
description: 'Module channel'
default: "regular"
required: true
env:
MODULE_VERSION: ${{ github.event.inputs.new_warden_tag }}
CHANNEL: ${{ github.event.inputs.channel }}
# needed by gh cli for GitHub enterprise
GH_ENTERPRISE_TOKEN: ${{ secrets.GH_BOT_TOKEN }}
WARDEN_SKR_OVERRIDES_REPO_URL: ${{ secrets.WARDEN_SKR_OVERRIDES_REPO_URL }}
BOT_USERNAME: kyma-otter-serviceuser
BOT_EMAIL: [email protected]
GH_TOOLS_REPO_URL: ${{ secrets.GH_TOOLS_REPO_URL }}
jobs:
create-tag:
name: Create tag
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.ref_name }} # fetching the latest changes (incl. the commit from previous job) from branch name
- name: Create lightweight tag
run: |
git tag ${{ github.event.inputs.new_warden_tag }}
git push origin ${{ github.event.inputs.new_warden_tag }}
- name: Verify job status
run: ./.github/scripts/verify-release-builds.sh ${{ github.ref_name }}
upgrade-images:
name: Bump warden images references
needs: create-tag
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.BOT_TOKEN }}
- name: Bump sec-scanners-config.yaml
run: ./.github/scripts/upgrade-sec-scanners-config.sh
env:
IMG_VERSION: ${{ github.event.inputs.new_warden_tag }}
- name: Bump values.yaml
run: |
make replace-chart-images
env:
IMG_DIRECTORY: "prod"
IMG_VERSION: ${{ github.event.inputs.new_warden_tag }}
- name: Bump chart version
run: ./.github/scripts/upgrade-chart-version.sh
env:
CHART_VERSION: ${{ github.event.inputs.new_warden_tag }}
- name: Commit&Push
run: |
git config --local user.email "[email protected]"
git config --local user.name "otter-releaser"
git add .
git commit --allow-empty -m "upgrade dependencies"
git push origin ${{ github.ref_name }}
- name: Verify job status
run: ./.github/scripts/verify-release-builds.sh ${{ github.ref_name }}
promote-warden:
name: Render warden with skr config
needs: upgrade-images
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.new_warden_tag }} # fetching tag that was created in previous job
- name: Download warden-SKR-config
run: |
gh release download ${{ github.event.inputs.warden_skr_config_version }} -R "${WARDEN_SKR_OVERRIDES_REPO_URL}" --pattern '*.yaml' --output values.yaml
- name: Render warden manifest for values
run: |
make render-manifest-for-values
echo "==== warden manifest ==="
cat warden.yaml
- name: Render module-config
run: |
make module-config
echo "==== module-config ==="
cat module-config.yaml
- name: Set up module-manifests repo
run: |
git config --global user.email "${BOT_EMAIL}"
git config --global user.name "${BOT_USERNAME}"
git clone "https://${BOT_USERNAME}:${GH_ENTERPRISE_TOKEN}@${GH_TOOLS_REPO_URL}/${BOT_USERNAME}/module-manifests.git"
git -C module-manifests remote add upstream "https://${BOT_USERNAME}:${GH_ENTERPRISE_TOKEN}@${GH_TOOLS_REPO_URL}/kyma/module-manifests.git"
- name: Commit manifest
working-directory: module-manifests
run: |
git fetch upstream
git checkout -B "${MODULE_VERSION}-${CHANNEL}" upstream/main
mkdir -p modules/warden/${CHANNEL}
cp ../warden.yaml modules/warden/${CHANNEL}/warden.yaml
cp ../module-config.yaml modules/warden/${CHANNEL}/module-config.yaml
git add .
git commit -m "promote warden ${MODULE_VERSION} to ${CHANNEL} channel"
git push origin "${MODULE_VERSION}-${CHANNEL}" -f
- name: Create PullRequest to module-manifests
working-directory: module-manifests
run: |
prs=$(gh pr list -R "https://${GH_TOOLS_REPO_URL}/kyma/module-manifests" -A "${BOT_USERNAME}" --state open --json headRefName)
if echo $prs | jq -e ".[] | select(.headRefName==\"${MODULE_VERSION}-${CHANNEL}\")"; then
echo "opened PR already exists, no need to create new one, PR will be updated by push from previous step"
exit 0
fi
gh pr create -B main --fill \
-H "${BOT_USERNAME}:${MODULE_VERSION}-${CHANNEL}" \
-R "https://${GH_TOOLS_REPO_URL}/kyma/module-manifests/" \
--title "Promote Warden ${MODULE_VERSION} to ${CHANNEL} channel" \
--body "https://github.com/kyma-project/warden/actions/${{github.run_id}}"