hardcode kube-bench v0.7.0 to fix 'glibc X not found' errors (#5087) #445
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy-production | |
on: | |
push: | |
tags: | |
- "v*.*.*" | |
jobs: | |
verify-tag: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Verify version tag | |
run: | | |
export VERSION_TAG=$GITHUB_REF_NAME | |
./bin/verify-tag.sh "${VERSION_TAG}" | |
kurl-util-image: | |
runs-on: ubuntu-20.04 | |
needs: | |
- verify-tag | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USER }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
- run: | | |
export VERSION_TAG=$GITHUB_REF_NAME | |
export KURL_UTIL_IMAGE=replicated/kurl-util:${VERSION_TAG} | |
make -C kurl_util build-and-push-kurl-util-image | |
docker tag replicated/kurl-util:${VERSION_TAG} replicated/kurl-util | |
docker push replicated/kurl-util | |
build-go-bins-matrix: | |
runs-on: ubuntu-20.04 | |
needs: | |
- kurl-util-image | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- id: set-matrix | |
name: Build image matrix | |
run: | | |
export VERSION_TAG=$GITHUB_REF_NAME | |
export KURL_UTIL_IMAGE=replicated/kurl-util:${VERSION_TAG} | |
export KURL_BIN_UTILS_FILE=kurl-bin-utils-${VERSION_TAG}.tar.gz | |
export FILTER_GO_BINS_ONLY="1" | |
OUTPUT=`bin/list-all-packages-actions-matrix.sh "${{ github.event.inputs.index }}"` | |
echo "matrix=$OUTPUT" >> $GITHUB_OUTPUT | |
bup: # shortened to allow reading what job is being run within github's UI | |
runs-on: ubuntu-20.04 | |
needs: | |
- build-go-bins-matrix | |
strategy: | |
matrix: ${{fromJSON(needs.build-go-bins-matrix.outputs.matrix)}} | |
fail-fast: false | |
max-parallel: 20 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: setup env | |
id: env | |
run: | | |
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV | |
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH | |
shell: bash | |
- name: build and upload packages | |
run: | | |
export VERSION_TAG=$GITHUB_REF_NAME | |
export KURL_UTIL_IMAGE=replicated/kurl-util:${VERSION_TAG} | |
export KURL_BIN_UTILS_FILE=kurl-bin-utils-${VERSION_TAG}.tar.gz | |
bin/upload-dist-versioned.sh "${{ matrix.batch }}" | |
env: | |
S3_BUCKET: kurl-sh | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }} | |
AWS_REGION: "us-east-1" | |
get-staging-release: | |
runs-on: ubuntu-20.04 | |
needs: | |
- verify-tag | |
outputs: | |
staging_release: ${{ steps.get_staging_release.outputs.staging_release }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: find corresponding staging release for commit | |
id: get_staging_release | |
run: | | |
version_commit="$(git rev-list "${GITHUB_REF_NAME}" -n 1 | xargs git rev-parse --short)" | |
# Grab the release asset directory name in s3. Should look like this: | |
# PRE v2023.01.03-0-1cee33ec/ | |
staging_release_dir="$(aws s3 ls s3://"${S3_BUCKET}/${STAGING_PREFIX}/" | grep "${version_commit}[0-9a-f]*/" | awk '{print $2}')" | |
if [ -z "${staging_release_dir}" ]; then | |
echo "Could not find staging release for commit ${GITHUB_REF_NAME} (${version_commit})" | |
exit 1 | |
fi | |
echo "staging_release=${staging_release_dir%/}" >> $GITHUB_OUTPUT | |
env: | |
S3_BUCKET: kurl-sh | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }} | |
AWS_REGION: "us-east-1" | |
STAGING_PREFIX: "staging" | |
verify-staging-release-testgrid-result: | |
runs-on: ubuntu-20.04 | |
needs: | |
- get-staging-release | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Verify Testgrid Run | |
run: | | |
bin/verify-testgrid-run.sh | |
env: | |
STAGING_RELEASE: ${{ needs.get-staging-release.outputs.staging_release }} | |
build-stage-packages-matrix: | |
runs-on: ubuntu-22.04 | |
needs: | |
- get-staging-release | |
- verify-staging-release-testgrid-result | |
outputs: | |
package: ${{ steps.set-matrix.outputs.package }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Build Package Matrix | |
id: set-matrix | |
run: | | |
export LIST_FROM_STAGE_S3="1" | |
BATCH_S3_PACKAGES=$(./bin/list-all-packages-actions-matrix.sh) | |
echo "${BATCH_S3_PACKAGES}" | jq | |
echo "package=${BATCH_S3_PACKAGES}" >> $GITHUB_OUTPUT | |
env: | |
S3_BUCKET: kurl-sh | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }} | |
AWS_REGION: "us-east-1" | |
STAGING_PREFIX: "staging" | |
STAGING_RELEASE: ${{ needs.get-staging-release.outputs.staging_release }} | |
copy-stage-packages-to-prod: | |
runs-on: ubuntu-22.04 | |
needs: | |
- get-staging-release | |
- build-stage-packages-matrix | |
strategy: | |
matrix: ${{ fromJSON(needs.build-stage-packages-matrix.outputs.package) }} | |
fail-fast: false | |
max-parallel: 20 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Copy packages to Prod | |
run: | | |
VERSION_TAG=$GITHUB_REF_NAME | |
batch="${{ matrix.batch }}" | |
for pkg in ${batch}; do | |
aws s3api copy-object --copy-source "${S3_BUCKET}/${STAGING_PREFIX}/${STAGING_RELEASE}/${pkg}" --bucket "${S3_BUCKET}" --key "${PACKAGE_PREFIX}/${VERSION_TAG}/${pkg}" | |
done | |
env: | |
S3_BUCKET: kurl-sh | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }} | |
AWS_REGION: "us-east-1" | |
PACKAGE_PREFIX: "dist" | |
STAGING_PREFIX: "staging" | |
STAGING_RELEASE: ${{ needs.get-staging-release.outputs.staging_release }} | |
generate-kurl-release-notes-pr: | |
runs-on: ubuntu-20.04 | |
needs: | |
- set-current-version | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Generate kURL Release Notes PR | |
env: | |
GH_PAT: ${{ secrets.AUTOMATED_PR_GH_PAT }} | |
run: | | |
export VERSION_TAG=$GITHUB_REF_NAME | |
curl -H "Authorization: token $GH_PAT" \ | |
-H 'Accept: application/json' \ | |
-d "{\"event_type\": \"kubernetes-installer-release-notes\", \"client_payload\": {\"version\": \"${VERSION_TAG}\" }}" \ | |
"https://api.github.com/repos/replicatedhq/replicated-docs/dispatches" | |
github-release: | |
runs-on: ubuntu-20.04 | |
needs: | |
- set-current-version | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Node and Go are needed by the SBOM generator | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: '14' | |
- name: setup-go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: '1.21' | |
- name: Get the version | |
id: get_tag | |
shell: bash | |
run: echo "GIT_TAG=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_OUTPUT" | |
- name: Generate Changelog | |
run: | | |
git fetch --tags -f | |
lastTag=$(git tag | grep '^v20' | grep -v 'v2022\.09\.04' | grep -v "$GIT_TAG" | sort | tail -1) | |
docker run --rm \ | |
--env CHANGELOG_GITHUB_TOKEN \ | |
-v `pwd`:/usr/local/src/your-app \ | |
ferrarimarco/github-changelog-generator \ | |
--user=replicatedhq \ | |
--project=kurl \ | |
--release-branch=main \ | |
--since-tag="$lastTag" \ | |
--max-issues=200 \ | |
--no-issues \ | |
--no-author | |
sed -i '/This Changelog was automatically generated/d' ./CHANGELOG.md | |
env: | |
CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }} | |
- name: Read Changelog | |
id: read-changelog | |
uses: juliangruber/read-file-action@v1 | |
with: | |
path: ./CHANGELOG.md | |
- name: GitHub Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }} | |
with: | |
tag_name: ${{ env.GIT_TAG }} | |
release_name: Release ${{ env.GIT_TAG }} | |
body: ${{ steps.read-changelog.outputs.content }} | |
draft: false | |
prerelease: false | |
- name: Get Cosign Key | |
run: | | |
echo $COSIGN_KEY | base64 -d > ./cosign.key | |
env: | |
COSIGN_KEY: ${{secrets.COSIGN_KEY}} | |
- uses: sigstore/cosign-installer@main | |
with: | |
cosign-release: 'v1.2.1' | |
- name: Generate SBOM | |
run: | | |
make sbom | |
env: | |
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
COSIGN_KEY: ${{ secrets.COSIGN_KEY }} | |
- uses: shogo82148/actions-upload-release-asset@v1 | |
with: | |
upload_url: ${{ steps.create_release.outputs.upload_url }} | |
asset_path: sbom/assets/* | |
set-current-version: | |
runs-on: ubuntu-20.04 | |
needs: | |
- bup | |
- copy-stage-packages-to-prod | |
steps: | |
- name: Set VERSION file in s3 | |
run: | | |
export VERSION_TAG=$GITHUB_REF_NAME | |
echo -n "$VERSION_TAG" | aws s3 cp - s3://$S3_BUCKET/$DIST_FOLDER/VERSION | |
env: | |
S3_BUCKET: kurl-sh | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: "us-east-1" | |
DIST_FOLDER: "dist" | |
testgrid-run: | |
runs-on: ubuntu-20.04 | |
needs: | |
- set-current-version | |
steps: | |
- name: Sleep for 3 minutes | |
uses: juliangruber/sleep-action@v2 | |
with: | |
time: "3m" | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Get the version | |
id: get_tag | |
shell: bash | |
run: echo "GIT_TAG=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_OUTPUT" | |
- name: Tgrun Queue | |
id: queue | |
env: | |
TESTGRID_API_TOKEN: ${{ secrets.TESTGRID_PROD_API_TOKEN }} | |
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }} | |
run: | | |
REF="PROD-release-${GIT_TAG}-$(date '+%Y%m%d%H%M%S')" | |
docker pull replicated/tgrun:latest | |
docker run --rm -e TESTGRID_API_TOKEN -v `pwd`:/wrk -w /wrk \ | |
replicated/tgrun:latest queue \ | |
--ref "${REF}" \ | |
--spec ./testgrid/specs/deploy.yaml \ | |
--os-spec ./testgrid/specs/os-latest.yaml \ | |
--priority 1 | |
MSG="Testgrid Run(s) Executing @ https://testgrid.kurl.sh/run/${REF}" | |
echo "msg=$MSG" >> "$GITHUB_OUTPUT" | |
echo "::notice ::${MSG}" |