Skip to content

hardcode kube-bench v0.7.0 to fix 'glibc X not found' errors (#5087) #445

hardcode kube-bench v0.7.0 to fix 'glibc X not found' errors (#5087)

hardcode kube-bench v0.7.0 to fix 'glibc X not found' errors (#5087) #445

Workflow file for this run

name: deploy-production
on:
push:
tags:
- "v*.*.*"
jobs:
verify-tag:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Verify version tag
run: |
export VERSION_TAG=$GITHUB_REF_NAME
./bin/verify-tag.sh "${VERSION_TAG}"
kurl-util-image:
runs-on: ubuntu-20.04
needs:
- verify-tag
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- run: |
export VERSION_TAG=$GITHUB_REF_NAME
export KURL_UTIL_IMAGE=replicated/kurl-util:${VERSION_TAG}
make -C kurl_util build-and-push-kurl-util-image
docker tag replicated/kurl-util:${VERSION_TAG} replicated/kurl-util
docker push replicated/kurl-util
build-go-bins-matrix:
runs-on: ubuntu-20.04
needs:
- kurl-util-image
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
- id: set-matrix
name: Build image matrix
run: |
export VERSION_TAG=$GITHUB_REF_NAME
export KURL_UTIL_IMAGE=replicated/kurl-util:${VERSION_TAG}
export KURL_BIN_UTILS_FILE=kurl-bin-utils-${VERSION_TAG}.tar.gz
export FILTER_GO_BINS_ONLY="1"
OUTPUT=`bin/list-all-packages-actions-matrix.sh "${{ github.event.inputs.index }}"`
echo "matrix=$OUTPUT" >> $GITHUB_OUTPUT
bup: # shortened to allow reading what job is being run within github's UI
runs-on: ubuntu-20.04
needs:
- build-go-bins-matrix
strategy:
matrix: ${{fromJSON(needs.build-go-bins-matrix.outputs.matrix)}}
fail-fast: false
max-parallel: 20
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: setup env
id: env
run: |
echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
shell: bash
- name: build and upload packages
run: |
export VERSION_TAG=$GITHUB_REF_NAME
export KURL_UTIL_IMAGE=replicated/kurl-util:${VERSION_TAG}
export KURL_BIN_UTILS_FILE=kurl-bin-utils-${VERSION_TAG}.tar.gz
bin/upload-dist-versioned.sh "${{ matrix.batch }}"
env:
S3_BUCKET: kurl-sh
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
AWS_REGION: "us-east-1"
get-staging-release:
runs-on: ubuntu-20.04
needs:
- verify-tag
outputs:
staging_release: ${{ steps.get_staging_release.outputs.staging_release }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: find corresponding staging release for commit
id: get_staging_release
run: |
version_commit="$(git rev-list "${GITHUB_REF_NAME}" -n 1 | xargs git rev-parse --short)"
# Grab the release asset directory name in s3. Should look like this:
# PRE v2023.01.03-0-1cee33ec/
staging_release_dir="$(aws s3 ls s3://"${S3_BUCKET}/${STAGING_PREFIX}/" | grep "${version_commit}[0-9a-f]*/" | awk '{print $2}')"
if [ -z "${staging_release_dir}" ]; then
echo "Could not find staging release for commit ${GITHUB_REF_NAME} (${version_commit})"
exit 1
fi
echo "staging_release=${staging_release_dir%/}" >> $GITHUB_OUTPUT
env:
S3_BUCKET: kurl-sh
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
AWS_REGION: "us-east-1"
STAGING_PREFIX: "staging"
verify-staging-release-testgrid-result:
runs-on: ubuntu-20.04
needs:
- get-staging-release
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Verify Testgrid Run
run: |
bin/verify-testgrid-run.sh
env:
STAGING_RELEASE: ${{ needs.get-staging-release.outputs.staging_release }}
build-stage-packages-matrix:
runs-on: ubuntu-22.04
needs:
- get-staging-release
- verify-staging-release-testgrid-result
outputs:
package: ${{ steps.set-matrix.outputs.package }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Build Package Matrix
id: set-matrix
run: |
export LIST_FROM_STAGE_S3="1"
BATCH_S3_PACKAGES=$(./bin/list-all-packages-actions-matrix.sh)
echo "${BATCH_S3_PACKAGES}" | jq
echo "package=${BATCH_S3_PACKAGES}" >> $GITHUB_OUTPUT
env:
S3_BUCKET: kurl-sh
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
AWS_REGION: "us-east-1"
STAGING_PREFIX: "staging"
STAGING_RELEASE: ${{ needs.get-staging-release.outputs.staging_release }}
copy-stage-packages-to-prod:
runs-on: ubuntu-22.04
needs:
- get-staging-release
- build-stage-packages-matrix
strategy:
matrix: ${{ fromJSON(needs.build-stage-packages-matrix.outputs.package) }}
fail-fast: false
max-parallel: 20
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Copy packages to Prod
run: |
VERSION_TAG=$GITHUB_REF_NAME
batch="${{ matrix.batch }}"
for pkg in ${batch}; do
aws s3api copy-object --copy-source "${S3_BUCKET}/${STAGING_PREFIX}/${STAGING_RELEASE}/${pkg}" --bucket "${S3_BUCKET}" --key "${PACKAGE_PREFIX}/${VERSION_TAG}/${pkg}"
done
env:
S3_BUCKET: kurl-sh
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
AWS_REGION: "us-east-1"
PACKAGE_PREFIX: "dist"
STAGING_PREFIX: "staging"
STAGING_RELEASE: ${{ needs.get-staging-release.outputs.staging_release }}
generate-kurl-release-notes-pr:
runs-on: ubuntu-20.04
needs:
- set-current-version
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate kURL Release Notes PR
env:
GH_PAT: ${{ secrets.AUTOMATED_PR_GH_PAT }}
run: |
export VERSION_TAG=$GITHUB_REF_NAME
curl -H "Authorization: token $GH_PAT" \
-H 'Accept: application/json' \
-d "{\"event_type\": \"kubernetes-installer-release-notes\", \"client_payload\": {\"version\": \"${VERSION_TAG}\" }}" \
"https://api.github.com/repos/replicatedhq/replicated-docs/dispatches"
github-release:
runs-on: ubuntu-20.04
needs:
- set-current-version
steps:
- name: Checkout
uses: actions/checkout@v4
# Node and Go are needed by the SBOM generator
- uses: actions/setup-node@v4
with:
node-version: '14'
- name: setup-go
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Get the version
id: get_tag
shell: bash
run: echo "GIT_TAG=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_OUTPUT"
- name: Generate Changelog
run: |
git fetch --tags -f
lastTag=$(git tag | grep '^v20' | grep -v 'v2022\.09\.04' | grep -v "$GIT_TAG" | sort | tail -1)
docker run --rm \
--env CHANGELOG_GITHUB_TOKEN \
-v `pwd`:/usr/local/src/your-app \
ferrarimarco/github-changelog-generator \
--user=replicatedhq \
--project=kurl \
--release-branch=main \
--since-tag="$lastTag" \
--max-issues=200 \
--no-issues \
--no-author
sed -i '/This Changelog was automatically generated/d' ./CHANGELOG.md
env:
CHANGELOG_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }}
- name: Read Changelog
id: read-changelog
uses: juliangruber/read-file-action@v1
with:
path: ./CHANGELOG.md
- name: GitHub Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }}
with:
tag_name: ${{ env.GIT_TAG }}
release_name: Release ${{ env.GIT_TAG }}
body: ${{ steps.read-changelog.outputs.content }}
draft: false
prerelease: false
- name: Get Cosign Key
run: |
echo $COSIGN_KEY | base64 -d > ./cosign.key
env:
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- uses: sigstore/cosign-installer@main
with:
cosign-release: 'v1.2.1'
- name: Generate SBOM
run: |
make sbom
env:
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
COSIGN_KEY: ${{ secrets.COSIGN_KEY }}
- uses: shogo82148/actions-upload-release-asset@v1
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: sbom/assets/*
set-current-version:
runs-on: ubuntu-20.04
needs:
- bup
- copy-stage-packages-to-prod
steps:
- name: Set VERSION file in s3
run: |
export VERSION_TAG=$GITHUB_REF_NAME
echo -n "$VERSION_TAG" | aws s3 cp - s3://$S3_BUCKET/$DIST_FOLDER/VERSION
env:
S3_BUCKET: kurl-sh
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PROD_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PROD_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: "us-east-1"
DIST_FOLDER: "dist"
testgrid-run:
runs-on: ubuntu-20.04
needs:
- set-current-version
steps:
- name: Sleep for 3 minutes
uses: juliangruber/sleep-action@v2
with:
time: "3m"
- name: Checkout
uses: actions/checkout@v4
- name: Get the version
id: get_tag
shell: bash
run: echo "GIT_TAG=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_OUTPUT"
- name: Tgrun Queue
id: queue
env:
TESTGRID_API_TOKEN: ${{ secrets.TESTGRID_PROD_API_TOKEN }}
GIT_TAG: ${{ steps.get_tag.outputs.GIT_TAG }}
run: |
REF="PROD-release-${GIT_TAG}-$(date '+%Y%m%d%H%M%S')"
docker pull replicated/tgrun:latest
docker run --rm -e TESTGRID_API_TOKEN -v `pwd`:/wrk -w /wrk \
replicated/tgrun:latest queue \
--ref "${REF}" \
--spec ./testgrid/specs/deploy.yaml \
--os-spec ./testgrid/specs/os-latest.yaml \
--priority 1
MSG="Testgrid Run(s) Executing @ https://testgrid.kurl.sh/run/${REF}"
echo "msg=$MSG" >> "$GITHUB_OUTPUT"
echo "::notice ::${MSG}"