Create release 1.1.7 #233
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Create release" | |
| run-name: Create release ${{ inputs.name }} | |
| env: | |
| IMAGE_REPO: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| KYMA_BTP_MANAGER_REPO: ${{ github.repository_owner }}/btp-manager | |
| GIT_EMAIL: [email protected] | |
| GIT_NAME: kyma-gopher-bot | |
| BRANCH_NAME: sec-scanners-config-${{ inputs.name }} | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: 'Create release' | |
| default: "" | |
| required: true | |
| credentials: | |
| type: choice | |
| description: SM credentials | |
| default: real | |
| options: | |
| - dummy | |
| - real | |
| sec-scanners-config: | |
| type: boolean | |
| description: 'Create PR with sec-scanners-config bump' | |
| default: true | |
| dry-run: | |
| type: boolean | |
| description: 'Do not publish' | |
| default: false | |
| jobs: | |
| validate-release: | |
| name: Validate release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if tag already exists | |
| run: | | |
| if [ $(git tag -l ${{ inputs.name }}) ]; then | |
| echo "::error ::Tag ${{ inputs.name }} already exists" && exit 1 | |
| fi | |
| - name: Check for existing artifacts from previous release runs | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: "./scripts/check_artifacts_existence.sh ${{ inputs.name }}" | |
| - name: Setup python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| cache: 'pip' | |
| - name: Install requirements | |
| run: pip install -r scripts/python/requirements.txt | |
| - name: Validate labels | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPOSITORY: ${{ env.KYMA_BTP_MANAGER_REPO }} | |
| NAME: ${{ inputs.name }} | |
| run: python3 scripts/python/release_label_validator.py | |
| bump-sec-scanners-config: | |
| name: Bump sec-scanners-config | |
| needs: validate-release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Update sec-scanners-config.yaml | |
| if: ${{ inputs.sec-scanners-config }} | |
| run: scripts/create_scan_config.sh $IMAGE_REPO:${{ inputs.name }} "sec-scanners-config.yaml" ${{ inputs.name }} | |
| - name: Create PR if anything changed | |
| id: pr-needed | |
| if: ${{ inputs.sec-scanners-config }} | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| prs=$(gh pr list -A ${{ env.GIT_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName') | |
| if echo $prs | tr " " '\n' | grep -F -q -x ${{ env.BRANCH_NAME }}; then | |
| echo "PR already exists, no need to create a new one" | |
| echo "PR_NUMBER=$(gh pr list --search "base:main head:${{ env.BRANCH_NAME }}" --json number | jq -r '.[] | .number')" >> $GITHUB_ENV | |
| elif [ -z "$(git status --porcelain)" ]; then | |
| echo "Nothing changed, no need to create PR" | |
| echo "PR_NUMBER=-1" >> $GITHUB_ENV | |
| else | |
| PR_STATUS=$(scripts/create_sec_scanner_bump_pr.sh ${{ inputs.name }}) | |
| echo "PR_NUMBER=$(echo "$PR_STATUS" | tail -n 1)" >> $GITHUB_ENV | |
| fi | |
| - name: Await PR merge | |
| if: ${{ inputs.sec-scanners-config }} | |
| timeout-minutes: 10 | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ "$PR_NUMBER" -gt 0 ]; then | |
| scripts/await_pr_merge.sh | |
| git push origin -d ${{ env.BRANCH_NAME }} | |
| else | |
| echo "Step skipped" | |
| fi | |
| - name: Save latest commit ref | |
| id: pull-ref | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git checkout main | |
| git pull | |
| LATEST_COMMIT=$(git rev-parse HEAD) | |
| echo "latest_commit=$LATEST_COMMIT" >> $GITHUB_OUTPUT | |
| echo "Latest commit ref $LATEST_COMMIT" | |
| outputs: | |
| latest_commit: ${{ steps.pull-ref.outputs.latest_commit }} | |
| wait-for-prow-jobs: | |
| name: Wait for prow jobs | |
| needs: [create-draft, bump-sec-scanners-config] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Wait for post-btp-manager-build status | |
| uses: autotelic/action-wait-for-status-check@6556cf50c8fb6608412945382eae73581f56cbb4 | |
| id: wait-for-image-build-status | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| statusName: "post-btp-manager-build" | |
| timeoutSeconds: "300" | |
| ref: ${{ needs.bump-sec-scanners-config.outputs.latest_commit}} | |
| - name: Check if post-btp-manager-build status is success | |
| if: steps.wait-for-image-build-status.outputs.state != 'success' | |
| run: | | |
| echo 'post-btp-manager-build failed.' | |
| exit 1 | |
| run-unit-tests: | |
| name: Unit tests | |
| needs: create-draft | |
| uses: "./.github/workflows/run-unit-tests-reusable.yaml" | |
| with: | |
| release: "true" | |
| run-e2e-tests: | |
| name: E2E tests | |
| needs: wait-for-prow-jobs | |
| uses: "./.github/workflows/run-e2e-tests-reusable.yaml" | |
| secrets: inherit | |
| with: | |
| image-tag: ${{ github.event.inputs.name }} | |
| image-repo: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| credentials-mode: ${{ github.event.inputs.credentials }} | |
| last-k3s-versions: ${{ vars.LAST_K3S_VERSIONS }} | |
| run-stress-tests: | |
| name: Stress tests | |
| needs: wait-for-prow-jobs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up go environment | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Prepare k3s cluster and docker registry | |
| run: "./scripts/testing/k3s-setup.sh --wait" | |
| - name: Wait for artifacts | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: "./scripts/await_image.sh ${{ inputs.name }}" | |
| - name: Install BTP Manager and SAP BTP Operator | |
| timeout-minutes: 2 | |
| run: "./scripts/testing/install_module.sh $IMAGE_REPO:${{ inputs.name }} dummy ci" | |
| - name: BTP Manager and SAP BTP Operator controller resources usage | |
| run: "./scripts/testing/check_top.sh" | |
| - name: Run stress test - instances and bindings | |
| run: "./scripts/testing/stress-mem-instances-bindings.sh 500 30" | |
| - name: BTP Manager and SAP BTP Operator controller resources usage | |
| run: "./scripts/testing/check_top.sh" | |
| - name: Run stress test - secrets and configmaps | |
| run: "./scripts/testing/stress-mem-secrets-configmaps.sh 120" | |
| - name: BTP Manager and SAP BTP Operator controller resources usage | |
| run: "./scripts/testing/check_top.sh" | |
| run-e2e-upgrade-tests: | |
| name: E2E upgrade tests | |
| needs: wait-for-prow-jobs | |
| secrets: inherit | |
| if: ${{ inputs.credentials == 'real' }} | |
| uses: "./.github/workflows/run-e2e-upgrade-tests-reusable.yaml" | |
| with: | |
| image-tag: ${{ github.event.inputs.name }} | |
| image-repo: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| run-e2e-upgrade-while-deleting-tests: | |
| name: E2E upgrade while deleting tests | |
| needs: wait-for-prow-jobs | |
| secrets: inherit | |
| uses: "./.github/workflows/run-e2e-upgrade-while-deleting-tests-reusable.yaml" | |
| with: | |
| image-registry: europe-docker.pkg.dev/kyma-project/prod/btp-manager | |
| image-tag: ${{ github.event.inputs.name }} | |
| release: "true" | |
| create-draft: | |
| name: Create draft release | |
| needs: bump-sec-scanners-config | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ needs.bump-sec-scanners-config.outputs.latest_commit}} | |
| - name: Set up go environment | |
| uses: actions/setup-go@v4 | |
| with: | |
| go-version-file: 'go.mod' | |
| - name: Create draft release | |
| id: create-draft | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.name }}) | |
| echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT | |
| - name: Create manifest and upload assets | |
| id: create-manifest | |
| env: | |
| BOT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| IMG=$IMAGE_REPO:${{ inputs.name }} make create-manifest | |
| ./scripts/upload_assets.sh ${{ steps.create-draft.outputs.release_id }} | |
| - name: Create lightweight tag | |
| run: | | |
| git tag ${{ github.event.inputs.name }} | |
| git push origin ${{ github.event.inputs.name }} | |
| outputs: | |
| release_id: ${{ steps.create-draft.outputs.release_id }} | |
| publish-release: | |
| name: Publish release | |
| needs: [create-draft, run-unit-tests, run-e2e-tests, run-e2e-upgrade-tests, run-stress-tests, run-e2e-upgrade-while-deleting-tests] | |
| if: ${{ !inputs.dry-run }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| with: | |
| fetch-depth: 0 | |
| - name: Publish release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: ./scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }} |