-
Notifications
You must be signed in to change notification settings - Fork 105
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add release workflow for this project (#215)
Signed-off-by: Raphael Silva <[email protected]>
- Loading branch information
Showing
6 changed files
with
219 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
#!/bin/sh | ||
|
||
IMAGE=$1 | ||
CONTAINER_NAME="integ-test-$(date +%s)" | ||
|
||
docker run -dt -p 8080:8080 \ | ||
-e AWS_ACCESS_KEY_ID \ | ||
-e AWS_SECRET_ACCESS_KEY \ | ||
-e AWS_SESSION_TOKEN \ | ||
-e AWS_REGION=us-east-1 \ | ||
--name $CONTAINER_NAME \ | ||
$IMAGE | ||
|
||
curl -s -H 'host: s3.amazonaws.com' http://localhost:8080 | grep ListAllMyBucketsResult | ||
result=$? | ||
|
||
docker stop $CONTAINER_NAME | ||
docker rm $CONTAINER_NAME | ||
|
||
if [ "$result" == "1" ]; then | ||
echo "Integration tests failed" | ||
exit 1 | ||
fi | ||
|
||
exit 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
name: Continuous integration | ||
on: | ||
push: | ||
branches: | ||
- main | ||
- "release/v*" | ||
env: | ||
AWS_STAGING_REGION: us-west-2 | ||
STAGING_ECR_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com | ||
STAGING_ECR_REPOSITORY: aws-sigv4-proxy-staging | ||
|
||
jobs: | ||
build: | ||
name: Build and publish to staging | ||
runs-on: ubuntu-latest | ||
outputs: | ||
commit-short-sha: ${{ steps.staging-info.outputs.commit-short-sha }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Setup Go | ||
uses: actions/setup-go@v5 | ||
with: | ||
go-version: ~1.22.4 | ||
|
||
- name: Build | ||
run: | | ||
go build -v ./cmd/aws-sigv4-proxy | ||
- name: Run tests | ||
run: go test -v ./... | ||
|
||
- name: Configure AWS Credentials for Private ECR | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_STAGING }} | ||
aws-region: ${{ env.AWS_STAGING_REGION }} | ||
|
||
- name: Log in to AWS private ECR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.STAGING_ECR_REGISTRY }} | ||
|
||
- name: Get short sha | ||
id: staging-info | ||
run: | | ||
shortSha=$(git rev-parse --short ${{ github.sha }}) | ||
echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT | ||
- name: Build and push image to staging | ||
uses: docker/build-push-action@v5 | ||
with: | ||
file: Dockerfile | ||
context: . | ||
push: true | ||
tags: | | ||
${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ steps.staging-info.outputs.commit-short-sha }} | ||
platforms : linux/amd64, linux/arm64 | ||
|
||
integration-tests: | ||
name: Run integration tests on image from staging | ||
needs: build | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Configure AWS Credentials for Private ECR | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_INTEG_TESTS }} | ||
aws-region: ${{ env.AWS_STAGING_REGION }} | ||
|
||
- name: Run integration tests | ||
run: ./github/scripts/integ-tests.sh ${{ env.STAGING_ECR_REGISTRY }}/${{ env.STAGING_ECR_REPOSITORY }}:${{ needs.build.outputs.commit-short-sha }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
name: CD | ||
name: Build | ||
|
||
on: [push, pull_request] | ||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
|
||
name: Release aws-sigv4-proxy | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
dryrunMode: | ||
description: 'Run workflow in dry-run mode (nothing will be published)' | ||
required: true | ||
default: 'true' | ||
type: choice | ||
options: | ||
- 'true' | ||
- 'false' | ||
|
||
env: | ||
AWS_PUBLIC_ECR_REGION: us-east-1 | ||
AWS_PRIVATE_ECR_REGION: us-west-2 | ||
PUBLIC_REGISTRY: public.ecr.aws | ||
STAGING_REGISTRY: 611364707713.dkr.ecr.us-west-2.amazonaws.com | ||
RELEASE_IMAGE_NAME: aws-sigv4-proxy | ||
STAGING_IMAGE_NAME: aws-sigv4-proxy-staging | ||
|
||
jobs: | ||
release: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
|
||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
|
||
- name: Get version and sha | ||
id: release-info | ||
run: | | ||
echo "release-version=$(cat VERSION)" >> $GITHUB_OUTPUT | ||
shortSha=$(git rev-parse --short ${{ github.sha }}) | ||
echo "commit-short-sha=$shortSha" >> $GITHUB_OUTPUT | ||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} | ||
aws-region: ${{ env.AWS_PUBLIC_ECR_REGION }} | ||
|
||
- name: Log in to AWS ECR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.PUBLIC_REGISTRY }} | ||
|
||
- name: Configure AWS Credentials for Private ECR | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN_RELEASE }} | ||
aws-region: ${{ env.AWS_PRIVATE_ECR_REGION }} | ||
|
||
- name: Log in to AWS private ECR | ||
uses: docker/login-action@v3 | ||
with: | ||
registry: ${{ env.STAGING_REGISTRY }} | ||
|
||
- name: Push image to public ecr - dryrun | ||
if: ${{ inputs.dryrunMode == 'true' }} | ||
run: | | ||
docker buildx imagetools create \ | ||
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \ | ||
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \ | ||
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \ | ||
${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} | ||
--dry-run | ||
- name: Create release - dryrun | ||
if: ${{ inputs.dryrunMode == 'true' }} | ||
run: | | ||
echo gh release create --target "$GITHUB_REF_NAME" \ | ||
--title "Release v${{ steps.release-info.outputs.release-version }}" \ | ||
--draft \ | ||
"v${{ steps.release-info.outputs.release-version }}" \ | ||
- name: Push image to public ecr | ||
if: ${{ inputs.dryrunMode == 'false' }} | ||
run: | | ||
docker buildx imagetools create \ | ||
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:latest \ | ||
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.release-version }} \ | ||
--tag ${{ env.PUBLIC_REGISTRY }}/${{ env.RELEASE_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} \ | ||
${{ env.STAGING_REGISTRY }}/${{ env.STAGING_IMAGE_NAME }}:${{ steps.release-info.outputs.commit-short-sha }} | ||
- name: Create release | ||
if: ${{ inputs.dryrunMode == 'false'}} | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | ||
run: | | ||
gh release create --target "$GITHUB_REF_NAME" \ | ||
--title "Release v${{ steps.release-info.outputs.release-version }}" \ | ||
--draft \ | ||
"v${{ steps.release-info.outputs.release-version }}" \ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
# Instructions to release a new version | ||
|
||
To release a new version of the aws-sigv4-proxy, please follow these steps: | ||
|
||
1. Create a release branch for this minor version series, if one does not exist yet. The convention is to name this branch: `release/v<release series>` where release series has the format `<major version>.<minor version>.x`. Example of branch `release/v1.8.x` | ||
2. From the release branch, update the content of the `VERSION` file in the root of this repository. The convention is to ommit the patch version if that is in 0. Example of content: `1.8` or `1.8.1`. Merge the PR that updates the `VERSION` file. Confirm that the continuous integration workflow will succeed. | ||
3. Run the release workflow. Go to the GitHub UI in this repository and select `Actions`. Then select the `Release aws-sigv4-proxy` workflow. Select the release branch. You can optionally test with dry-run mode before releasing. | ||
4. After the release is completed. Update the release notes for this release. | ||
5. Merge the changes from the release branch into mainline. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
1.8 |