GH action release workflow

kyma-project · Jan 4, 2024 · 831e4ff · 831e4ff
1 parent c262d66
commit 831e4ff
Show file tree

Hide file tree

Showing 6 changed files with 171 additions and 6 deletions.
diff --git a/.github/scripts/publish_release.sh b/.github/scripts/publish_release.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+
+# This script publishes a draft release
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+RELEASE_ID=$1
+
+REPOSITORY=${REPOSITORY:-kyma-project/warden}
+GITHUB_URL=https://api.github.com/repos/${REPOSITORY}
+GITHUB_AUTH_HEADER="Authorization: Bearer ${GITHUB_TOKEN}"
+
+CURL_RESPONSE=$(curl -L \
+  -X POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "${GITHUB_AUTH_HEADER}" \
+  -H "X-GitHub-Api-Version: 2022-11-28" \
+  ${GITHUB_URL}/releases/${RELEASE_ID} \
+  -d '{"draft":false}')
diff --git a/.github/scripts/release-assets.sh b/.github/scripts/release-assets.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+# standard bash error handling
+set -o nounset  # treat unset variables as an error and exit immediately.
+set -o errexit  # exit immediately when a command fails.
+set -E          # needs to be set if we want the ERR trap
+set -o pipefail # prevents errors in a pipeline from being masked
+
+# Expected variables:
+PULL_BASE_REF=${PULL_BASE_REF?"Define PULL_BASE_REF env"} # name of the tag
+GITHUB_TOKEN=${GITHUB_TOKEN?"Define GITHUB_TOKEN env"} # github token used to upload the template yaml
+
+uploadFile() {
+  filePath=${1}
+  ghAsset=${2}
+
+  echo "Uploading ${filePath} as ${ghAsset}"
+  response=$(curl -s -o output.txt -w "%{http_code}" \
+                  --request POST --data-binary @"$filePath" \
+                  -H "Authorization: token $GITHUB_TOKEN" \
+                  -H "Content-Type: text/yaml" \
+                   $ghAsset)
+  if [[ "$response" != "201" ]]; then
+    echo "Unable to upload the asset ($filePath): "
+    echo "HTTP Status: $response"
+    cat output.txt
+    exit 1
+  else
+    echo "$filePath uploaded"
+  fi
+}
+
+echo "Fetching releases"
+CURL_RESPONSE=$(curl -w "%{http_code}" -sL \
+                -H "Accept: application/vnd.github+json" \
+                -H "Authorization: Bearer $GITHUB_TOKEN"\
+                https://api.github.com/repos/kyma-project/warden/releases)
+JSON_RESPONSE=$(sed '$ d' <<< "${CURL_RESPONSE}")
+HTTP_CODE=$(tail -n1 <<< "${CURL_RESPONSE}")
+if [[ "${HTTP_CODE}" != "200" ]]; then
+  echo "${CURL_RESPONSE}"
+  exit 1
+fi
+
+echo "Finding release id for: ${PULL_BASE_REF}"
+RELEASE_ID=$(jq <<< ${JSON_RESPONSE} --arg tag "${PULL_BASE_REF}" '.[] | select(.tag_name == $ARGS.named.tag) | .id')
+
+echo "Got '${RELEASE_ID}' release id"
+if [ -z "${RELEASE_ID}" ]
+then
+  echo "No release with tag = ${PULL_BASE_REF}"
+  exit 1
+fi
+
+echo "Updating github release with assets"
+UPLOAD_URL="https://uploads.github.com/repos/kyma-project/warden/releases/${RELEASE_ID}/assets"
+
+
+
+( cd charts ; tar czf "warden-${RELEASE_ID}.tgz" warden)
+
+uploadFile "warden-${RELEASE_ID}.tgz" "${UPLOAD_URL}?name=warden-chart.tgz"
+
+
+
+
diff --git a/.github/scripts/create_draft_release.sh → .github/scripts/release-draft.sh b/.github/scripts/create_draft_release.sh → .github/scripts/release-draft.sh
diff --git a/.github/scripts/verify-release-builds.sh b/.github/scripts/verify-release-builds.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+### Verify post-submit prow jobs status
+#
+# Optional input args:
+#   - REF_NAME - branch/tag/commit
+# Return status:
+#   - return 0 - if status is "success"
+#   - return 1 - if status is "failure" or after timeout (~25min)
+
+# wait until Prow trigger pipelines
+sleep 10
+
+echo "Checking status of tag build jobs for warden"
+
+REF_NAME="${1:-"main"}"
+STATUS_URL="https://api.github.com/repos/kyma-project/warden/commits/${REF_NAME}/status"
+
+function verify_github_jobs_status () {
+	local number=1
+	while [[ $number -le 100 ]] ; do
+		echo ">--> checking warden build job status #$number"
+		local STATUS=`curl -L -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" ${STATUS_URL} | jq -r .state `
+		echo "jobs status: ${STATUS:='UNKNOWN'}"
+		[[ "$STATUS" == "success" ]] && return 0
+		[[ "$STATUS" == "failure" ]] && return 1
+		sleep 15
+        	((number = number + 1))
+	done
+
+	exit 1
+}
+
+verify_github_jobs_status
diff --git a/.github/workflows/create-release.yaml b/.github/workflows/create-release.yaml
@@ -22,15 +22,57 @@ jobs:
       - name: Verify github actions
         run: ./.github/scripts/verify-actions-status.sh ${{ github.ref_name }}
 
+  create-draft:
+    name: Create draft release
+    needs: verify-head-status
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.ref_name }}
+
       - name: Create draft release
         id: create-draft
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          RELEASE_ID=$(./.github/scripts/create_draft_release.sh ${{ github.event.inputs.name }})
+          RELEASE_ID=$(./.github/scripts/release-draft.sh ${{ github.event.inputs.name }})
           echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT
 
       - name: Create lightweight tag
         run: |
           git tag ${{ github.event.inputs.name }}
-          git push origin ${{ github.event.inputs.name }}
+          git push origin ${{ github.event.inputs.name }}
+
+      - name: Create release assets
+        id: create-assets
+        env:
+          PULL_BASE_REF: ${{ github.event.inputs.name }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./.github/scripts/release-assets.sh
+
+      - name: Verify prow release jobs
+        run: ./.github/scripts/verify-release-builds.sh ${{ github.ref_name }}
+
+    outputs:
+      release_id: ${{ steps.create-draft.outputs.release_id }}
+
+  publish-release:
+    name: Publish release
+    needs: create-draft
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: ${{ github.event.inputs.name }} 
+
+      - name: Publish release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./.github/scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }}
diff --git a/Makefile b/Makefile
@@ -107,8 +107,8 @@ docker-buildx: test ## Build and push docker image for the manager for cross-pla
 
 ##@ Module
 
-.PHONY: module-build
-module-build: helm ## renders warden-manifest.yaml
+.PHONY: render-manifest
+render-manifest: helm ## renders warden-manifest.yaml
 	${HELM} template --namespace kyma-system warden charts/warden --set admission.enabled=true > warden-manifest.yaml
 
 ##@ CI
@@ -133,11 +133,11 @@ create-k3d: ## Create k3d
 	kubectl create namespace kyma-system
 
 .PHONY: run-on-k3d
-run-on-k3d: kyma create-k3d configure-git-origin module-build 
+run-on-k3d: kyma create-k3d configure-git-origin render-manifest 
 	kubectl apply -f warden-manifest.yaml
 
 .PHONY: run-on-cluster
-run-on-cluster: configure-git-origin module-build 
+run-on-cluster: configure-git-origin render-manifest
 	kubectl create namespace kyma-system
 	kubectl apply -f warden-manifest.yaml