Skip to content

Promote to channel via module-manifests #53

Promote to channel via module-manifests

Promote to channel via module-manifests #53

name: Promote to channel via module-manifests
# Workflow requires following variables to be defined
# DOC_URL - location of btp-manager documentation
# GIT_USER_NAME - user creating head branch and PR
# GIT_USER_EMAIL - this user email
# GH_TOOLS_HOST - tools host
# IMAGE_REPO - name of binary image of the btp-manager executable
# MODULE_MANIFESTS_REPO_NAME - repository of modules manifests
env:
# DO NOT CHANGE THIS VALUE - the change will cause inconsistency on landscapes
# since there would be "old-named" and "new-named" modules and LM would switch between those infinitely
FULL_MODULE_NAME: kyma-project.io/module/btp-operator
# GitHub repositories
MODULE_MANIFESTS_WITH_USER: "https://${{ vars.GIT_USER_NAME }}:${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}@${{ vars.GH_TOOLS_HOST }}/kyma/${{ vars.MODULE_MANIFESTS_REPO_NAME }}.git"
BTP_MANAGER_API_URL: "https://api.github.com/repos/kyma-project/btp-manager"
BTP_MANAGER_RELEASES_URL: "https://github.com/kyma-project/btp-manager/releases"
# File names
TEMPLATE_FILENAME: moduletemplate-btp-operator.yaml
DEFAULT_CR_FILENAME: btp-operator-default-cr.yaml
MANIFEST_FILENAME: btp-manager.yaml
SCAN_CONFIG_FILENAME: sec-scanners-config.yaml
# needed by gh cli for GitHub enterprise
GH_ENTERPRISE_TOKEN: ${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}
on:
workflow_dispatch:
inputs:
releaseTag:
description: "Release Tag"
default: 'use latest release'
required: true
channel:
description: "Channel"
type: choice
options:
- fast
- regular
required: true
default: fast
jobs:
promote:
runs-on: ubuntu-latest
steps:
- name: Validate required environment variables
shell: bash
run: |
[ -z "${{ vars.DOC_URL }}" ] && echo "DOC_URL is required" && exit 1
[ -z "${{ vars.GIT_USER_EMAIL }}" ] && echo "GIT_USER_EMAIL is required" && exit 1
[ -z "${{ vars.GIT_USER_NAME }}" ] && echo "GIT_USER_NAME is required" && exit 1
[ -z "${{ vars.GH_TOOLS_HOST }}" ] && echo "GH_TOOLS_HOST is required" && exit 1
[ -z "${{ vars.IMAGE_REPO }}" ] && echo "IMAGE_REPO is required" && exit 1
[ -z "${{ vars.MODULE_MANIFESTS_REPO_NAME }}" ] && echo "MODULE_MANIFESTS_REPO_NAME is required" && exit 1
echo "Validated"
- name: Use default (latest) Release Tag
if: inputs.releaseTag == 'use latest release'
shell: bash
run: |
latest=$(curl -s -H "Accept: application/vnd.github+json" ${BTP_MANAGER_API_URL}/releases/latest | jq -r '.tag_name')
echo "TAG=${latest}" >> $GITHUB_ENV
- name: Validate given release tag
if: inputs.releaseTag != 'use latest release'
shell: bash
run: |
tags=$(curl -s -H "Accept: application/vnd.github+json" ${BTP_MANAGER_API_URL}/tags | jq -r '.[] | .name')
if echo $tags | tr " " '\n' | grep -F -q -x ${{ inputs.releaseTag }}; then
echo "TAG=${{ inputs.releaseTag }}" >> $GITHUB_ENV
echo "tag found"
else
echo "tag not found: ${{ inputs.releaseTag }}"
exit 1
fi
- name: Set branch name
run: echo "BRANCH_NAME=btp-manager-${TAG}-${{ inputs.channel }}" >> $GITHUB_ENV
- name: Setup git and clone repo
run: |
git config --global user.email ${{ vars.GIT_USER_EMAIL }}
git config --global user.name ${{ vars.GIT_USER_NAME }}
git clone ${MODULE_MANIFESTS_WITH_USER}
env:
GH_TOKEN: ${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}
- name: Sync Repo and create branch
working-directory: module-manifests
run: |
git remote add upstream ${MODULE_MANIFESTS_WITH_USER}
git fetch upstream
git merge upstream/main
git checkout -B ${BRANCH_NAME}
mkdir -p modules/btp-operator/${{ inputs.channel }}
- name: Download artifacts
working-directory: module-manifests/modules/btp-operator/${{ inputs.channel }}
run: |
curl -JL ${BTP_MANAGER_RELEASES_URL}/download/${TAG}/${MANIFEST_FILENAME} >${MANIFEST_FILENAME}
curl -JL ${BTP_MANAGER_RELEASES_URL}/download/${TAG}/${DEFAULT_CR_FILENAME} >${DEFAULT_CR_FILENAME}
- name: Create module configuration
env:
CHANNEL: ${{ inputs.channel }}
working-directory: module-manifests/modules/btp-operator/${{ inputs.channel }}
run: |
echo "Creating module configuration file:"
cat <<EOF | tee module-config.yaml
name: ${FULL_MODULE_NAME}
channel: ${CHANNEL}
version: v${TAG}
manifest: ${MANIFEST_FILENAME}
defaultCR: ${DEFAULT_CR_FILENAME}
annotations:
"operator.kyma-project.io/doc-url": "${{ vars.DOC_URL }}"
moduleRepo: https://github.com/kyma-project/btp-manager.git
moduleSecurityScanConfig: true
EOF
- name: Create security configuration
working-directory: module-manifests/modules/btp-operator/${{ inputs.channel }}
env:
CHANNEL: ${{ inputs.channel }}
run: |
echo "Creating security configuration file:"
cat <<EOF | tee ${SCAN_CONFIG_FILENAME}
module-name: btp-operator
rc-tag: ${TAG}
protecode:
- ${{ vars.IMAGE_REPO }}:${TAG}
whitesource:
language: golang-mod
subprojects: false
exclude:
- "**/*_test.go"
EOF
- name: Commit and push changes
working-directory: module-manifests
env:
FORK_ORIGIN: "https://${{ vars.GIT_USER_NAME }}:${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}@${{ vars.GH_TOOLS_HOST }}/${{ vars.GIT_USER_NAME }}/${{ vars.MODULE_MANIFESTS_REPO_NAME }}.git"
run: |
git add .
git commit -m "Configuration files update"
git remote set-url origin ${FORK_ORIGIN}
git push --set-upstream origin ${BRANCH_NAME} -f
- name: Create PR if needed
working-directory: module-manifests
shell: bash
env:
CHANNEL: ${{ inputs.channel }}
MODULE_MANIFESTS_REPO_URL: "https://${{ vars.GH_TOOLS_HOST }}/kyma/${{ vars.MODULE_MANIFESTS_REPO_NAME }}"
run: |
prs=$(gh pr list -R "${MODULE_MANIFESTS_REPO_URL}" -A ${{ vars.GIT_USER_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName')
if echo $prs | tr " " '\n' | grep -F -q -x ${BRANCH_NAME}; then
echo "opened PR already exists, no need to create new one, PR will be updated by push from previous step"
exit 0
fi
gh pr create -B main -H ${{ vars.GIT_USER_NAME }}:${BRANCH_NAME} -R https://github.tools.sap/kyma/module-manifests/ --title "Promote BTP Manager ${TAG} to ${CHANNEL} channel" --fill --body "${BTP_MANAGER_RELEASES_URL}/${TAG}"