This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Create release" | ||
run-name: Create release ${{ inputs.name }} | ||
env: | ||
IMAGE_REPO: europe-docker.pkg.dev/kyma-project/prod/kyma-environment-broker | ||
KYMA_ENVIRONMENT_BROKER_REPO: ${{ github.repository_owner }}/kyma-environment-broker | ||
GIT_EMAIL: team-gopher+1@sap.com | ||
GIT_NAME: kyma-gopher-bot | ||
BUMP_CHART_AND_IMAGES: bump-chart-and-images-${{ inputs.name }} | ||
on: | ||
workflow_dispatch: | ||
inputs: | ||
name: | ||
description: 'Create release' | ||
default: "" | ||
required: true | ||
dry-run: | ||
type: boolean | ||
description: 'Do not publish' | ||
default: false | ||
jobs: | ||
validate-release: | ||
name: Validate release | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- name: Check if tag already exists | ||
run: | | ||
if [ $(git tag -l ${{ inputs.name }}) ]; then | ||
echo "::error ::Tag ${{ inputs.name }} already exists" | ||
exit 1 | ||
fi | ||
- name: Check for existing artifacts from previous release runs | ||
run: "./scripts/check_artifacts_existence.sh ${{ inputs.name }}" | ||
- name: Setup python | ||
uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.9' | ||
cache: 'pip' | ||
- name: Install requirements | ||
run: pip install -r scripts/python/requirements.txt | ||
- name: Validate labels | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
REPOSITORY: ${{ env.KYMA_ENVIRONMENT_BROKER_REPO }} | ||
NAME: ${{ inputs.name }} | ||
run: python3 scripts/python/release_label_validator.py | ||
run-unit-tests: | ||
name: Unit tests, go mod tidy | ||
uses: "./.github/workflows/run-unit-tests-reusable.yaml" | ||
build-keb-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-broker | ||
dockerfile: Dockerfile.keb | ||
context: . | ||
tags: ${{ inputs.name }} | ||
build-archiver-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-archiver-job | ||
dockerfile: Dockerfile.job | ||
context: . | ||
build-args: BIN=archiver | ||
tags: ${{ inputs.name }} | ||
build-environments-cleanup-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environments-cleanup-job | ||
dockerfile: Dockerfile.job | ||
context: . | ||
build-args: BIN=environmentscleanup | ||
tags: ${{ inputs.name }} | ||
build-deprovision-retrigger-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-deprovision-retrigger-job | ||
dockerfile: Dockerfile.job | ||
context: . | ||
build-args: BIN=deprovisionretrigger | ||
tags: ${{ inputs.name }} | ||
build-expirator-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-expirator-job | ||
dockerfile: Dockerfile.job | ||
context: . | ||
build-args: BIN=expirator | ||
tags: ${{ inputs.name }} | ||
build-runtime-reconciler-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-runtime-reconciler | ||
dockerfile: Dockerfile.runtimereconciler | ||
context: . | ||
build-args: BIN=runtime-reconciler | ||
tags: ${{ inputs.name }} | ||
build-subaccount-cleanup-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-subaccount-cleanup-job | ||
dockerfile: Dockerfile.job | ||
context: . | ||
build-args: BIN=accountcleanup | ||
tags: ${{ inputs.name }} | ||
build-subaccount-sync-image: | ||
needs: [validate-release] | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-subaccount-sync | ||
dockerfile: Dockerfile.subaccountsync | ||
context: . | ||
build-args: BIN=subaccount-sync | ||
tags: ${{ inputs.name }} | ||
build-globalaccounts-image: | ||
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | ||
with: | ||
name: kyma-environment-globalaccounts | ||
dockerfile: Dockerfile.globalaccounts | ||
context: . | ||
build-args: BIN=globalaccounts | ||
tags: ${{ inputs.name }} | ||
run-keb-chart-install-tests: | ||
name: Validate KEB chart | ||
needs: [build-keb-image, build-archiver-image, build-environments-cleanup-image, build-deprovision-retrigger-image, build-expirator-image, build-runtime-reconciler-image, build-subaccount-cleanup-image, build-subaccount-sync-image] | ||
uses: "./.github/workflows/run-keb-chart-install-tests-reusable.yaml" | ||
secrets: inherit | ||
with: | ||
last-k3s-versions: ${{ vars.LAST_K3S_VERSIONS }} | ||
release: "true" | ||
version: ${{ inputs.name }} | ||
bumps: | ||
name: Bump sec-scanners-config, KEB chart | ||
needs: [validate-release, run-unit-tests, run-keb-chart-install-tests] | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
- run: git pull | ||
- name: Update sec-scanners-config.yaml | ||
run: scripts/create_scan_config.sh "sec-scanners-config.yaml" ${{ inputs.name }} | ||
- name: Bump KEB chart | ||
run: scripts/bump_keb_chart.sh ${{ inputs.name }} "release" | ||
- name: Create PR if anything changed | ||
env: | ||
GH_TOKEN: ${{ secrets.BOT_TOKEN }} | ||
run: | | ||
prs=$(gh pr list -A ${{ env.GIT_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName') | ||
if echo $prs | tr " " '\n' | grep -F -q -x ${{ env.BUMP_CHART_AND_IMAGES }}; then | ||
echo "PR already exists, no need to create a new one" | ||
echo "PR_NUMBER=$(gh pr list --search "base:main head:${{ env.BUMP_CHART_AND_IMAGES }}" --json number | jq -r '.[] | .number')" >> $GITHUB_ENV | ||
elif [ -z "$(git status --porcelain)" ]; then | ||
echo "Nothing changed, no need to create PR" | ||
echo "PR_NUMBER=-1" >> $GITHUB_ENV | ||
else | ||
PR_STATUS=$(scripts/create_bump_pr.sh ${{ inputs.name }}) | ||
echo "PR_NUMBER=$(echo "$PR_STATUS" | tail -n 1)" >> $GITHUB_ENV | ||
fi | ||
- name: Await PR merge | ||
timeout-minutes: 45 | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
if [ "$PR_NUMBER" -gt 0 ]; then | ||
scripts/await_pr_merge.sh | ||
git push origin -d ${{ env.BUMP_CHART_AND_IMAGES }} | ||
else | ||
echo "Step skipped" | ||
fi | ||
- name: Save latest commit ref | ||
id: pull-ref | ||
env: | ||
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: | | ||
git checkout main | ||
git stash | ||
git pull | ||
LATEST_COMMIT=$(git rev-parse HEAD) | ||
echo "latest_commit=$LATEST_COMMIT" >> $GITHUB_OUTPUT | ||
echo "Latest commit ref $LATEST_COMMIT" | ||
outputs: | ||
latest_commit: ${{ steps.pull-ref.outputs.latest_commit }} | ||
create-draft: | ||
name: Create draft release | ||
needs: bumps | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: ${{ needs.bumps.outputs.latest_commit}} | ||
- name: Create draft release | ||
id: create-draft | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
REPOSITORY: ${{ github.repository_owner }}/kyma-environment-broker | ||
run: | | ||
RELEASE_ID=$(./scripts/create_draft_release.sh ${{ github.event.inputs.name }}) | ||
echo "release_id=$RELEASE_ID" >> $GITHUB_OUTPUT | ||
- name: Create lightweight tag | ||
run: | | ||
git tag ${{ github.event.inputs.name }} | ||
git push origin ${{ github.event.inputs.name }} | ||
outputs: | ||
release_id: ${{ steps.create-draft.outputs.release_id }} | ||
publish-release: | ||
name: Publish release | ||
needs: [bumps, create-draft] | ||
if: ${{ !inputs.dry-run }} | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
ref: ${{ needs.bumps.outputs.latest_commit}} | ||
- run: | | ||
git checkout main | ||
git pull | ||
- name: Package KEB chart | ||
run: | | ||
OUTPUT=$(helm package ./resources/keb -d ./) | ||
FILENAME=$(echo $OUTPUT | grep -o '[^ ]*.tgz') | ||
echo "KEB_CHART=$FILENAME" >> $GITHUB_ENV | ||
- name: Upload packaged KEB chart to release | ||
env: | ||
BOT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
run: ./scripts/upload_assets.sh ${{ needs.create-draft.outputs.release_id }} $KEB_CHART | ||
- name: Update KEB chart metadata | ||
run: | | ||
git checkout gh-pages | ||
helm repo index --url https://github.com/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/releases/download/${{ inputs.name }} --merge ./index.yaml ./ | ||
- name: Commit KEB chart metadata to gh-pages branch | ||
run: | | ||
git config --global user.email ${{ env.GIT_EMAIL }} | ||
git config --global user.name ${{ env.GIT_NAME }} | ||
git add index.yaml | ||
git commit -m "Update KEB chart metadata with version ${{ inputs.name }}" | ||
git push origin gh-pages | ||
- name: Publish release | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
REPOSITORY: ${{ github.repository_owner }}/kyma-environment-broker | ||
run: | | ||
git checkout main | ||
./scripts/publish_release.sh ${{ needs.create-draft.outputs.release_id }} |