chore(deps): update quay.io/prometheus/prometheus Docker tag to v3.13… #148
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Test & Release | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write # we need this to be able to push tags | |
| pull-requests: read # we need this to be able to read pull-requests body | |
| issues: read # we need this to be able to read pull-requests body | |
| packages: write # we need this to be able to push ocm packages | |
| attestations: write # we need this to be able to push ocm packages | |
| id-token: write # we need this to be able to push ocm packages | |
| env: | |
| PYTHON_VERSION: '3.14' | |
| GO_VERSION: '1.26' | |
| jobs: | |
| check_changes: | |
| name: Check changed files | |
| runs-on: ubuntu-latest | |
| outputs: | |
| only_version_changed: ${{ steps.check.outputs.only_version_changed }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 | |
| with: | |
| fetch-depth: 2 | |
| - name: Check if only VERSION changed | |
| id: check | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| echo "only_version_changed=false" >> $GITHUB_OUTPUT | |
| exit 0 | |
| fi | |
| CHANGED=$(git diff --name-only HEAD~1 HEAD) | |
| echo "Changed files: $CHANGED" | |
| if [ "$CHANGED" = "VERSION" ]; then | |
| echo "only_version_changed=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "only_version_changed=false" >> $GITHUB_OUTPUT | |
| fi | |
| e2e_test: | |
| name: Run E2E Test | |
| runs-on: ubuntu-latest | |
| needs: check_changes | |
| if: needs.check_changes.outputs.only_version_changed != 'true' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 | |
| with: | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - name: Set up dev version | |
| id: dev-version | |
| run: | | |
| # Read the base version from VERSION file | |
| BASE_VERSION=$(cat VERSION) | |
| # Remove -dev suffix if present to get base version | |
| BASE_VERSION=${BASE_VERSION%-dev*} | |
| # Create a dev version with short SHA | |
| SHORT_SHA=$(git rev-parse --short HEAD) | |
| DEV_VERSION="${BASE_VERSION}-dev-${SHORT_SHA}" | |
| echo "Dev version: $DEV_VERSION" | |
| echo "dev_version=$DEV_VERSION" >> $GITHUB_OUTPUT | |
| echo "short_sha=$SHORT_SHA" >> $GITHUB_OUTPUT | |
| # Temporarily update VERSION file for build | |
| echo "$DEV_VERSION" > VERSION | |
| - name: Setup OCM | |
| uses: open-component-model/ocm-setup-action@main | |
| - name: Setup Flux CLI | |
| uses: fluxcd/flux2/action@main | |
| - name: Setup Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| cache-dependency-path: 'hack/requirements.txt' | |
| - name: Install Python dependencies | |
| run: | | |
| pip install -r hack/requirements.txt | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build OCM component | |
| run: | | |
| python3 -u ./hack/build-component.py | |
| env: | |
| PYTHONUNBUFFERED: "1" | |
| - name: Push OCM component to registry | |
| run: | | |
| python3 -u ./hack/push-component.py | |
| env: | |
| PYTHONUNBUFFERED: "1" | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: ${{ env.GO_VERSION }} | |
| cache-dependency-path: test/e2e/go.sum | |
| - name: Install test dependencies | |
| run: | | |
| cd test/e2e | |
| go mod download | |
| - name: Run E2E tests | |
| run: | | |
| cd test/e2e | |
| go test -v -timeout 30m ./... | |
| env: | |
| GITHUB_USERNAME: ${{ github.repository_owner }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| release_tag: | |
| name: Release version | |
| runs-on: ubuntu-latest | |
| needs: [check_changes, e2e_test] | |
| if: always() && !failure() && !cancelled() | |
| steps: | |
| - name: Create GitHub App token | |
| uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3 | |
| id: app-token | |
| with: | |
| app-id: 1312871 | |
| private-key: ${{ secrets.OPENMCP_CI_APP_PRIVATE_KEY }} | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 | |
| with: | |
| token: ${{ steps.app-token.outputs.token }} | |
| fetch-tags: true | |
| fetch-depth: 0 | |
| submodules: recursive | |
| - name: Read and validate VERSION | |
| id: version | |
| run: | | |
| VERSION=$(cat VERSION) | |
| if [[ ! "$VERSION" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+(-dev(-[0-9a-f]*)?)?$ ]]; then | |
| echo "Invalid version format: $VERSION" | |
| exit 1 | |
| fi | |
| echo "New version: $VERSION" | |
| echo "version=$VERSION" >> $GITHUB_ENV | |
| - name: Check if VERSION is already tagged | |
| id: check_tag | |
| run: | | |
| if git rev-parse "refs/tags/${{ env.version }}" >/dev/null 2>&1; then | |
| echo "Tag ${{ env.version }} already exists. Skipping release." | |
| echo "SKIP=true" >> $GITHUB_ENV | |
| exit 0 | |
| fi | |
| echo "Tag ${{ env.version }} doesn't exists. Proceeding with release." | |
| - name: Skip release if version is a dev version | |
| if: contains(env.version, '-dev') | |
| run: | | |
| echo "Skipping development version release: ${{ env.version }}" | |
| echo "SKIP=true" >> $GITHUB_ENV | |
| exit 0 | |
| - name: Setup OCM | |
| uses: open-component-model/ocm-setup-action@main | |
| - name: Setup Flux CLI | |
| uses: fluxcd/flux2/action@main | |
| - name: Setup Python | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| cache: 'pip' | |
| cache-dependency-path: 'hack/requirements.txt' | |
| - name: Install Python dependencies | |
| run: | | |
| pip install -r hack/requirements.txt | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set git author identity | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| AUTHOR_NAME=$(git log -1 --pretty=format:'%an') | |
| AUTHOR_EMAIL=$(git log -1 --pretty=format:'%ae') | |
| echo "AUTHOR_NAME=$AUTHOR_NAME" >> $GITHUB_ENV | |
| echo "AUTHOR_EMAIL=$AUTHOR_EMAIL" >> $GITHUB_ENV | |
| git config user.name "$AUTHOR_NAME" | |
| git config user.email "$AUTHOR_EMAIL" | |
| - name: Set helm charts versions to release version and create commit | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| python3 -u ./hack/set-charts-versions.py | |
| git add charts/ | |
| git commit -m "chore: set helm charts versions to release version [skip ci]" | |
| git push origin main | |
| env: | |
| PYTHONUNBUFFERED: "1" | |
| - name: Build OCM component | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| python3 -u ./hack/build-component.py | |
| env: | |
| PYTHONUNBUFFERED: "1" | |
| - name: Push OCM component to registry | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| python3 -u ./hack/push-component.py | |
| env: | |
| PYTHONUNBUFFERED: "1" | |
| - name: Create Git tag | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| git tag -a "${{ env.version }}" -m "Release ${{ env.version }}" | |
| git push origin "${{ env.version }}" | |
| - name: Generate changelog | |
| if: ${{ env.SKIP != 'true' }} | |
| id: changelog | |
| run: | | |
| # Get the previous tag | |
| PREVIOUS_TAG=$(git tag --sort=-version:refname | grep -v "${{ env.version }}" | head -1) | |
| if [ -z "$PREVIOUS_TAG" ]; then | |
| echo "No previous tag found, using all commits" | |
| PREVIOUS_TAG=$(git rev-list --max-parents=0 HEAD) | |
| fi | |
| echo "Generating changelog from $PREVIOUS_TAG to ${{ env.version }}" | |
| # Get all PRs since last tag (both merge commits and squash merges) | |
| # For merge commits: look for merge commits | |
| # For squash merges: look for PR references in commit messages | |
| PR_LIST=$(git log ${PREVIOUS_TAG}..HEAD --pretty=format:"%s" | grep -oE "#[0-9]+" | sort -u) | |
| # Initialize changelog sections | |
| BREAKING_CHANGES="" | |
| FEATURES="" | |
| BUGFIXES="" | |
| DOCUMENTATION="" | |
| DEPENDENCIES="" | |
| OTHER="" | |
| # Process each PR | |
| for PR_NUM in $PR_LIST; do | |
| PR_NUM_CLEAN=${PR_NUM#\#} | |
| # Fetch PR body | |
| PR_DATA=$(gh pr view $PR_NUM_CLEAN --json title,body,author 2>/dev/null || echo "") | |
| if [ -n "$PR_DATA" ]; then | |
| PR_TITLE=$(echo "$PR_DATA" | jq -r '.title // empty') | |
| PR_BODY=$(echo "$PR_DATA" | jq -r '.body // empty') | |
| PR_AUTHOR=$(echo "$PR_DATA" | jq -r '.author.login // empty') | |
| # Extract release note from PR body (template format) | |
| RELEASE_NOTE=$(echo "$PR_BODY" | sed -n '/```[a-z]* [a-z]*/,/```/p' | sed '1d;$d') | |
| RELEASE_NOTE_HEADER=$(echo "$PR_BODY" | grep -oE '```[a-z]* [a-z]*' | sed 's/```//' || echo "") | |
| # Determine category and target group | |
| CATEGORY=$(echo "$RELEASE_NOTE_HEADER" | awk '{print $1}') | |
| TARGET_GROUP=$(echo "$RELEASE_NOTE_HEADER" | awk '{print $2}') | |
| # Handle PRs without template | |
| if [ -z "$RELEASE_NOTE" ] || echo "$RELEASE_NOTE" | grep -qi "NONE"; then | |
| # Check if it's a Renovate/Dependabot PR | |
| if echo "$PR_AUTHOR" | grep -qi "renovate\|dependabot"; then | |
| CATEGORY="dependency" | |
| RELEASE_NOTE="$PR_TITLE" | |
| else | |
| # Skip PRs without proper template (not Renovate) | |
| continue | |
| fi | |
| fi | |
| # Format the entry | |
| ENTRY="- ${RELEASE_NOTE} (#${PR_NUM_CLEAN}) @${PR_AUTHOR}" | |
| # Add to appropriate section | |
| case "$CATEGORY" in | |
| breaking) | |
| BREAKING_CHANGES="${BREAKING_CHANGES}${ENTRY}\n" | |
| ;; | |
| feature) | |
| FEATURES="${FEATURES}${ENTRY}\n" | |
| ;; | |
| bugfix) | |
| BUGFIXES="${BUGFIXES}${ENTRY}\n" | |
| ;; | |
| doc) | |
| DOCUMENTATION="${DOCUMENTATION}${ENTRY}\n" | |
| ;; | |
| dependency) | |
| DEPENDENCIES="${DEPENDENCIES}${ENTRY}\n" | |
| ;; | |
| *) | |
| OTHER="${OTHER}${ENTRY}\n" | |
| ;; | |
| esac | |
| fi | |
| done | |
| # Build final changelog | |
| CHANGELOG="## What's Changed\n\n" | |
| if [ -n "$BREAKING_CHANGES" ]; then | |
| CHANGELOG="${CHANGELOG}### ⚠️ Breaking Changes\n${BREAKING_CHANGES}\n" | |
| fi | |
| if [ -n "$FEATURES" ]; then | |
| CHANGELOG="${CHANGELOG}### ✨ New Features\n${FEATURES}\n" | |
| fi | |
| if [ -n "$BUGFIXES" ]; then | |
| CHANGELOG="${CHANGELOG}### 🐛 Bug Fixes\n${BUGFIXES}\n" | |
| fi | |
| if [ -n "$DEPENDENCIES" ]; then | |
| CHANGELOG="${CHANGELOG}### 📦 Dependency Updates\n${DEPENDENCIES}\n" | |
| fi | |
| if [ -n "$DOCUMENTATION" ]; then | |
| CHANGELOG="${CHANGELOG}### 📝 Documentation\n${DOCUMENTATION}\n" | |
| fi | |
| if [ -n "$OTHER" ]; then | |
| CHANGELOG="${CHANGELOG}### 🔧 Other Changes\n${OTHER}\n" | |
| fi | |
| # Add full changelog link | |
| CHANGELOG="${CHANGELOG}\n**Full Changelog**: https://github.com/${{ github.repository }}/compare/${PREVIOUS_TAG}...${{ env.version }}" | |
| # Save to file and output | |
| echo -e "$CHANGELOG" > /tmp/changelog.md | |
| cat /tmp/changelog.md | |
| # Set multiline output | |
| { | |
| echo 'changelog<<EOF' | |
| cat /tmp/changelog.md | |
| echo EOF | |
| } >> $GITHUB_OUTPUT | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create GitHub release | |
| if: ${{ env.SKIP != 'true' }} | |
| uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3 | |
| with: | |
| tag_name: ${{ env.version }} | |
| name: Release ${{ env.version }} | |
| body: ${{ steps.changelog.outputs.changelog }} | |
| draft: true | |
| prerelease: false | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Bump VERSION to dev | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| # Add -dev suffix to the VERSION file to indicate development has started | |
| echo "${{ env.version }}-dev" > VERSION | |
| echo "Updated VERSION file to ${{ env.version }}-dev" | |
| cat VERSION | |
| - name: Commit VERSION change | |
| if: ${{ env.SKIP != 'true' }} | |
| run: | | |
| git add VERSION | |
| git commit -m "chore: bump VERSION to ${{ env.version }}-dev after release [skip ci]" | |
| git push origin main |