Skip to content
.github/workflows/create-release.yaml

Notable changes input ion one directory #266

Sign in to view logs

Notable changes input ion one directory

Notable changes input ion one directory #266

Workflow file for this run

.github/workflows/create-release.yaml at f633cd8
name: "Create release"

Check failure on line 1 in .github/workflows/create-release.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/create-release.yaml

Invalid workflow file 

(Line: 221, Col: 80): Job 'bumps' depends on unknown job 'run-performance-tests'., (Line: 339, Col: 12): Job 'create-draft' depends on job 'bumps' which creates a cycle in the dependency graph., (Line: 410, Col: 13): Job 'publish-release' depends on job 'bumps' which creates a cycle in the dependency graph., (Line: 410, Col: 20): Job 'publish-release' depends on job 'create-draft' which creates a cycle in the dependency graph.
run-name: Create release ${{ inputs.name }}
env:
IMAGE_REPO: europe-docker.pkg.dev/kyma-project/prod/kyma-environment-broker
KYMA_ENVIRONMENT_BROKER_REPO: ${{ github.repository_owner }}/kyma-environment-broker
GIT_EMAIL: team-gopher+1@sap.com
GIT_NAME: kyma-gopher-bot
BUMP_CHART_AND_IMAGES: bump-chart-and-images-${{ inputs.name }}
permissions:
contents: write
id-token: write
on:
workflow_dispatch:
inputs:
name:
description: 'Create release'
default: ""
required: true
skip-sec-file-and-chart-bump:
type: boolean
description: 'Do not bump sec file and chart'
default: false
dry-run:
type: boolean
description: 'Do not publish'
default: false
workflow_call:
inputs:
name:
type: string
description: 'Create release'
default: ""
required: true
skip-sec-file-and-chart-bump:
type: boolean
description: 'Do not bump sec file and chart'
default: false
dry-run:
type: boolean
description: 'Do not publish'
default: false
jobs:
validate-release:
name: Validate release
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check if tag already exists
run: |
if [ $(git tag -l ${{ inputs.name }}) ]; then
echo "::error ::Tag ${{ inputs.name }} already exists"
exit 1
fi
- name: Check for existing artifacts from previous release runs
run: "./scripts/check_artifacts_existence.sh ${{ inputs.name }}"
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: '3.9'
cache: 'pip'
- name: Install requirements
run: pip install -r scripts/python/requirements.txt
- name: Validate labels
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}
NAME: ${{ inputs.name }}
run: python3 scripts/python/release_label_validator.py
- name: Validate notable changes
run: |
if [ -d "notable-changes/${{ inputs.name }}" ]; then
echo "Notable changes for release ${{ inputs.name }} already exist"
exit 1
fi
run-unit-tests:
name: Unit tests, go mod tidy
uses: "./.github/workflows/run-unit-tests-reusable.yaml"
build-keb-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-broker
dockerfile: Dockerfile.keb
context: .
tags: ${{ inputs.name }}
build-environments-cleanup-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environments-cleanup-job
dockerfile: Dockerfile.job
context: .
build-args: BIN=environmentscleanup
tags: ${{ inputs.name }}
build-deprovision-retrigger-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-deprovision-retrigger-job
dockerfile: Dockerfile.job
context: .
build-args: BIN=deprovisionretrigger
tags: ${{ inputs.name }}
build-expirator-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-expirator-job
dockerfile: Dockerfile.job
context: .
build-args: BIN=expirator
tags: ${{ inputs.name }}
build-runtime-reconciler-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-runtime-reconciler
dockerfile: Dockerfile.runtimereconciler
context: .
build-args: BIN=runtime-reconciler
tags: ${{ inputs.name }}
build-subaccount-cleanup-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-subaccount-cleanup-job
dockerfile: Dockerfile.job
context: .
build-args: BIN=accountcleanup
tags: ${{ inputs.name }}
build-subaccount-sync-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-subaccount-sync
dockerfile: Dockerfile.subaccountsync
context: .
build-args: BIN=subaccount-sync
tags: ${{ inputs.name }}
build-globalaccounts-image:
needs: [validate-release]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-globalaccounts
dockerfile: Dockerfile.globalaccounts
context: .
build-args: BIN=globalaccounts
tags: ${{ inputs.name }}
build-schema-migrator-image:
needs: [ validate-release ]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-broker-schema-migrator
dockerfile: Dockerfile.schemamigrator
context: .
tags: ${{ inputs.name }}
build-service-binding-cleanup-image:
needs: [ validate-release ]
uses: kyma-project/test-infra/.github/workflows/image-builder.yml@main
with:
name: kyma-environment-service-binding-cleanup-job
dockerfile: Dockerfile.job
context: .
build-args: BIN=servicebindingcleanup
tags: ${{ inputs.name }}
run-keb-chart-integration-tests:
name: Validate KEB chart
needs: [build-keb-image, build-environments-cleanup-image, build-deprovision-retrigger-image, build-expirator-image, build-runtime-reconciler-image, build-subaccount-cleanup-image, build-subaccount-sync-image, build-globalaccounts-image, build-schema-migrator-image, build-service-binding-cleanup-image]
uses: "./.github/workflows/run-keb-chart-integration-tests-reusable.yaml"
secrets: inherit
with:
last-k3s-versions: ${{ vars.LAST_K3S_VERSIONS }}
release: "true"
version: ${{ inputs.name }}
# run-performance-tests:
# name: Performance tests
# needs: [ build-keb-image, build-environments-cleanup-image, build-deprovision-retrigger-image, build-expirator-image, build-runtime-reconciler-image, build-subaccount-cleanup-image, build-subaccount-sync-image, build-globalaccounts-image, build-schema-migrator-image, build-service-binding-cleanup-image ]
# uses: "./.github/workflows/run-performance-tests-reusable.yaml"
# secrets: inherit
# with:
# release: "true"
# version: ${{ inputs.name }}
# instances-number: 100
# updates-number: 300
# kim-delay-seconds: 0
# provisioning-max-step-processing-time: 30s
# provisioning-workers-amount: 25
# update-max-step-processing-time: 30s
# update-workers-amount: 25
# deprovisioning-max-step-processing-time: 30s
# deprovisioning-workers-amount: 25
bumps:
name: Bump sec-scanners-config, KEB chart
needs: [validate-release, run-unit-tests, run-keb-chart-integration-tests, run-performance-tests]
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- run: git pull
- name: Create notable changes folder
run: ./scripts/create_notable_changes_dir.sh ${{ inputs.name }}
- name: Update sec-scanners-config.yaml
if: ${{ !inputs.skip-sec-file-and-chart-bump }}
run: scripts/create_scan_config.sh "sec-scanners-config.yaml" ${{ inputs.name }}
- name: Bump KEB chart
if: ${{ !inputs.skip-sec-file-and-chart-bump }}
run: scripts/bump_keb_chart.sh ${{ inputs.name }} "release"
- name: Setup python
uses: actions/setup-python@v4
with:
python-version: '3.9'
cache: 'pip'
- name: Generate environment docs
run: make generate-env-docs
- name: Check if any PR was merged during release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha')
echo "Latest commit sha: $COMMIT_SHA"
echo "Workflow sha: ${{ github.sha }}"
if [ "$COMMIT_SHA" != "${{ github.sha }}" ]; then
echo "::error ::a PR was merged during the release. Don't rerun this workflow, create a new release with the same version"
exit 1
fi
- name: Create PR if anything changed
if: ${{ !inputs.skip-sec-file-and-chart-bump }}
env:
GH_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
prs=$(gh pr list -A ${{ env.GIT_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName')
if echo $prs | tr " " '\n' | grep -F -q -x ${{ env.BUMP_CHART_AND_IMAGES }}; then
echo "PR already exists, no need to create a new one"
echo "PR_NUMBER=$(gh pr list --search "base:main head:${{ env.BUMP_CHART_AND_IMAGES }}" --json number | jq -r '.[] | .number')" >> $GITHUB_ENV
elif [ -z "$(git status --porcelain)" ]; then
echo "Nothing changed, no need to create PR"
echo "PR_NUMBER=-1" >> $GITHUB_ENV
else
PR_STATUS=$(scripts/create_bump_pr.sh ${{ inputs.name }})
echo "PR_NUMBER=$(echo "$PR_STATUS" | tail -n 1)" >> $GITHUB_ENV
fi
- name: Merge PR
if: ${{ !inputs.skip-sec-file-and-chart-bump }}
env:
GH_TOKEN: ${{ secrets.BOT_TOKEN }}
REPOSITORY: ${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}
run: |
if [ "$PR_NUMBER" -gt 0 ]; then
scripts/merge_pr.sh
else
echo "Step skipped"
fi
- name: Await PR merge
if: ${{ !inputs.skip-sec-file-and-chart-bump }}
timeout-minutes: 45
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "$PR_NUMBER" -gt 0 ]; then
scripts/await_pr_merge.sh
git push origin -d ${{ env.BUMP_CHART_AND_IMAGES }}
else
echo "Step skipped"
fi
- name: Check if any PR have been merged before merging the bump PR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "$PR_NUMBER" -gt 0 ]; then
# Sometimes the commit is not available immediately after merging the PR, so we wait a bit
sleep 5
COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[1].sha')
echo "Latest commit sha: $COMMIT_SHA"
echo "Bump sha: ${{ github.sha }}"
if [ "$COMMIT_SHA" != "${{ github.sha }}" ]; then
echo "::error ::a PR have been merged before merging the bump PR. Don't rerun this workflow. Create a new release with the same version"
exit 1
fi
else
echo "Step skipped"
fi
- name: Save latest commit ref
id: pull-ref
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git checkout main
git stash
git pull
LATEST_COMMIT=$(git rev-parse HEAD)
echo "latest_commit=$LATEST_COMMIT" >> $GITHUB_OUTPUT
echo "Latest commit ref $LATEST_COMMIT"
outputs:
latest_commit: ${{ steps.pull-ref.outputs.latest_commit }}
create-draft:
name: Create draft release
needs: bumps
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ needs.bumps.outputs.latest_commit}}
- name: Check if any PR was merged after bumps
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha')
echo "Latest commit sha: $COMMIT_SHA"
echo "Bump sha: ${{ needs.bumps.outputs.latest_commit}}"
if [ "$COMMIT_SHA" != "${{ needs.bumps.outputs.latest_commit}}" ]; then
echo "::error ::a PR was merged after the bumps. Don't rerun this workflow, create a new release with the same version"
exit 1
fi
- name: Create lightweight tag
run: |
git tag ${{ inputs.name }}
git push origin ${{ inputs.name }}
- name: Create draft release
id: create-draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository_owner }}/kyma-environment-broker
run: |
gh release create ${{ inputs.name }} \
--draft \
--title "${{ inputs.name }}" \
--generate-notes \
--verify-tag
- name: Add notable changes to release draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPOSITORY: ${{ github.repository_owner }}/kyma-environment-broker
run: |
if gh api repos/${REPOSITORY}/contents/notable-changes/${{ inputs.name }} --jq '. | length > 0' >/dev/null 2>&1; then
echo "Notable changes found."
NOTABLE_CHANGES_URL="https://github.com/${REPOSITORY}/tree/main/notable-changes/${{ inputs.name }}"
NOTABLE_CHANGES=$'\n\n## Notable Changes\nSee [notable-changes/${{ inputs.name }}]('"${NOTABLE_CHANGES_URL}"') for detailed information.'
BODY=$(gh release view ${{ inputs.name }} --json body --jq .body)
UPDATED_BODY="${BODY}${NOTABLE_CHANGES}"
gh release edit ${{ inputs.name }} --notes "${UPDATED_BODY}"
else
echo "No notable changes found for this release."
fi
- name: Check if any PR may have been merged before creating the tag and draft release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
COMMIT_SHA=$(gh api repos/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/commits -q '.[0].sha')
echo "Latest commit sha: $COMMIT_SHA"
echo "Bump sha: ${{ needs.bumps.outputs.latest_commit}}"
if [ "$COMMIT_SHA" != "${{ needs.bumps.outputs.latest_commit}}" ]; then
echo "::error ::a PR may have been merged before the tag and draft release were created. Delete the tag and the draft release. Don't rerun this workflow. Create a new release with the same version"
exit 1
fi
publish-release:
name: Publish release
needs: [bumps, create-draft]
if: ${{ !inputs.dry-run }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ needs.bumps.outputs.latest_commit}}
- run: |
git checkout main
git pull
- name: Package KEB chart
run: |
OUTPUT=$(helm package ./resources/keb -d ./)
FILENAME=$(echo $OUTPUT | grep -o '[^ ]*.tgz')
echo "KEB_CHART=$FILENAME" >> $GITHUB_ENV
- name: Upload packaged KEB chart to release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
[[ ! -e ${KEB_CHART} ]] && echo "::error ::Packaged KEB chart does not exist" && exit 1
gh release upload ${{ inputs.name }} --clobber ${KEB_CHART}
- name: Update KEB chart metadata
run: |
git checkout gh-pages
helm repo index --url https://github.com/${{ env.KYMA_ENVIRONMENT_BROKER_REPO }}/releases/download/${{ inputs.name }} --merge ./index.yaml ./
- name: Commit KEB chart metadata to gh-pages branch
run: |
git config --global user.email ${{ env.GIT_EMAIL }}
git config --global user.name ${{ env.GIT_NAME }}
git add index.yaml
git commit -m "Update KEB chart metadata with version ${{ inputs.name }}"
git push origin gh-pages
- name: Publish release
env:
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }} # We do use bot token here to trigger workflow uploading logs
run: |
git checkout main
gh release edit ${{ inputs.name }} --draft=false