Add Release Workflow and Single Command Install artifact (#159)

- Add a make target to generate a single yaml file to apply for install - This will make it possible for users to install the operator by applying yaml for a particular version without cloning the repo. - Add Table of Contents to README.md - Add GHA to stage the release before publishing - push the stage operator image to ghcr.io, to be used by the promote workflow later - Build multi-arch images when releasing - Push the latest tag as well Signed-off-by: Christian M. Adams <[email protected]> Co-authored-by: Jon <[email protected]> Co-authored-by: Dimitri Savineau <[email protected]>
ansible · Jan 12, 2024 · 7992cf0 · 7992cf0
1 parent 8e0a669
commit 7992cf0
Show file tree

Hide file tree

Showing 8 changed files with 312 additions and 7 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -0,0 +1,95 @@
+name: Promote Operator Release
+
+on:
+  release:
+    types: [published]
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: 'Name for the tag of the release.'
+        required: true
+      quay_registry:
+        description: 'Quay registry to push to.'
+        default: 'quay.io/ansible'
+
+jobs:
+  promote-staged-release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set TAG_NAME for workflow_dispatch event
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        run: |
+          echo "TAG_NAME=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
+          echo "QUAY_REGISTRY=${{ github.event.inputs.quay_registry }}" >> $GITHUB_ENV
+
+      - name: Set TAG_NAME for release event
+        if: ${{ github.event_name == 'release' }}
+        run: |
+          echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
+          echo "QUAY_REGISTRY=quay.io/ansible" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v3
+        with:
+          ref: 'main'
+          depth: 0
+          path: eda-server-operator
+
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d    # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+
+      - name: Log into registry quay.io
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d    # v3.0.0
+        with:
+          registry: quay.io
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+      - name: Pull Stored Image and Publish eda-server-operator:${TAG_NAME}
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${TAG_NAME} \
+            --tag ${QUAY_REGISTRY}/eda-server-operator:${TAG_NAME} \
+            --tag ${QUAY_REGISTRY}/eda-server-operator:latest
+        working-directory: eda-server-operator
+
+      - name: Pull Stored Image and Publish eda-server-operator:latest
+        run: |
+          docker buildx imagetools create \
+            ghcr.io/${{ github.repository }}:${TAG_NAME} \
+            --tag ${QUAY_REGISTRY}/eda-server-operator:latest
+        working-directory: eda-server-operator
+
+      - name: Build Bundle Image
+        run: |
+          make bundle bundle-build IMG=eda-server-operator:${TAG_NAME} VERSION=${TAG_NAME} BUNDLE_IMG=eda-server-operator-bundle:${TAG_NAME}
+          docker tag eda-server-operator-bundle:${TAG_NAME} eda-server-operator-bundle:latest
+        working-directory: eda-server-operator
+
+      - name: Push Bundle Image
+        uses: redhat-actions/[email protected]
+        with:
+          image: eda-server-operator-bundle
+          tags: ${{ env.TAG_NAME }} latest
+          registry: quay.io/ansible/
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}
+
+      - name: Build Catalog Image
+        run: |
+          make catalog-build CATALOG_IMG=eda-server-operator-catalog:${TAG_NAME} BUNDLE_IMG=quay.io/ansible/eda-server-operator-bundle:${TAG_NAME}
+          docker tag eda-server-operator-catalog:${TAG_NAME} eda-server-operator-catalog:latest
+        working-directory: eda-server-operator
+
+      - name: Push Catalog Image
+        uses: redhat-actions/[email protected]
+        with:
+          image: eda-server-operator-catalog
+          tags: ${{ env.TAG_NAME }} latest
+          registry: quay.io/ansible/
+          username: ${{ secrets.QUAY_USER }}
+          password: ${{ secrets.QUAY_TOKEN }}
diff --git a/.github/workflows/stage.yaml b/.github/workflows/stage.yaml
@@ -0,0 +1,104 @@
+---
+name: Stage Release
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to stage'
+        required: true
+      default_eda_version:
+        description: 'Will be injected as the DEFAULT_EDA_VERSION build arg.'
+        required: true
+      default_eda_ui_version:
+        description: 'Will be injected as the DEFAULT_EDA_UI_VERSION build arg.'
+        required: true
+      confirm:
+        description: 'Are you sure? Set this to yes.'
+        required: true
+        default: 'no'
+
+jobs:
+  stage:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: write
+    steps:
+      - name: Verify inputs
+        run: |
+          set -e
+
+          if [[ ${{ github.event.inputs.confirm }} != "yes" ]]; then
+            >&2 echo "Confirm must be 'yes'"
+            exit 1
+          fi
+
+          if [[ ${{ github.event.inputs.version }} == "" ]]; then
+            >&2 echo "Set version to continue."
+            exit 1
+          fi
+
+          exit 0
+
+      - name: Checkout eda-server-operator
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ github.repository_owner }}/eda-server-operator
+          path: eda-server-operator
+
+      - name: Install playbook dependencies
+        run: |
+          python3 -m pip install docker
+
+      - name: Log into registry ghcr.io
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d    # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build Operator Image
+        run: |
+          BUILD_ARGS="--build-arg DEFAULT_EDA_VERSION=${{ github.event.inputs.default_eda_version }} \
+              --build-arg DEFAULT_EDA_UI_VERSION=${{ github.event.inputs.default_eda_ui_version }} \
+              --build-arg OPERATOR_VERSION=${{ github.event.inputs.version }}" \
+          IMG=ghcr.io/${{ github.repository }}:${{ github.event.inputs.version }} \
+          make docker-buildx
+        working-directory: eda-server-operator
+
+      # Stub task for later PR to add EDA CI run
+      # - name: Run test deployment
+      #   working-directory: eda-server-operator
+      #   run: |
+      #     python3 -m pip install -r molecule/requirements.txt
+      #     ansible-galaxy collection install -r molecule/requirements.yml
+      #     sudo rm -f $(which kustomize)
+      #     make kustomize
+      #     KUSTOMIZE_PATH=$(readlink -f bin/kustomize) molecule test -s kind
+      #   env:
+      #     EDA_TEST_VERSION: ${{ github.event.inputs.default_eda_version }}
+
+      - name: Generate operator.yaml
+        run: make generate-operator-yaml VERSION=${{ github.event.inputs.version }}
+        working-directory: eda-server-operator
+
+
+      - name: Create Draft Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.event.inputs.version }}
+          release_name: Release ${{ github.event.inputs.version }}
+          draft: true
+
+      - name: Upload Release Artifact
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.create_release.outputs.upload_url }}
+          asset_path: ./eda-server-operator/operator.yaml
+          asset_name: operator.yaml
+          asset_content_type: application/yaml
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,11 @@
 FROM quay.io/operator-framework/ansible-operator:v1.27.0
 
+ARG DEFAULT_EDA_VERSION
+ARG DEFAULT_EDA_UI_VERSION
 ARG OPERATOR_VERSION
+ENV DEFAULT_EDA_VERSION=${DEFAULT_EDA_VERSION}
+ENV DEFAULT_EDA_UI_VERSION=${DEFAULT_EDA_UI_VERSION}
+
 ENV OPERATOR_VERSION=${OPERATOR_VERSION}
 
 COPY requirements.yml ${HOME}/requirements.yml

diff --git a/Makefile b/Makefile
@@ -137,6 +137,22 @@ KUSTOMIZE = $(shell which kustomize)
 endif
 endif
 
+.PHONY: operator-sdk
+OPERATOR_SDK = $(shell pwd)/bin/operator-sdk
+operator-sdk: ## Download operator-sdk locally if necessary, preferring the $(pwd)/bin path over global if both exist.
+ifeq (,$(wildcard $(OPERATOR_SDK)))
+ifeq (,$(shell which operator-sdk 2>/dev/null))
+	@{ \
+	set -e ;\
+	mkdir -p $(dir $(OPERATOR_SDK)) ;\
+	curl -sSLo $(OPERATOR_SDK) https://github.com/operator-framework/operator-sdk/releases/download/v1.32.0/operator-sdk_$(OS)_$(ARCH) ;\
+	chmod +x $(OPERATOR_SDK) ;\
+	}
+else
+OPERATOR_SDK = $(shell which operator-sdk)
+endif
+endif
+
 .PHONY: ansible-operator
 ANSIBLE_OPERATOR = $(shell pwd)/bin/ansible-operator
 ansible-operator: ## Download ansible-operator locally if necessary, preferring the $(pwd)/bin path over global if both exist.
@@ -154,11 +170,11 @@ endif
 endif
 
 .PHONY: bundle
-bundle: kustomize ## Generate bundle manifests and metadata, then validate generated files.
-	operator-sdk generate kustomize manifests -q
+bundle: kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
+	$(OPERATOR_SDK) generate kustomize manifests -q
 	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle $(BUNDLE_GEN_FLAGS)
-	operator-sdk bundle validate ./bundle
+	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
+	$(OPERATOR_SDK) bundle validate ./bundle
 
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
@@ -207,3 +223,11 @@ catalog-build: opm ## Build a catalog image.
 .PHONY: catalog-push
 catalog-push: ## Push a catalog image.
 	$(MAKE) docker-push IMG=$(CATALOG_IMG)
+
+# Generate operator.yaml with image tag as a release artifact
+.PHONY: generate-operator-yaml
+generate-operator-yaml: kustomize ## Generate operator.yaml with image tag $(VERSION)
+	@cd config/manager && $(KUSTOMIZE) edit set image controller=quay.io/ansible/eda-server-operator:${VERSION}
+	@$(KUSTOMIZE) build config/default > ./operator.yaml
+
+	@echo "Generated operator.yaml with image tag $(VERSION)"
diff --git a/README.md b/README.md
@@ -9,6 +9,24 @@ A Kubernetes operator for Kubernetes built with [Operator SDK](https://github.co
 
 This operator is meant to provide a more Kubernetes-native installation method for EDA Server via an EDA Custom Resource Definition (CRD). In the future, this operator will grow to be able to maintain the full life-cycle of an EDA Server deployment. Currently, it can handle fresh installs and upgrades.
 
+Table of Contents
+=================
+
+- [EDA Server Operator](#eda-server-operator)
+  - [Overview](#overview)
+- [Table of Contents](#table-of-contents)
+  - [Contributing](#contributing)
+    - [Prerequisites](#prerequisites)
+  - [Install the EDA Server Operator](#install-the-eda-server-operator)
+  - [Deploy EDA](#deploy-eda)
+  - [Advanced Configuration](#advanced-configuration)
+    - [Admin user account configuration](#admin-user-account-configuration)
+    - [Database Fields Encryption Configuration](#database-fields-encryption-configuration)
+    - [Additional Advanced Configuration](#additional-advanced-configuration)
+  - [Maintainers Docs](#maintainers-docs)
+
+<!-- Created by https://github.com/ekalinin/github-markdown-toc -->
+
 ## Contributing
 
 Please visit [our contributing guide](./CONTRIBUTING.md) which has details about how to set up your development environment.
@@ -195,3 +213,10 @@ spec:
 - [No Log](./docs/user-guide/advanced-configuration/no-log.md)
 - [Deploy a Specific Version of EDA](./docs/user-guide/advanced-configuration/deploying-a-specific-version.md)
 - [Trusting a Custom Certificate Authority](./docs/user-guide/advanced-configuration/trusting-a-custom-certificate-authority.md)
+
+## Maintainers Docs
+
+Maintainers of this repo need to carry out releases, triage issues, etc. There are docs for those types of administrative tasks in the `docs/maintainer/` directory.
+
+To release the EDA Server Operator, see these docs:
+* [Release Operator](./docs/maintainers/release.md)
diff --git a/docs/maintainers/release.md b/docs/maintainers/release.md
@@ -0,0 +1,51 @@
+# EDA Server Operator Release Guide
+
+This document provides step-by-step instructions for releasing a new version of the EDA Server Operator. It includes tagging a new release, building and pushing images, and updating release artifacts.
+
+## Release Workflow
+
+### 1. Trigger the Release GitHub Action
+
+The release process is automated through a GitHub Action (GHA) workflow. You can trigger this workflow manually via the GitHub UI.
+
+- Navigate to the 'Actions' tab in the GitHub repository.
+- Select the 'Stage Release' workflow.
+- Click on 'Run workflow' dropdown.
+- Enter the new version number (e.g., `1.2.3`) in the 'Release Version' input box.
+- Click 'Run workflow'.
+
+### 2. Monitor the Workflow
+
+- Monitor the workflow for completion.
+- The workflow will handle:
+  - Tagging the release.
+  - Building and pushing operator image for multiple platforms.
+  - Generating the `operator.yaml` file.
+  - Creating a draft release and attaching the `operator.yaml` as an artifact.
+
+### 3. Publish the Release
+
+Once the draft release is created, you need to publish it:
+
+- Go to the 'Releases' section in the GitHub repository.
+- Open the draft release created by the GitHub Action.
+- Review and edit the release notes as necessary. Add notable changes, deprecation warnings, and useful upgrade information for users.
+- Once satisfied, publish the release. This will trigger the 'Promote Operator Release' GHA, which will publish the operator image to quay.io as well as build and push the bundle and catalog images.
+
+### 4. Post-Release Checks
+
+- Ensure that the images are correctly tagged on Quay.
+- Verify that the `operator.yaml` file is attached to the release and is correct.
+
+## Troubleshooting
+
+If you encounter issues during the release process:
+
+- Check the GitHub Action logs for any errors or warnings.
+- Verify that all prerequisites are met.
+- For more specific issues, refer to the workflow file `.github/workflows/stage.yml` for insights.
+
+## Notes
+
+- Do not manually tag or create releases; always use the automated workflow.
+- Ensure that you're familiar with the semantic versioning guidelines when assigning a version number.
diff --git a/docs/user-guide/advanced-configuration/deploying-a-specific-version.md b/docs/user-guide/advanced-configuration/deploying-a-specific-version.md
@@ -5,9 +5,9 @@ There are a few variables that are customizable for eda the image management.
 | Name                   | Description               | Default                                 |
 | ---------------------- | ------------------------- | --------------------------------------  |
 | image                  | Path of the image to pull | quay.io/ansible/eda-server              |
-| image_version          | Image version to pull     | latest                                  |
+| image_version          | Image version to pull     | value of DEFAULT_EDA_VERSION or main    |
 | image_web              | Path of the image to pull | quay.io/ansible/eda-ui                  |
-| image_web_version      | Image version to pull     | latest                                  |
+| image_web_version      | Image version to pull     | value of DEFAULT_EDA_UI_VERSION or main |
 | image_pull_policy      | The pull policy to adopt  | IfNotPresent                            |
 | image_pull_secrets     | The pull secrets to use   | None                                    |
 | redis_image            | Path of the image to pull | redis                                   |

diff --git a/roles/eda/defaults/main.yml b/roles/eda/defaults/main.yml
@@ -12,9 +12,10 @@ image_pull_secrets: []
 
 _image: quay.io/ansible/eda-server
 _image_version: main
+_image_version: "{{ lookup('env', 'DEFAULT_EDA_VERSION') or 'main' }}"
 
 _image_web: quay.io/ansible/eda-ui
-_image_web_version: main
+_image_web_version: "{{ lookup('env', 'DEFAULT_EDA_UI_VERSION') or 'main' }}"
 
 # Add a nodeSelector for the EDA pods. It must match a node's labels for the pod
 # to be scheduled on that node. Specify as literal block. E.g.: