Create release #169
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Create release" | |
| env: | |
| MODULE_REPO: europe-docker.pkg.dev/kyma-project/prod/unsigned/component-descriptors/kyma.project.io/module/btp-operator | |
| IMAGE_REPO: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| KYMA_BTP_MANAGER_REPO: ${{ github.repository_owner }}/btp-manager | |
| GIT_EMAIL: [email protected] | |
| GIT_NAME: kyma-gopher-bot | |
| BRANCH_NAME: sec-scanners-config-${{ inputs.name }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: 'Create release' | |
| default: "" | |
| required: true | |
| credentials: | |
| type: choice | |
| description: SM credentials | |
| default: real | |
| options: | |
| - dummy | |
| - real | |
| sec-scanners-config: | |
| type: boolean | |
| description: 'Create PR with sec-scanners-config bump' | |
| default: true | |
| k3s-versions: | |
| type: number | |
| description: 'Number of last k3s versions to be used for tests' | |
| dry-run: | |
| type: boolean | |
| description: 'Do not publish' | |
| default: false | |
| jobs: | |
| validate-release: | |
| name: Validate release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if tag already exists | |
| run: | | |
| if [ $(git tag -l ${{ inputs.name }}) ]; then | |
| echo "::error ::Tag ${{ inputs.name }} already exists" | |
| exit 1 | |
| fi | |
| - name: Check for existing artifacts from previous release runs | |
| env: | |
| BTP_OPERATOR_REPO: ${{ env.MODULE_REPO }} | |
| BTP_MANAGER_REPO: ${{ env.IMAGE_REPO }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: "./scripts/check_artifacts_existence.sh ${{ inputs.name }} ${{ inputs.name }}" | |
| - name: Validate Labels | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./scripts/label_validator.sh "RELEASE" | |
| bump-sec-scanners-config: | |
| name: Bump sec-scanners-config | |
| needs: validate-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Update sec-scanners-config.yaml | |
| if: ${{ inputs.sec-scanners-config }} | |
| run: scripts/create_scan_config.sh ${{env.IMAGE_REPO}}:${{ inputs.name }} "sec-scanners-config.yaml" ${{ inputs.name }} | |
| - name: Create PR if anything changed | |
| if: ${{ inputs.sec-scanners-config }} | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| prs=$(gh pr list -A ${{ env.GIT_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName') | |
| if echo $prs | tr " " '\n' | grep -F -q -x ${{ env.BRANCH_NAME }}; then | |
| echo "PR already exists, no need to create a new one" | |
| echo "PR_NUMBER=$(gh pr list --search "base:main head:${{ env.BRANCH_NAME }}" --json number | jq -r '.[] | .number')" >> $GITHUB_ENV | |
| elif [ -z "$(git status --porcelain)" ]; then | |
| echo "Nothing changed, no need to create PR" | |
| echo "PR_NUMBER=-1" >> $GITHUB_ENV | |
| else | |
| PR_STATUS=$(scripts/create_sec_scanner_bump_pr.sh ${{ inputs.name }}) | |
| echo "PR_NUMBER=$(echo "$PR_STATUS" | tail -n 1)" >> $GITHUB_ENV | |
| fi | |
| - name: Await PR merge | |
| if: ${{ inputs.sec-scanners-config }} | |
| timeout-minutes: 10 | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ "$PR_NUMBER" -gt 0 ]; then | |
| scripts/await_pr_merge.sh | |
| else | |
| echo "Step skipped" | |
| fi | |
| - name: Save latest commit ref | |
| id: pull-ref | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git checkout main | |
| git pull | |
| LATEST_COMMIT=$(git rev-parse HEAD) | |
| echo "latest_commit=$LATEST_COMMIT" >> $GITHUB_OUTPUT | |
| echo "Latest commit ref $LATEST_COMMIT" | |
| outputs: | |
| latest_commit: ${{ steps.pull-ref.outputs.latest_commit }} | |
| wait-for-prow-jobs: | |
| name: Wait for prow jobs | |
| needs: [create-draft, bump-sec-scanners-config] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Wait for post-btp-manager-module-build status | |
| uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4 | |
| id: wait-for-module-build-status | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| statusName: "post-btp-manager-module-build" | |
| timeoutSeconds: "300" | |
| ref: ${{ needs.bump-sec-scanners-config.outputs.latest_commit}} | |
| - name: Check if post-btp-manager-module-build status is success | |
| if: steps.wait-for-module-build-status.outputs.state != 'success' | |
| run: | | |
| echo 'post-btp-manager-module-build failed.' | |
| exit 1 | |
| - name: Wait for post-btp-manager-build status | |
| uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4 | |
| id: wait-for-image-build-status | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| statusName: "post-btp-manager-build" | |
| timeoutSeconds: "300" | |
| ref: ${{ needs.bump-sec-scanners-config.outputs.latest_commit}} | |
| - name: Check if post-btp-manager-build status is success | |
| if: steps.wait-for-image-build-status.outputs.state != 'success' | |
| run: | | |
| echo 'post-btp-manager-build failed.' | |
| exit 1 | |
| run-unit-tests: | |
| name: Unit tests | |
| needs: create-draft | |
| uses: "./.github/workflows/run-unit-tests-reusable.yaml" | |
| run-e2e-tests: | |
| name: E2E tests | |
| needs: wait-for-prow-jobs | |
| uses: "./.github/workflows/run-e2e-tests-reusable.yaml" | |
| secrets: inherit | |
| with: | |
| image-tag: ${{ github.event.inputs.name }} | |
| module-tag: ${{ github.event.inputs.name }} | |
| image-repo: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| module-repo: europe-docker.pkg.dev/kyma-project/prod/unsigned/component-descriptors/kyma.project.io/module/btp-operator | |
| credentials-mode: ${{ github.event.inputs.credentials }} | |
| last-k3s-versions: ${{ github.event.inputs.k3s-versions || vars.LAST_K3S_VERSIONS }} | |
| run-stress-tests: | |
| name: Stress tests | |
| needs: wait-for-prow-jobs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Prepare k3s cluster and docker registry | |
| run: "./scripts/testing/k3s-setup.sh --wait" | |
| - name: Wait for artifacts | |
| env: | |
| BTP_OPERATOR_REPO: ${{ env.MODULE_REPO }} | |
| BTP_MANAGER_REPO: ${{ env.IMAGE_REPO }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: "./scripts/await_artifacts.sh ${{ inputs.name }} ${{ inputs.name }}" | |
| - name: Install BTP operator | |
| timeout-minutes: 2 | |
| run: "./scripts/testing/install.sh $MODULE_REPO:${{ inputs.name }} dummy ci" | |
| - name: BTP Manager controller resources usage | |
| run: "kubectl top pod -l app.kubernetes.io/component=btp-manager.kyma-project.io -n kyma-system --containers" | |
| - name: Run tests | |
| run: ./scripts/testing/./stress-mem.sh 500 30 | |
| - name: Check BTP manager restarts | |
| run: "./scripts/testing/check_btp-manager_restarts.sh" | |
| - name: BTP Manager controller resources usage | |
| run: "kubectl top pod -l app.kubernetes.io/component=btp-manager.kyma-project.io -n kyma-system --containers" | |
| - name: Prepare stress data - Secrets and ConfigMaps | |
| run: "./scripts/testing/create-secrets-configmaps.sh 120" | |
| - name: BTP Manager controller resources usage | |
| run: "kubectl top pod -l app.kubernetes.io/component=btp-manager.kyma-project.io -n kyma-system --containers" | |
| - name: Check BTP manager restarts | |
| run: | | |
| sleep 15 | |
| ./scripts/testing/check_btp-manager_restarts.sh | |
| run-e2e-upgrade-tests: | |
| name: E2E upgrade tests | |
| needs: wait-for-prow-jobs | |
| secrets: inherit | |
| if: ${{ inputs.credentials == 'real' }} | |
| uses: "./.github/workflows/run-e2e-upgrade-tests-reusable.yaml" | |
| with: | |
| image-tag: ${{ github.event.inputs.name }} | |
| module-tag: ${{ github.event.inputs.name }} | |
| image-repo: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| module-repo: europe-docker.pkg.dev/kyma-project/prod/unsigned/component-descriptors/kyma.project.io/module/btp-operator | |
| create-draft: | |
| name: Create draft release | |
| needs: bump-sec-scanners-config | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ needs.bump-sec-scanners-config.outputs.latest_commit}} | |
| - name: Create draft release | |
| id: create-draft | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.name }}) | |
| echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT | |
| - name: Create lightweight tag | |
| run: | | |
| git tag ${{ github.event.inputs.name }} | |
| git push origin ${{ github.event.inputs.name }} | |
| outputs: | |
| release_id: ${{ steps.create-draft.outputs.release_id }} | |
| publish-release: | |
| name: Publish release | |
| needs: [create-draft, run-unit-tests, run-e2e-tests, run-e2e-upgrade-tests, run-stress-tests] | |
| if: ${{ !inputs.dry-run }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }} |