[reconcile]: update .github/workflows/issue-pipe.yaml #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: release | |
on: | |
push: | |
tags: | |
- "v*.*.*" | |
branches: | |
- main | |
jobs: | |
generate-tag: | |
runs-on: ubuntu-20.04 | |
outputs: | |
tag: ${{ github.ref_type == 'branch' && steps.get_tag.outputs.GIT_TAG || github.ref_name }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Get tags | |
id: get_tag | |
uses: ./actions/version-tag | |
- name: Push tag | |
if: github.ref_type == 'branch' | |
env: | |
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }} | |
run: | | |
git tag $GIT_TAG | |
git push origin $GIT_TAG | |
image-deps-updater: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: '^1.17.4' | |
- name: Run Update Script | |
env: | |
GITHUB_AUTH_TOKEN: ${{ secrets.NIGHTLY_GH_PAT }} | |
run: | | |
go run ./cmd/imagedeps | |
- name: Create Pull Request # creates a PR if there are differences | |
uses: peter-evans/create-pull-request@v3 | |
id: cpr | |
with: | |
token: ${{ secrets.NIGHTLY_GH_PAT }} | |
commit-message: update kots image dependency tags | |
title: 'Automated Kots Image Dependency Tag Update' | |
branch: automation/image-dependencies | |
delete-branch: true | |
labels: | | |
automated-pr | |
images | |
draft: false | |
base: "main" | |
body: "Automated changes by the [release](https://github.com/replicatedhq/kots/blob/main/.github/workflows/release.yaml) GitHub action" | |
- name: Check outputs | |
run: | | |
echo "Pull Request Number - ${{ steps.cpr.outputs.pull-request-number }}" | |
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" | |
generate-schema: | |
runs-on: ubuntu-20.04 | |
container: | |
image: schemahero/schemahero:0.13.2 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Generate fixtures | |
run: | | |
/schemahero fixtures \ | |
--input-dir ./migrations/tables \ | |
--output-dir ./migrations/fixtures/schema \ | |
--dbname ship-cloud --driver postgres | |
- name: Upload schema artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: schema | |
path: ./migrations/fixtures/schema/fixtures.sql | |
generate-fixtures: | |
runs-on: ubuntu-20.04 | |
needs: [generate-schema] | |
container: | |
image: replicated/gitops-builder:buildkite | |
options: --user root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Download schema artifact | |
uses: actions/download-artifact@v2 | |
with: | |
name: schema | |
path: ./migrations/fixtures/schema | |
- name: Build fixtures | |
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations/fixtures deps build run | |
- name: Upload fixtures artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: fixtures | |
path: ./migrations/fixtures/fixtures.sql | |
build-schema-migrations: | |
runs-on: ubuntu-20.04 | |
needs: [generate-fixtures, generate-tag] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: azure/docker-login@v1 | |
env: | |
DOCKER_CONFIG: ./migrations/.docker | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: "Release schema migrations on tag" | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
DOCKER_CONFIG: ./.docker | |
run: | | |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C migrations schema-release | |
- name: Upload airgap image | |
uses: actions/upload-artifact@v2 | |
with: | |
name: migrations-image | |
path: ./migrations/bin/docker-archive | |
build-web: | |
runs-on: ubuntu-20.04 | |
needs: [generate-tag] | |
container: | |
image: replicated/gitops-builder:buildkite-go17-node17 | |
options: --user root | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Build web | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C web deps build-kotsadm | |
- name: Upload web artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: web | |
path: ./web/dist | |
build-kurl-proxy: | |
runs-on: ubuntu-20.04 | |
needs: [generate-tag] | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
steps: | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: '^1.17.4' | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache Go modules | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-kurlproxy-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-kurlproxy- | |
- name: Build kurl_proxy | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
SCOPE_DSN_PUBLIC: "" | |
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make -C kurl_proxy test build | |
- name: Upload kurl_proxy artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: kurl_proxy | |
path: ./kurl_proxy/bin | |
- uses: azure/docker-login@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build tagged release | |
working-directory: ./kurl_proxy | |
run: | | |
docker build --pull -f deploy/Dockerfile -t kotsadm/kurl-proxy:$GIT_TAG -t kotsadm/kurl-proxy:v0.0.0-nightly . | |
docker push kotsadm/kurl-proxy:$GIT_TAG | |
docker push kotsadm/kurl-proxy:v0.0.0-nightly | |
build-go-api: | |
runs-on: ubuntu-20.04 | |
needs: [build-web, generate-tag] | |
steps: | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: '^1.17.4' | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache Go modules | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-kots-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-kots- | |
- name: Download web artifact | |
uses: actions/download-artifact@v2 | |
with: | |
name: web | |
path: ./web/dist | |
- name: Build Go API | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
SCOPE_DSN_PUBLIC: "" | |
run: export $(cat .image.env | sed 's/#.*//g' | xargs) && make ci-test kots build | |
- name: Upload Go API artifact | |
uses: actions/upload-artifact@v2 | |
with: | |
name: go_api | |
path: ./bin | |
release-go-api-tagged: | |
runs-on: ubuntu-20.04 | |
needs: [build-go-api, generate-tag] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Download go_api artifact | |
uses: actions/download-artifact@v2 | |
with: | |
name: go_api | |
path: ./bin | |
- name: Add executable permissions | |
run: | | |
chmod a+x ./bin/kotsadm | |
chmod a+x ./bin/kots | |
- uses: azure/docker-login@v1 | |
env: | |
DOCKER_CONFIG: ./.docker | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- name: Build tagged release | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
DOCKER_CONFIG: ./.docker | |
run: | | |
export $(cat .image.env | sed 's/#.*//g' | xargs) && make build-release | |
- name: Upload airgap image | |
uses: actions/upload-artifact@v2 | |
with: | |
name: kotsadm-image | |
path: ./bin/docker-archive | |
goreleaser: | |
runs-on: ubuntu-20.04 | |
if: github.ref_type != 'branch' | |
needs: [build-web] | |
steps: | |
- uses: actions/setup-go@v2 | |
with: | |
go-version: '^1.17.4' | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Cache Go modules | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.cache/go-build | |
~/go/pkg/mod | |
key: ${{ runner.os }}-go-goreleaser-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go-goreleaser- | |
- name: Unshallow | |
run: git fetch --prune --unshallow | |
- run: sudo apt-get update -y | |
- run: sudo apt-get -qq -y install gnupg2 libdevmapper-dev libgpgme-dev libc6-dev-i386 btrfs-progs libbtrfs-dev pkg-config | |
- name: set previous release tag for goreleaser | |
run: | | |
export TAG=$(curl --silent "https://api.github.com/repos/replicatedhq/kots/releases/latest" | grep -Po '"tag_name": "\K.*?(?=")') | |
echo "GORELEASER_PREVIOUS_TAG=${TAG}" >> $GITHUB_ENV | |
- uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v1.2.1' | |
- name: Get Cosign Key | |
run: | | |
echo $COSIGN_KEY | base64 -d > ./cosign.key | |
env: | |
COSIGN_KEY: ${{secrets.COSIGN_KEY}} | |
- name: Download web artifact | |
uses: actions/download-artifact@v2 | |
with: | |
name: web | |
path: ./web/dist | |
- name: Generate SBOM | |
run: | | |
set -x | |
make sbom | |
env: | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
- name: Run GoReleaser | |
uses: goreleaser/goreleaser-action@v2 | |
with: | |
version: "v1.2.5" | |
args: release --rm-dist --config deploy/.goreleaser.yaml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# This needs to go away once kots starts generating the kurl addon and kurl is updated to use the kots genearted addon | |
generate-kurl-addon-pr: | |
runs-on: ubuntu-20.04 | |
if: github.ref_type != 'branch' | |
needs: [build-kurl-proxy, build-airgap, generate-tag] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Generate Kurl Addon PR | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
GH_PAT: ${{ secrets.GH_PAT }} | |
run: | | |
# Strips off the 'v' in version | |
curl -H "Authorization: token $GH_PAT" \ | |
-H 'Accept: application/json' \ | |
-d "{\"event_type\": \"auto-kotsadm-update\", \"client_payload\": {\"version\": \"${GIT_TAG:1}\" }}" \ | |
"https://api.github.com/repos/replicatedhq/kurl/dispatches" | |
generate-kurl-addon: | |
runs-on: ubuntu-20.04 | |
needs: [ generate-tag, build-kurl-proxy, build-schema-migrations, release-go-api-tagged ] | |
outputs: | |
addon_package_url: ${{ steps.addon-generate.outputs.addon_package_url }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.KURL_ADDONS_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.KURL_ADDONS_AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: us-east-1 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
- name: set outputs | |
id: vars | |
run: | | |
addon_version=${{ needs.generate-tag.outputs.tag }} | |
echo "::set-output name=addon_version::${addon_version#v}" | |
- name: download kots binary | |
uses: actions/download-artifact@v2 | |
with: | |
name: go_api | |
path: bin/ | |
- name: prepare kots binary executable | |
run: | | |
chmod +x bin/* | |
tar -C bin/ -czvf bin/kots.tar.gz kots | |
- uses: ./.github/actions/kurl-addon-kots-generate | |
id: addon-generate | |
with: | |
addon_version: ${{ steps.vars.outputs.addon_version }} | |
s3_prefix: "${{ github.ref_type != 'branch' && '' || 'test/' }}" | |
kotsadm_binary_override: bin/kots.tar.gz | |
# only run validate-kurl-addon if changes to "deploy/kurl/kotsadm/template/**" | |
kurl-addon-changes-filter: | |
runs-on: ubuntu-20.04 | |
outputs: | |
ok-to-test: ${{ steps.filter.outputs.kurl-addon }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: dorny/paths-filter@v2 | |
id: filter | |
with: | |
filters: | | |
kurl-addon: | |
- 'deploy/kurl/kotsadm/template/**' | |
- 'deploy/kurl/kotsadm/testgrid-os-spec.yaml' | |
validate-kurl-addon: | |
runs-on: ubuntu-20.04 | |
if: ${{ github.ref_type != 'branch' || needs.kurl-addon-changes-filter.outputs.ok-to-test == 'true' }} | |
needs: [ generate-kurl-addon, kurl-addon-changes-filter ] | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
- name: set outputs | |
id: vars | |
run: | | |
addon_version=${{ needs.generate-tag.outputs.tag }} | |
echo "::set-output name=addon_version::${addon_version#v}" | |
- uses: ./.github/actions/kurl-addon-kots-test | |
with: | |
addon_version: ${{ steps.vars.outputs.addon_version }} | |
addon_package_url: "${{ needs.generate-kurl-addon.outputs.addon_package_url }}" | |
priority: ${{ github.ref_type != 'branch' && '1' || '0' }} | |
testgrid_api_token: ${{ secrets.TESTGRID_PROD_API_TOKEN }} | |
publish-kurl-addon: | |
runs-on: ubuntu-20.04 | |
if: ${{ github.ref_type != 'branch' }} | |
needs: [ generate-tag, generate-kurl-addon ] | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.KURL_ADDONS_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.KURL_ADDONS_AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: us-east-1 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
- name: set outputs | |
id: vars | |
run: | | |
addon_version=${{ needs.generate-tag.outputs.tag }} | |
echo "::set-output name=addon_version::${addon_version#v}" | |
- uses: ./.github/actions/kurl-addon-kots-publisher | |
with: | |
ADDON_VERSION: ${{ steps.vars.outputs.addon_version }} | |
ADDON_PACKAGE_URL: ${{ needs.generate-kurl-addon.outputs.addon_package_url }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- run: aws s3 cp ./deploy/kurl/versions.json s3://kots-kurl-addons-production-1658439274 | |
generate-kots-release-notes-pr: | |
runs-on: ubuntu-20.04 | |
needs: [generate-tag] | |
if: github.ref_type != 'branch' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Generate KOTS Release Notes PR | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
GH_PAT: ${{ secrets.GH_PAT }} | |
run: | | |
curl -H "Authorization: token $GH_PAT" \ | |
-H 'Accept: application/json' \ | |
-d "{\"event_type\": \"app-manager-release-notes\", \"client_payload\": {\"version\": \"${GIT_TAG}\" }}" \ | |
"https://api.github.com/repos/replicatedhq/replicated-docs/dispatches" | |
build-airgap: | |
runs-on: ubuntu-20.04 | |
if: github.ref_type != 'branch' | |
needs: [release-go-api-tagged, goreleaser, build-schema-migrations, generate-tag] | |
steps: | |
- name: Download migrations | |
uses: actions/download-artifact@v2 | |
with: | |
name: migrations-image | |
path: ./docker-archive | |
- name: Download kotsadm image | |
uses: actions/download-artifact@v2 | |
with: | |
name: kotsadm-image | |
path: ./docker-archive | |
- name: Make kotsadm airgap archive with minio image | |
run: | | |
tar czf ./kotsadm.tar.gz -C ./ ./docker-archive | |
- name: Upload airgap bundle with minio image | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ needs.generate-tag.outputs.tag }} | |
files: ./kotsadm.tar.gz | |
- name: Make kotsadm airgap archive without minio image | |
run: | | |
rm -rf ./docker-archive/minio | |
rm -f ./kotsadm.tar.gz | |
tar czf ./kotsadm-nominio.tar.gz -C ./ ./docker-archive | |
- name: Upload airgap bundle without minio image | |
uses: softprops/action-gh-release@v1 | |
with: | |
tag_name: ${{ needs.generate-tag.outputs.tag }} | |
files: ./kotsadm-nominio.tar.gz | |
regression-test-setup: | |
name: Run regression testing | |
if: github.ref_type == 'branch' | |
runs-on: ubuntu-latest | |
needs: [ generate-tag ] | |
outputs: | |
last_release_tag: ${{ steps.get_latest_release_tag.outputs.release }} | |
automation_id: ${{ steps.get_id.outputs.id }} | |
steps: | |
- name: Get latest release tag | |
id: get_latest_release_tag | |
uses: pozetroninc/github-action-get-latest-release@master | |
with: | |
repository: ${{ github.repository }} | |
excludes: prerelease, draft | |
- id: get_id | |
run: | | |
id=${{ github.sha }} | |
echo "::set-output name=id::${id:0:7}" | |
regression-test: | |
if: github.ref_type == 'branch' | |
needs: [ regression-test-setup, generate-tag, build-go-api, release-go-api-tagged, generate-kurl-addon ] | |
uses: ./.github/workflows/regression.yaml | |
with: | |
version_tag_old: ${{ needs.regression-test-setup.outputs.last_release_tag }} | |
version_tag_new: ${{ needs.generate-tag.outputs.tag }} | |
addon_package_url: ${{ needs.generate-kurl-addon.outputs.addon_package_url }} | |
id: ${{ needs.regression-test-setup.outputs.automation_id }} | |
secrets: | |
E2E_TESTIM_AWS_ACCESS_KEY_ID: ${{ secrets.E2E_TESTIM_AWS_ACCESS_KEY_ID }} | |
E2E_TESTIM_AWS_SECRET_ACCESS_KEY: ${{ secrets.E2E_TESTIM_AWS_SECRET_ACCESS_KEY }} | |
TESTIM_ACCESS_TOKEN: ${{ secrets.TESTIM_ACCESS_TOKEN }} | |
E2E_GH_PAT: ${{ secrets.E2E_GH_PAT }} | |
KOTS_BUILD_STATUS_SLACK_WEBHOOK_URL: ${{ secrets.KOTS_BUILD_STATUS_SLACK_WEBHOOK_URL }} | |
start-kgrid-test: | |
runs-on: ubuntu-20.04 | |
needs: [release-go-api-tagged, generate-tag] | |
if: github.ref_type == 'branch' | |
env: | |
GIT_TAG: ${{ needs.generate-tag.outputs.tag }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- uses: kceb/pull-request-url-action@v2 | |
id: pr_url | |
- name: Expose git commit data | |
uses: rlespinasse/[email protected] # no v1 tag | |
- name: Create staging gitops commit | |
env: | |
REPLICATEDCOM_GITHUB_PRIVATE_KEY: ${{ secrets.REPLICATEDCOM_GITHUB_PRIVATE_KEY }} | |
PR_URL: ${{ steps.pr_url.outputs.url }} | |
GITOPS_OWNER: replicatedcom | |
GITOPS_REPO: gitops-deploy | |
GITOPS_BRANCH: main | |
RUN_ID: ${{ github.run_id }} | |
run: ./hack/deploy-kgrid.sh | |
- name: Create production gitops commit | |
id: deploy_kgrid | |
env: | |
REPLICATEDCOM_GITHUB_PRIVATE_KEY: ${{ secrets.REPLICATEDCOM_GITHUB_PRIVATE_KEY }} | |
PR_URL: ${{ steps.pr_url.outputs.url }} | |
OVERLAY: production | |
GITOPS_OWNER: replicatedcom | |
GITOPS_REPO: gitops-deploy | |
GITOPS_BRANCH: release | |
run: ./hack/deploy-kgrid.sh | |
- name: Wait for production kgrid tests | |
env: | |
KGRID_API_TOKEN: ${{ secrets.KGRID_API_TOKEN }} | |
KGRID_RUN_ID: ${{ steps.deploy_kgrid.outputs.kgrid-run-id }} | |
run: | | |
printf "\n\nSupport bundles are available in the Replicated production AWS account under the 'kgrid-support-bundles' S3 bucket. To download a support bundle, you can do so using the AWS Management Console, or by configuring the AWS cli tool with the appropriate credentials and running the following command: \n\naws s3 cp <test-supportbundle-s3-url> <local-filename>.tar.gz\n\n" | |
./hack/wait-kgrid.sh |