Skip to content

Upgrade openshift-preflight action version to 1.10.2 (#1888) #1334

Upgrade openshift-preflight action version to 1.10.2 (#1888)

Upgrade openshift-preflight action version to 1.10.2 (#1888) #1334

# GitHub workflow for creating release.
# Trigger release branch should be merge into main
# TODO add e2e/smoke test for autogen configuration
name: Create Release
on:
push:
tags:
- 'v*'
workflow_call:
inputs:
tag:
type: string
description: "Name of existing tag to release (format should be 'v*')"
required: true
workflow_dispatch:
inputs:
tag:
type: string
description: "Name of existing tag (or branch) to release (format should be 'v*')"
required: true
image_repo:
type: choice
description: "Target image repository for built images"
default: mongodb/mongodb-atlas-kubernetes-operator-prerelease
required: true
options:
- mongodb/mongodb-atlas-kubernetes-operator-prerelease
- mongodb/mongodb-atlas-kubernetes-operator
release_helm:
type: choice
description: "Whether or not to trigger the Helm release as well. Skip by default for tests"
default: 'false'
required: true
options:
- true
- false
certify:
type: choice
description: "Whether or not to certify the OpenShift images. Skip by default for tests"
default: 'false'
required: true
options:
- true
- false
release_to_github:
type: choice
description: "Whether or not to create the GitHub release. Skip by default for tests"
default: 'false'
required: true
options:
- true
- false
jobs:
create-release:
environment: release
name: Create Release
runs-on: ubuntu-latest
env:
RELEASE_HELM: ${{ github.event.inputs.release_helm || 'true' }}
CERTIFY: ${{ github.event.inputs.certify || 'true' }}
RELEASE_TO_GITHUB: ${{ github.event.inputs.release_to_github || 'true' }}
TAG: ${{ inputs.tag || github.head_ref || github.ref_name }}
steps:
- name: Free disk space
run: |
sudo swapoff -a
sudo rm -f /swapfile
sudo apt clean
docker rmi $(docker image ls -aq)
df -h
- name: Compute release tag and options
id: tag
run: |
version=$(echo "${TAG}" |awk -F'^v' '{print $2}')
prerelease_tail=$(echo "${version}" | awk -F'-' '{print $2}')
if [[ "$prerelease_tail" == "" ]]; then
echo "Releasing version $version..."
repo="mongodb/mongodb-atlas-kubernetes-operator"
else
echo "Pre-releasing version $version..."
repo="mongodb/mongodb-atlas-kubernetes-operator-prerelease"
RELEASE_HELM=false
CERTIFY=false
RELEASE_TO_GITHUB=false
fi
echo "release_helm=${RELEASE_HELM}" >> "$GITHUB_OUTPUT"
echo "certify=${CERTIFY}" >> "$GITHUB_OUTPUT"
echo "release_to_github=${RELEASE_TO_GITHUB}" >> "$GITHUB_OUTPUT"
echo "repo=${repo}" >> "$GITHUB_OUTPUT"
echo "version=${version}" >> "$GITHUB_OUTPUT"
echo "certified_version=${version}-certified" >> "$GITHUB_OUTPUT"
cat "$GITHUB_OUTPUT"
- name: Check out code
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
ref: ${{ env.TAG }}
- name: Install devbox
uses: jetify-com/[email protected]
with:
enable-cache: 'true'
- name: Trigger helm post release workflow
if: ${{ steps.tag.outputs.release_helm == 'true' }}
run: |
devbox run -- 'make release-helm JWT_RSA_PEM_KEY_BASE64="${{ secrets.AKO_RELEASER_RSA_KEY_BASE64 }}" \
JWT_APP_ID="${{ secrets.AKO_RELEASER_APP_ID }}" \
VERSION="${{ steps.tag.outputs.version }}"'
- name: Choose Dockerfile
id: pick-dockerfile
run: |
if test -f "fast.Dockerfile"; then
echo "dockerfile=fast.Dockerfile" >> $GITHUB_OUTPUT
else
echo "dockerfile=Dockerfile" >> $GITHUB_OUTPUT
fi
- name: Check signing supported
id: check-signing-support
run: |
if test -f "./scripts/sign-multiarch.sh"; then
echo "sign=true" >> $GITHUB_OUTPUT
else
echo "sign=false" >> $GITHUB_OUTPUT
fi
- name: Build all platforms & check version
if: steps.pick-dockerfile.outputs.dockerfile == 'fast.Dockerfile'
run: |
devbox run -- 'make all-platforms VERSION=${{ steps.tag.outputs.version }}
# Not all versions of Makefiles support the version check
if make -n | grep -q check-version; then
echo "Checking version..."
make check-version VERSION=${{ steps.tag.outputs.version }}
else
echo "Skipped version check"
fi'
- name: Build and Push image
uses: ./.github/actions/build-push-image
with:
repository: ${{ steps.tag.outputs.repo }}
file: ${{ steps.pick-dockerfile.outputs.dockerfile }}
version: ${{ steps.tag.outputs.version }}
certified_version: ${{ steps.tag.outputs.certified_version }}
platforms: linux/amd64,linux/arm64
docker_username: ${{ secrets.DOCKER_USERNAME }}
docker_password: ${{ secrets.DOCKER_PASSWORD }}
push_to_quay: true
quay_username: mongodb+mongodb_atlas_kubernetes
quay_password: ${{ secrets.QUAY_PASSWORD }}
tags: |
${{ steps.tag.outputs.repo }}:${{ steps.tag.outputs.version }}
quay.io/${{ steps.tag.outputs.repo }}:${{ steps.tag.outputs.version }}
quay.io/${{ steps.tag.outputs.repo }}:${{ steps.tag.outputs.version }}-certified
- name: Certify Openshift images
if: ${{ steps.tag.outputs.certify == 'true' }}
uses: ./.github/actions/certify-openshift-images
with:
registry: quay.io
registry_password: ${{ secrets.QUAY_PASSWORD }}
repository: ${{ steps.tag.outputs.repo }}
version: ${{ steps.tag.outputs.certified_version }}
rhcc_token: ${{ secrets.RH_CERTIFICATION_PYXIS_API_TOKEN }}
rhcc_project: ${{ secrets.RH_CERTIFICATION_OSPID }}
submit: true
- name: Login to artifactory.corp.mongodb.com
if: steps.check-signing-support.outputs.sign == 'true'
uses: docker/login-action@v3
with:
registry: artifactory.corp.mongodb.com
username: ${{ secrets.MDB_ARTIFACTORY_USERNAME }}
password: ${{ secrets.MDB_ARTIFACTORY_PASSWORD }}
- name: Sign images
if: steps.check-signing-support.outputs.sign == 'true'
env:
PKCS11_URI: ${{ secrets.PKCS11_URI }}
GRS_USERNAME: ${{ secrets.GRS_USERNAME }}
GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }}
IMAGE_REPOSITORY: ${{ steps.tag.outputs.repo }}
run: |
devbox run -- 'make sign IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}'
devbox run -- 'make sign IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}'
devbox run -- 'make sign IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}-certified" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}'
devbox run -- 'make sign IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}" SIGNATURE_REPO=mongodb/signatures'
devbox run -- 'make sign IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}-certified" SIGNATURE_REPO=mongodb/signatures'
- name: Self-verify images
if: steps.check-signing-support.outputs.sign == 'true'
env:
PKCS11_URI: ${{ secrets.PKCS11_URI }}
GRS_USERNAME: ${{ secrets.GRS_USERNAME }}
GRS_PASSWORD: ${{ secrets.GRS_PASSWORD }}
IMAGE_REPOSITORY: ${{ steps.tag.outputs.repo }}
run: |
devbox run -- 'make verify IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}'
devbox run -- 'make verify IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}'
devbox run -- 'make verify IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}-certified" SIGNATURE_REPO=${{ env.IMAGE_REPOSITORY }}'
devbox run -- 'make verify IMG="${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}" SIGNATURE_REPO=mongodb/signatures'
devbox run -- 'make verify IMG="quay.io/${{ env.IMAGE_REPOSITORY }}:${{ steps.tag.outputs.version }}-certified" SIGNATURE_REPO=mongodb/signatures'
- name: Create configuration package
run: |
devbox run -- 'set -x'
devbox run -- 'tar czvf atlas-operator-all-in-one-${{ steps.tag.outputs.version }}.tar.gz -C deploy all-in-one.yaml'
- name: Create Release
if: steps.tag.outputs.release_to_github == 'true'
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.TAG }}
release_name: ${{ env.TAG }}
body_path: docs/release-notes/release-notes-template.md
draft: true
prerelease: false
- name: Upload Release Asset
if: steps.tag.outputs.release_to_github == 'true'
id: upload-release-asset
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
asset_path: ./atlas-operator-all-in-one-${{ steps.tag.outputs.version }}.tar.gz
asset_name: atlas-operator-all-in-one-${{ steps.tag.outputs.version }}.tar.gz
asset_content_type: application/tgz