Skip to content

[reconcile]: update .github/workflows/issue-pre-check.yaml #2

[reconcile]: update .github/workflows/issue-pre-check.yaml

[reconcile]: update .github/workflows/issue-pre-check.yaml #2

Workflow file for this run

name: release
on:
push:
tags:
- "v*.*.*"
branches:
- main
jobs:
generate-tag:
runs-on: ubuntu-20.04
outputs:
tag: ${{ github.ref_type == 'branch' && steps.get_tag.outputs.GIT_TAG || github.ref_name }}
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Get tags
id: get_tag
uses: ./actions/version-tag
- name: Push tag
if: github.ref_type == 'branch'
env:
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }}
run: |
git tag $GIT_TAG
git push origin $GIT_TAG
image-deps-updater:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: '^1.17.4'
- name: Run Update Script
env:
GITHUB_AUTH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }}
run: |
go run ./cmd/imagedeps
- name: Create Pull Request # creates a PR if there are differences
uses: peter-evans/create-pull-request@v3
id: cpr
with:
token: ${{ secrets.NIGHTLY_GH_PAT }}
commit-message: update kots image dependency tags
title: 'Automated Kots Image Dependency Tag Update'
branch: automation/image-dependencies
delete-branch: true
labels: |
automated-pr
images
draft: false
base: "main"
body: "Automated changes by the [release](https://github.com/replicatedhq/kots/blob/main/.github/workflows/release.yaml) GitHub action"
- name: Check outputs
run: |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}"
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
generate-schema:
runs-on: ubuntu-20.04
container:
image: schemahero/schemahero:0.13.2
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Generate fixtures
run: |
/schemahero fixtures \
--input-dir ./migrations/tables \
--output-dir ./migrations/fixtures/schema \
--dbname ship-cloud --driver postgres
- name: Upload schema artifact
uses: actions/upload-artifact@v2
with:
name: schema
path: ./migrations/fixtures/schema/fixtures.sql
generate-fixtures:
runs-on: ubuntu-20.04
needs: [generate-schema]
container:
image: replicated/gitops-builder:buildkite
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download schema artifact
uses: actions/download-artifact@v2
with:
name: schema
path: ./migrations/fixtures/schema
- name: Build fixtures
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations/fixtures deps build run
- name: Upload fixtures artifact
uses: actions/upload-artifact@v2
with:
name: fixtures
path: ./migrations/fixtures/fixtures.sql
build-schema-migrations:
runs-on: ubuntu-20.04
needs: [generate-fixtures, generate-tag]
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: azure/docker-login@v1
env:
DOCKER_CONFIG: ./migrations/.docker
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: "Release schema migrations on tag"
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
DOCKER_CONFIG: ./.docker
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations schema-release
- name: Upload airgap image
uses: actions/upload-artifact@v2
with:
name: migrations-image
path: ./migrations/bin/docker-archive
build-web:
runs-on: ubuntu-20.04
needs: [generate-tag]
container:
image: replicated/gitops-builder:buildkite-go17-node17
options: --user root
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Build web
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C web deps build-kotsadm
- name: Upload web artifact
uses: actions/upload-artifact@v2
with:
name: web
path: ./web/dist
build-kurl-proxy:
runs-on: ubuntu-20.04
needs: [generate-tag]
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
steps:
- uses: actions/setup-go@v2
with:
go-version: '^1.17.4'
- name: Checkout
uses: actions/checkout@v2
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-kurlproxy-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-kurlproxy-
- name: Build kurl_proxy
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
SCOPE_DSN_PUBLIC: ""
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C kurl_proxy test build
- name: Upload kurl_proxy artifact
uses: actions/upload-artifact@v2
with:
name: kurl_proxy
path: ./kurl_proxy/bin
- uses: azure/docker-login@v1
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build tagged release
working-directory: ./kurl_proxy
run: |
docker build --pull -f deploy/Dockerfile -t kotsadm/kurl-proxy:$GIT_TAG -t kotsadm/kurl-proxy:v0.0.0-nightly .
docker push kotsadm/kurl-proxy:$GIT_TAG
docker push kotsadm/kurl-proxy:v0.0.0-nightly
build-go-api:
runs-on: ubuntu-20.04
needs: [build-web, generate-tag]
steps:
- uses: actions/setup-go@v2
with:
go-version: '^1.17.4'
- name: Checkout
uses: actions/checkout@v2
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-kots-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-kots-
- name: Download web artifact
uses: actions/download-artifact@v2
with:
name: web
path: ./web/dist
- name: Build Go API
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
SCOPE_DSN_PUBLIC: ""
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make ci-test kots build
- name: Upload Go API artifact
uses: actions/upload-artifact@v2
with:
name: go_api
path: ./bin
release-go-api-tagged:
runs-on: ubuntu-20.04
needs: [build-go-api, generate-tag]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Download go_api artifact
uses: actions/download-artifact@v2
with:
name: go_api
path: ./bin
- name: Add executable permissions
run: |
chmod a+x ./bin/kotsadm
chmod a+x ./bin/kots
- uses: azure/docker-login@v1
env:
DOCKER_CONFIG: ./.docker
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Build tagged release
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
DOCKER_CONFIG: ./.docker
run: |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make build-release
- name: Upload airgap image
uses: actions/upload-artifact@v2
with:
name: kotsadm-image
path: ./bin/docker-archive
goreleaser:
runs-on: ubuntu-20.04
if: github.ref_type != 'branch'
needs: [build-web]
steps:
- uses: actions/setup-go@v2
with:
go-version: '^1.17.4'
- name: Checkout
uses: actions/checkout@v2
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-goreleaser-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-goreleaser-
- name: Unshallow
run: git fetch --prune --unshallow
- run: sudo apt-get update -y
- run: sudo apt-get -qq -y install gnupg2 libdevmapper-dev libgpgme-dev libc6-dev-i386 btrfs-progs libbtrfs-dev pkg-config
- name: set previous release tag for goreleaser
run: |
export TAG=$(curl --silent "https://api.github.com/repos/replicatedhq/kots/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")')
echo "GORELEASER_PREVIOUS_TAG=${TAG}" >> $GITHUB_ENV
- uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.1'
- name: Get Cosign Key
run: |
echo $COSIGN_KEY | base64 -d > ./cosign.key
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- name: Download web artifact
uses: actions/download-artifact@v2
with:
name: web
path: ./web/dist
- name: Generate SBOM
run: |
set -x
make sbom
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
version: "v1.2.5"
args: release --rm-dist --config deploy/.goreleaser.yaml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# This needs to go away once kots starts generating the kurl addon and kurl is updated to use the kots genearted addon
generate-kurl-addon-pr:
runs-on: ubuntu-20.04
if: github.ref_type != 'branch'
needs: [build-kurl-proxy, build-airgap, generate-tag]
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Generate Kurl Addon PR
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
GH_PAT: ${{ secrets.GH_PAT }}
run: |
# Strips off the 'v' in version
curl -H "Authorization: token $GH_PAT" \
-H 'Accept: application/json' \
-d "{\"event_type\": \"auto-kotsadm-update\", \"client_payload\": {\"version\": \"${GIT_TAG:1}\" }}" \
"https://api.github.com/repos/replicatedhq/kurl/dispatches"
generate-kurl-addon:
runs-on: ubuntu-20.04
needs: [ generate-tag, build-kurl-proxy, build-schema-migrations, release-go-api-tagged ]
outputs:
addon_package_url: ${{ steps.addon-generate.outputs.addon_package_url }}
env:
AWS_ACCESS_KEY_ID: ${{ secrets.KURL_ADDONS_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.KURL_ADDONS_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-1
steps:
- name: checkout
uses: actions/checkout@v2
- name: set outputs
id: vars
run: |
addon_version=${{ needs.generate-tag.outputs.tag }}
echo "::set-output name=addon_version::${addon_version#v}"
- name: download kots binary
uses: actions/download-artifact@v2
with:
name: go_api
path: bin/
- name: prepare kots binary executable
run: |
chmod +x bin/*
tar -C bin/ -czvf bin/kots.tar.gz kots
- uses: ./.github/actions/kurl-addon-kots-generate
id: addon-generate
with:
addon_version: ${{ steps.vars.outputs.addon_version }}
s3_prefix: "${{ github.ref_type != 'branch' && '' || 'test/' }}"
kotsadm_binary_override: bin/kots.tar.gz
# only run validate-kurl-addon if changes to "deploy/kurl/kotsadm/template/**"
kurl-addon-changes-filter:
runs-on: ubuntu-20.04
outputs:
ok-to-test: ${{ steps.filter.outputs.kurl-addon }}
steps:
- uses: actions/checkout@v2
- uses: dorny/paths-filter@v2
id: filter
with:
filters: |
kurl-addon:
- 'deploy/kurl/kotsadm/template/**'
- 'deploy/kurl/kotsadm/testgrid-os-spec.yaml'
validate-kurl-addon:
runs-on: ubuntu-20.04
if: ${{ github.ref_type != 'branch' || needs.kurl-addon-changes-filter.outputs.ok-to-test == 'true' }}
needs: [ generate-kurl-addon, kurl-addon-changes-filter ]
steps:
- name: checkout
uses: actions/checkout@v2
- name: set outputs
id: vars
run: |
addon_version=${{ needs.generate-tag.outputs.tag }}
echo "::set-output name=addon_version::${addon_version#v}"
- uses: ./.github/actions/kurl-addon-kots-test
with:
addon_version: ${{ steps.vars.outputs.addon_version }}
addon_package_url: "${{ needs.generate-kurl-addon.outputs.addon_package_url }}"
priority: ${{ github.ref_type != 'branch' && '1' || '0' }}
testgrid_api_token: ${{ secrets.TESTGRID_PROD_API_TOKEN }}
publish-kurl-addon:
runs-on: ubuntu-20.04
if: ${{ github.ref_type != 'branch' }}
needs: [ generate-tag, generate-kurl-addon ]
env:
AWS_ACCESS_KEY_ID: ${{ secrets.KURL_ADDONS_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.KURL_ADDONS_AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: us-east-1
steps:
- name: checkout
uses: actions/checkout@v2
- name: set outputs
id: vars
run: |
addon_version=${{ needs.generate-tag.outputs.tag }}
echo "::set-output name=addon_version::${addon_version#v}"
- uses: ./.github/actions/kurl-addon-kots-publisher
with:
ADDON_VERSION: ${{ steps.vars.outputs.addon_version }}
ADDON_PACKAGE_URL: ${{ needs.generate-kurl-addon.outputs.addon_package_url }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: aws s3 cp ./deploy/kurl/versions.json s3://kots-kurl-addons-production-1658439274
generate-kots-release-notes-pr:
runs-on: ubuntu-20.04
needs: [generate-tag]
if: github.ref_type != 'branch'
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Generate KOTS Release Notes PR
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
GH_PAT: ${{ secrets.GH_PAT }}
run: |
curl -H "Authorization: token $GH_PAT" \
-H 'Accept: application/json' \
-d "{\"event_type\": \"app-manager-release-notes\", \"client_payload\": {\"version\": \"${GIT_TAG}\" }}" \
"https://api.github.com/repos/replicatedhq/replicated-docs/dispatches"
build-airgap:
runs-on: ubuntu-20.04
if: github.ref_type != 'branch'
needs: [release-go-api-tagged, goreleaser, build-schema-migrations, generate-tag]
steps:
- name: Download migrations
uses: actions/download-artifact@v2
with:
name: migrations-image
path: ./docker-archive
- name: Download kotsadm image
uses: actions/download-artifact@v2
with:
name: kotsadm-image
path: ./docker-archive
- name: Make kotsadm airgap archive with minio image
run: |
tar czf ./kotsadm.tar.gz -C ./ ./docker-archive
- name: Upload airgap bundle with minio image
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.generate-tag.outputs.tag }}
files: ./kotsadm.tar.gz
- name: Make kotsadm airgap archive without minio image
run: |
rm -rf ./docker-archive/minio
rm -f ./kotsadm.tar.gz
tar czf ./kotsadm-nominio.tar.gz -C ./ ./docker-archive
- name: Upload airgap bundle without minio image
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.generate-tag.outputs.tag }}
files: ./kotsadm-nominio.tar.gz
regression-test-setup:
name: Run regression testing
if: github.ref_type == 'branch'
runs-on: ubuntu-latest
needs: [ generate-tag ]
outputs:
last_release_tag: ${{ steps.get_latest_release_tag.outputs.release }}
automation_id: ${{ steps.get_id.outputs.id }}
steps:
- name: Get latest release tag
id: get_latest_release_tag
uses: pozetroninc/github-action-get-latest-release@master
with:
repository: ${{ github.repository }}
excludes: prerelease, draft
- id: get_id
run: |
id=${{ github.sha }}
echo "::set-output name=id::${id:0:7}"
regression-test:
if: github.ref_type == 'branch'
needs: [ regression-test-setup, generate-tag, build-go-api, release-go-api-tagged, generate-kurl-addon ]
uses: ./.github/workflows/regression.yaml
with:
version_tag_old: ${{ needs.regression-test-setup.outputs.last_release_tag }}
version_tag_new: ${{ needs.generate-tag.outputs.tag }}
addon_package_url: ${{ needs.generate-kurl-addon.outputs.addon_package_url }}
id: ${{ needs.regression-test-setup.outputs.automation_id }}
secrets:
E2E_TESTIM_AWS_ACCESS_KEY_ID: ${{ secrets.E2E_TESTIM_AWS_ACCESS_KEY_ID }}
E2E_TESTIM_AWS_SECRET_ACCESS_KEY: ${{ secrets.E2E_TESTIM_AWS_SECRET_ACCESS_KEY }}
TESTIM_ACCESS_TOKEN: ${{ secrets.TESTIM_ACCESS_TOKEN }}
E2E_GH_PAT: ${{ secrets.E2E_GH_PAT }}
KOTS_BUILD_STATUS_SLACK_WEBHOOK_URL: ${{ secrets.KOTS_BUILD_STATUS_SLACK_WEBHOOK_URL }}
start-kgrid-test:
runs-on: ubuntu-20.04
needs: [release-go-api-tagged, generate-tag]
if: github.ref_type == 'branch'
env:
GIT_TAG: ${{ needs.generate-tag.outputs.tag }}
steps:
- name: Checkout
uses: actions/checkout@v2
- uses: kceb/pull-request-url-action@v2
id: pr_url
- name: Expose git commit data
uses: rlespinasse/[email protected] # no v1 tag
- name: Create staging gitops commit
env:
REPLICATEDCOM_GITHUB_PRIVATE_KEY: ${{ secrets.REPLICATEDCOM_GITHUB_PRIVATE_KEY }}
PR_URL: ${{ steps.pr_url.outputs.url }}
GITOPS_OWNER: replicatedcom
GITOPS_REPO: gitops-deploy
GITOPS_BRANCH: main
RUN_ID: ${{ github.run_id }}
run: ./hack/deploy-kgrid.sh
- name: Create production gitops commit
id: deploy_kgrid
env:
REPLICATEDCOM_GITHUB_PRIVATE_KEY: ${{ secrets.REPLICATEDCOM_GITHUB_PRIVATE_KEY }}
PR_URL: ${{ steps.pr_url.outputs.url }}
OVERLAY: production
GITOPS_OWNER: replicatedcom
GITOPS_REPO: gitops-deploy
GITOPS_BRANCH: release
run: ./hack/deploy-kgrid.sh
- name: Wait for production kgrid tests
env:
KGRID_API_TOKEN: ${{ secrets.KGRID_API_TOKEN }}
KGRID_RUN_ID: ${{ steps.deploy_kgrid.outputs.kgrid-run-id }}
run: |
printf "\n\nSupport bundles are available in the Replicated production AWS account under the 'kgrid-support-bundles' S3 bucket. To download a support bundle, you can do so using the AWS Management Console, or by configuring the AWS cli tool with the appropriate credentials and running the following command: \n\naws s3 cp <test-supportbundle-s3-url> <local-filename>.tar.gz\n\n"
./hack/wait-kgrid.sh