Create release 0.0.103 #260
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Create release" | |
| run-name: Create release ${{ inputs.name }} | |
| env: | |
| IMAGE_REPO: europe-docker.pkg.dev/kyma-project/prod/kyma-environment-broker | |
| KYMA_ENVIRONMENT_BROKER_REPO: ${{ github.repository_owner }}/kyma-environment-broker | |
| GIT_EMAIL: team-gopher+1@sap.com | |
| GIT_NAME: kyma-gopher-bot | |
| BUMP_CHART_AND_IMAGES: bump-chart-and-images-${{ inputs.name }} | |
| permissions: | |
| contents: write | |
| id-token: write | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: 'Create release' | |
| default: "" | |
| required: true | |
| skip-sec-file-and-chart-bump: | |
| type: boolean | |
| description: 'Do not bump sec file and chart' | |
| default: false | |
| dry-run: | |
| type: boolean | |
| description: 'Do not publish' | |
| default: false | |
| workflow_call: | |
| inputs: | |
| name: | |
| type: string | |
| description: 'Create release' | |
| default: "" | |
| required: true | |
| skip-sec-file-and-chart-bump: | |
| type: boolean | |
| description: 'Do not bump sec file and chart' | |
| default: false | |
| dry-run: | |
| type: boolean | |
| description: 'Do not publish' | |
| default: false | |
| jobs: | |
| validate-release: | |
| name: Validate release | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Check if tag already exists | |
| run: | | |
| if [ $(git tag -l ${{ inputs.name }}) ]; then | |
| echo "::error ::Tag ${{ inputs.name }} already exists" | |
| exit 1 | |
| fi | |
| - name: Check for existing artifacts from previous release runs | |
| run: "./scripts/check_artifacts_existence.sh ${{ inputs.name }}" | |
| - name: Setup python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| cache: 'pip' | |
| - name: Install requirements | |
| run: pip install -r scripts/python/requirements.txt | |
| - name: Validate labels | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPOSITORY: ${{ env.KYMA_ENVIRONMENT_BROKER_REPO }} | |
| NAME: ${{ inputs.name }} | |
| run: python3 scripts/python/release_label_validator.py | |
| - name: Validate notable changes | |
| run: | | |
| if [ -d "notable-changes/${{ inputs.name }}" ]; then | |
| echo "Notable changes for release ${{ inputs.name }} already exist" | |
| exit 1 | |
| fi | |
| run-unit-tests: | |
| name: Unit tests, go mod tidy | |
| uses: "./.github/workflows/run-unit-tests-reusable.yaml" | |
| build-keb-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-broker | |
| dockerfile: Dockerfile.keb | |
| context: . | |
| tags: ${{ inputs.name }} | |
| build-environments-cleanup-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environments-cleanup-job | |
| dockerfile: Dockerfile.job | |
| context: . | |
| build-args: BIN=environmentscleanup | |
| tags: ${{ inputs.name }} | |
| build-deprovision-retrigger-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-deprovision-retrigger-job | |
| dockerfile: Dockerfile.job | |
| context: . | |
| build-args: BIN=deprovisionretrigger | |
| tags: ${{ inputs.name }} | |
| build-expirator-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-expirator-job | |
| dockerfile: Dockerfile.job | |
| context: . | |
| build-args: BIN=expirator | |
| tags: ${{ inputs.name }} | |
| build-runtime-reconciler-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-runtime-reconciler | |
| dockerfile: Dockerfile.runtimereconciler | |
| context: . | |
| build-args: BIN=runtime-reconciler | |
| tags: ${{ inputs.name }} | |
| build-subaccount-cleanup-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-subaccount-cleanup-job | |
| dockerfile: Dockerfile.job | |
| context: . | |
| build-args: BIN=accountcleanup | |
| tags: ${{ inputs.name }} | |
| build-subaccount-sync-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-subaccount-sync | |
| dockerfile: Dockerfile.subaccountsync | |
| context: . | |
| build-args: BIN=subaccount-sync | |
| tags: ${{ inputs.name }} | |
| build-globalaccounts-image: | |
| needs: [validate-release] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-globalaccounts | |
| dockerfile: Dockerfile.globalaccounts | |
| context: . | |
| build-args: BIN=globalaccounts | |
| tags: ${{ inputs.name }} | |
| build-schema-migrator-image: | |
| needs: [ validate-release ] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-broker-schema-migrator | |
| dockerfile: Dockerfile.schemamigrator | |
| context: . | |
| tags: ${{ inputs.name }} | |
| build-service-binding-cleanup-image: | |
| needs: [ validate-release ] | |
| uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main | |
| with: | |
| name: kyma-environment-service-binding-cleanup-job | |
| dockerfile: Dockerfile.job | |
| context: . | |
| build-args: BIN=servicebindingcleanup | |
| tags: ${{ inputs.name }} | |
| run-keb-chart-integration-tests: | |
| name: Validate KEB chart | |
| needs: [build-keb-image, build-environments-cleanup-image, build-deprovision-retrigger-image, build-expirator-image, build-runtime-reconciler-image, build-subaccount-cleanup-image, build-subaccount-sync-image, build-globalaccounts-image, build-schema-migrator-image, build-service-binding-cleanup-image] | |
| uses: "./.github/workflows/run-keb-chart-integration-tests-reusable.yaml" | |
| secrets: inherit | |
| with: | |
| last-k3s-versions: ${{ vars.LAST_K3S_VERSIONS }} | |
| release: "true" | |
| version: ${{ inputs.name }} | |
| run-performance-tests: | |
| name: Performance tests | |
| needs: [ build-keb-image, build-environments-cleanup-image, build-deprovision-retrigger-image, build-expirator-image, build-runtime-reconciler-image, build-subaccount-cleanup-image, build-subaccount-sync-image, build-globalaccounts-image, build-schema-migrator-image, build-service-binding-cleanup-image ] | |
| uses: "./.github/workflows/run-performance-tests-reusable.yaml" | |
| secrets: inherit | |
| with: | |
| release: "true" | |
| version: ${{ inputs.name }} | |
| instances-number: 100 | |
| updates-number: 300 | |
| kim-delay-seconds: 0 | |
| provisioning-max-step-processing-time: 30s | |
| provisioning-workers-amount: 25 | |
| update-max-step-processing-time: 30s | |
| update-workers-amount: 25 | |
| deprovisioning-max-step-processing-time: 30s | |
| deprovisioning-workers-amount: 25 | |
| bumps: | |
| name: Bump sec-scanners-config, KEB chart | |
| needs: [validate-release, run-unit-tests, run-keb-chart-integration-tests, run-performance-tests] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - run: git pull | |
| - name: Update sec-scanners-config.yaml | |
| if: ${{ !inputs.skip-sec-file-and-chart-bump }} | |
| run: scripts/create_scan_config.sh "sec-scanners-config.yaml" ${{ inputs.name }} | |
| - name: Bump KEB chart | |
| if: ${{ !inputs.skip-sec-file-and-chart-bump }} | |
| run: scripts/bump_keb_chart.sh ${{ inputs.name }} "release" | |
| - name: Create notable changes folder | |
| run: ./scripts/create_notable_changes_dir.sh ${{ inputs.name }} | |
| - name: Setup python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| cache: 'pip' | |
| - name: Generate environment docs | |
| run: make generate-env-docs | |
| - name: Check if any PR was merged during release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha') | |
| echo "Latest commit sha: $COMMIT_SHA" | |
| echo "Workflow sha: ${{ github.sha }}" | |
| if [ "$COMMIT_SHA" != "${{ github.sha }}" ]; then | |
| echo "::error ::a PR was merged during the release. Don't rerun this workflow, create a new release with the same version" | |
| exit 1 | |
| fi | |
| - name: Create PR if anything changed | |
| if: ${{ !inputs.skip-sec-file-and-chart-bump }} | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| run: | | |
| prs=$(gh pr list -A ${{ env.GIT_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName') | |
| if echo $prs | tr " " '\n' | grep -F -q -x ${{ env.BUMP_CHART_AND_IMAGES }}; then | |
| echo "PR already exists, no need to create a new one" | |
| echo "PR_NUMBER=$(gh pr list --search "base:main head:${{ env.BUMP_CHART_AND_IMAGES }}" --json number | jq -r '.[] | .number')" >> $GITHUB_ENV | |
| elif [ -z "$(git status --porcelain)" ]; then | |
| echo "Nothing changed, no need to create PR" | |
| echo "PR_NUMBER=-1" >> $GITHUB_ENV | |
| else | |
| PR_STATUS=$(scripts/create_bump_pr.sh ${{ inputs.name }}) | |
| echo "PR_NUMBER=$(echo "$PR_STATUS" | tail -n 1)" >> $GITHUB_ENV | |
| fi | |
| - name: Merge PR | |
| if: ${{ !inputs.skip-sec-file-and-chart-bump }} | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_TOKEN }} | |
| REPOSITORY: ${{ env.KYMA_ENVIRONMENT_BROKER_REPO }} | |
| run: | | |
| if [ "$PR_NUMBER" -gt 0 ]; then | |
| scripts/merge_pr.sh | |
| else | |
| echo "Step skipped" | |
| fi | |
| - name: Await PR merge | |
| if: ${{ !inputs.skip-sec-file-and-chart-bump }} | |
| timeout-minutes: 45 | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ "$PR_NUMBER" -gt 0 ]; then | |
| scripts/await_pr_merge.sh | |
| git push origin -d ${{ env.BUMP_CHART_AND_IMAGES }} | |
| else | |
| echo "Step skipped" | |
| fi | |
| - name: Check if any PR have been merged before merging the bump PR | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| if [ "$PR_NUMBER" -gt 0 ]; then | |
| # Sometimes the commit is not available immediately after merging the PR, so we wait a bit | |
| sleep 5 | |
| COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[1].sha') | |
| echo "Latest commit sha: $COMMIT_SHA" | |
| echo "Bump sha: ${{ github.sha }}" | |
| if [ "$COMMIT_SHA" != "${{ github.sha }}" ]; then | |
| echo "::error ::a PR have been merged before merging the bump PR. Don't rerun this workflow. Create a new release with the same version" | |
| exit 1 | |
| fi | |
| else | |
| echo "Step skipped" | |
| fi | |
| - name: Save latest commit ref | |
| id: pull-ref | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| git checkout main | |
| git stash | |
| git pull | |
| LATEST_COMMIT=$(git rev-parse HEAD) | |
| echo "latest_commit=$LATEST_COMMIT" >> $GITHUB_OUTPUT | |
| echo "Latest commit ref $LATEST_COMMIT" | |
| outputs: | |
| latest_commit: ${{ steps.pull-ref.outputs.latest_commit }} | |
| create-draft: | |
| name: Create draft release | |
| needs: bumps | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ needs.bumps.outputs.latest_commit}} | |
| - name: Check if any PR was merged after bumps | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha') | |
| echo "Latest commit sha: $COMMIT_SHA" | |
| echo "Bump sha: ${{ needs.bumps.outputs.latest_commit}}" | |
| if [ "$COMMIT_SHA" != "${{ needs.bumps.outputs.latest_commit}}" ]; then | |
| echo "::error ::a PR was merged after the bumps. Don't rerun this workflow, create a new release with the same version" | |
| exit 1 | |
| fi | |
| - name: Create lightweight tag | |
| run: | | |
| git tag ${{ inputs.name }} | |
| git push origin ${{ inputs.name }} | |
| - name: Create draft release | |
| id: create-draft | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPOSITORY: ${{ github.repository_owner }}/kyma-environment-broker | |
| run: | | |
| gh release create ${{ inputs.name }} \ | |
| --draft \ | |
| --title "${{ inputs.name }}" \ | |
| --generate-notes \ | |
| --verify-tag | |
| - name: Add notable changes to release draft | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| REPOSITORY: ${{ github.repository_owner }}/kyma-environment-broker | |
| run: | | |
| if gh api repos/${REPOSITORY}/contents/notable-changes/${{ inputs.name }} --jq '. | length > 0' >/dev/null 2>&1; then | |
| echo "Notable changes found." | |
| NOTABLE_CHANGES_URL="https://github.com/${REPOSITORY}/tree/main/notable-changes/${{ inputs.name }}" | |
| NOTABLE_CHANGES=$'\n\n## Notable Changes\nSee [notable-changes/${{ inputs.name }}]('"${NOTABLE_CHANGES_URL}"') for detailed information.' | |
| BODY=$(gh release view ${{ inputs.name }} --json body --jq .body) | |
| UPDATED_BODY="${BODY}${NOTABLE_CHANGES}" | |
| gh release edit ${{ inputs.name }} --notes "${UPDATED_BODY}" | |
| else | |
| echo "No notable changes found for this release." | |
| fi | |
| - name: Check if any PR may have been merged before creating the tag and draft release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha') | |
| echo "Latest commit sha: $COMMIT_SHA" | |
| echo "Bump sha: ${{ needs.bumps.outputs.latest_commit}}" | |
| if [ "$COMMIT_SHA" != "${{ needs.bumps.outputs.latest_commit}}" ]; then | |
| echo "::error ::a PR may have been merged before the tag and draft release were created. Delete the tag and the draft release. Don't rerun this workflow. Create a new release with the same version" | |
| exit 1 | |
| fi | |
| publish-release: | |
| name: Publish release | |
| needs: [bumps, create-draft] | |
| if: ${{ !inputs.dry-run }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ needs.bumps.outputs.latest_commit}} | |
| - run: | | |
| git checkout main | |
| git pull | |
| - name: Package KEB chart | |
| run: | | |
| OUTPUT=$(helm package ./resources/keb -d ./) | |
| FILENAME=$(echo $OUTPUT | grep -o '[^ ]*.tgz') | |
| echo "KEB_CHART=$FILENAME" >> $GITHUB_ENV | |
| - name: Upload packaged KEB chart to release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| [[ ! -e ${KEB_CHART} ]] && echo "::error ::Packaged KEB chart does not exist" && exit 1 | |
| gh release upload ${{ inputs.name }} --clobber ${KEB_CHART} | |
| - name: Update KEB chart metadata | |
| run: | | |
| git checkout gh-pages | |
| helm repo index --url https://github.com/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/releases/download/${{ inputs.name }} --merge ./index.yaml ./ | |
| - name: Commit KEB chart metadata to gh-pages branch | |
| run: | | |
| git config --global user.email ${{ env.GIT_EMAIL }} | |
| git config --global user.name ${{ env.GIT_NAME }} | |
| git add index.yaml | |
| git commit -m "Update KEB chart metadata with version ${{ inputs.name }}" | |
| git push origin gh-pages | |
| - name: Publish release | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} # We do use bot token here to trigger workflow uploading logs | |
| run: | | |
| git checkout main | |
| gh release edit ${{ inputs.name }} --draft=false |