ci: add daily or ad-hoc snapshot releases (#278)

## Description add a daily (or ad-hoc) github workflow for `snapshot` releases. this is to support the ability to publish a release of uds-core before official releases to enable folks to perform testing. ## Related Issue Relates to #266 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [ ] Test, docs, adr added or updated as needed - [ ] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed
defenseunicorns · Mar 31, 2024 · 8b09f22 · 8b09f22
1 parent 51f6725
commit 8b09f22
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 28 deletions.
diff --git a/.github/workflows/tag-and-release.yml → .github/workflows/publish.yaml b/.github/workflows/tag-and-release.yml → .github/workflows/publish.yaml
@@ -1,30 +1,18 @@
 name: Publish UDS Core
 
 on:
-  push:
-    branches:
-      - main
+  workflow_call:
+    inputs:
+      snapshot:
+        description: 'true - for snapshot release'
+        required: true
+        type: boolean
 
 jobs:
-  tag-new-version:
-    name: Tag New Version
-    permissions: write-all
-    runs-on: ubuntu-latest
-    outputs:
-      release_created: ${{ steps.release-flag.outputs.release_created }}
-    steps:
-      - name: Create release tag
-        id: tag
-        uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4
-      - id: release-flag
-        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
-
   publish-uds-core:
     strategy:
       matrix:
         flavor: [upstream, registry1]
-    needs: tag-new-version
-    if: ${{ needs.tag-new-version.outputs.release_created == 'true'}}
     runs-on: "uds-ubuntu-big-boy-8-core"
     name: Publish packages
 
@@ -44,6 +32,21 @@ jobs:
       - name: Login to registry1
         run: uds run registry-login --set REGISTRY=registry1.dso.mil --set REGISTRY_USERNAME=${{ secrets.IRON_BANK_ROBOT_USERNAME }} --set REGISTRY_PASSWORD=${{ secrets.IRON_BANK_ROBOT_PASSWORD }} --set REGISTRY_RETRY_INTERVAL=90
 
+      - name: (Snapshot) Get snapshot version using git commit short sha and date
+        if: ${{ inputs.snapshot }}
+        run: |
+          SHORT_SHA=$(git rev-parse --short HEAD)
+          RELEASE_DATE=$(date +'%Y-%m-%d')
+          echo "SNAPSHOT_VERSION=${RELEASE_DATE}-${SHORT_SHA}" >> $GITHUB_ENV
+
+      - name: (Snapshot) Set versions to snapshot
+        if: ${{ inputs.snapshot }}
+        run: |
+          yq -ei '.metadata.version=env(SNAPSHOT_VERSION), (.packages[]|select(has("ref"))|select(.name=="k3d-core-demo")).ref=env(SNAPSHOT_VERSION)' bundles/k3d-standard/uds-bundle.yaml
+          yq -ei '.metadata.version=env(SNAPSHOT_VERSION), (.packages[]|select(has("ref"))|select(.name=="k3d-core-slim-dev")).ref=env(SNAPSHOT_VERSION)' bundles/k3d-slim-dev/uds-bundle.yaml
+          yq -ei '.metadata.version=env(SNAPSHOT_VERSION)' packages/standard/zarf.yaml
+          yq -ei '.metadata.version=env(SNAPSHOT_VERSION)' packages/slim-dev/zarf.yaml
+
       - name: Create Packages and Bundles
         run: |
           ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml standard-package --no-progress --set FLAVOR=${{ matrix.flavor }}
@@ -69,12 +72,21 @@ jobs:
         uses: ./.github/actions/debug-output
 
       - name: Publish Standard Package
+        if: ${{ !inputs.snapshot }}
         run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }}
 
       - name: Publish Upstream Flavored Bundles
-        if: ${{ matrix.flavor != 'registry1'}}
+        if: ${{ !inputs.snapshot && matrix.flavor != 'registry1' }}
         run: uds run -f tasks/publish.yaml bundles
 
+      - name: (Snapshot) Publish Standard Package
+        if: ${{ inputs.snapshot }}
+        run: uds run -f tasks/publish.yaml standard-package --set FLAVOR=${{ matrix.flavor }} --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}"
+
+      - name: (Snapshot) Publish Upstream Flavored Bundles
+        if: ${{ inputs.snapshot && matrix.flavor != 'registry1' }}
+        run: uds run -f tasks/publish.yaml bundles --set TARGET_REPO="ghcr.io/defenseunicorns/packages/uds/snapshots" --set VERSION="${SNAPSHOT_VERSION}"
+
       - name: Save logs
         if: always()
         uses: ./.github/actions/save-logs

diff --git a/.github/workflows/snapshot-release.yaml b/.github/workflows/snapshot-release.yaml
@@ -0,0 +1,38 @@
+name: Release UDS Core Snapshot
+
+on:
+  schedule:
+    - cron: "0 10 * * *"
+  workflow_dispatch:
+
+jobs:
+  publish-snapshot-release:
+    permissions:
+      contents: write
+      packages: write
+    uses: ./.github/workflows/publish.yaml
+    with:
+      snapshot: true
+    secrets: inherit
+
+  update-snapshot-latest-tag:
+    needs: publish-snapshot-release
+    env:
+      GH_TOKEN: ${{ github.token }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-tags: 'true'
+      - name: Update snapshot-latest tag
+        run: |
+          # get last release tag
+          LAST_RELEASE_TAG="$(gh release list --exclude-drafts --exclude-pre-releases --json tagName --jq '.[0].tagName')"
+          # cleanup old release
+          if gh release view snapshot-latest; then
+            gh release delete snapshot-latest --cleanup-tag -y
+          fi
+          # generate new release
+          gh release create snapshot-latest -t "snapshot-latest" --prerelease --notes-start-tag "${LAST_RELEASE_TAG}" --generate-notes
diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
@@ -0,0 +1,30 @@
+name: Release UDS Core
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  tag-new-version:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release-flag.outputs.release_created }}
+    steps:
+      - name: Create release tag
+        id: tag
+        uses: google-github-actions/release-please-action@a37ac6e4f6449ce8b3f7607e4d97d0146028dc0b # v4
+      - id: release-flag
+        run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT
+
+  publish-uds-core-release:
+    needs: tag-new-version
+    if: ${{ needs.tag-new-version.outputs.release_created == 'true'}}
+    permissions:
+      contents: write
+      packages: write
+    uses: ./.github/workflows/publish.yaml
+    with:
+      snapshot: false
+    secrets: inherit
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
@@ -1,6 +1,6 @@
 variables:
   - name: TARGET_REPO
-    default: oci://ghcr.io/defenseunicorns/packages/uds
+    default: ghcr.io/defenseunicorns/packages/uds
 
   - name: FLAVOR
     default: upstream
@@ -15,26 +15,36 @@ tasks:
   - name: standard-package
     description: "Publish the UDS package"
     actions:
-      - cmd: |
-          uds zarf package publish build/zarf-package-core-amd64-${VERSION}.tar.zst ${TARGET_REPO}
+      - description: "Publish amd64/arm64 packages per flavor"
+        cmd: |
+          uds zarf package publish build/zarf-package-core-amd64-${VERSION}.tar.zst oci://${TARGET_REPO}
 
           # dont publish arm64 for registry1 since IB images are only amd64
           if [ "${FLAVOR}" != "registry1" ]; then
-            uds zarf package publish build/zarf-package-core-arm64-${VERSION}.tar.zst ${TARGET_REPO}
+            uds zarf package publish build/zarf-package-core-arm64-${VERSION}.tar.zst oci://${TARGET_REPO}
+          fi
+
+      - description: "Tag the latest package (if a snapshot release)"
+        cmd: |
+          if [ $(echo "${TARGET_REPO}" | grep 'snapshot') ]; then
+             pkgPath="${TARGET_REPO}/core"
+             uds zarf tools registry copy ${pkgPath}:${VERSION}-${FLAVOR} ${pkgPath}:latest-${FLAVOR}
           fi
 
   - name: bundles
     description: "Publish UDS Bundles"
     actions:
       - description: "Publish amd64 and arm64 bundles"
         cmd: |
-          uds publish bundles/k3d-standard/uds-bundle-k3d-*-amd64-${VERSION}.tar.zst ${TARGET_REPO}/bundles --no-progress
-          uds publish bundles/k3d-standard/uds-bundle-k3d-*-arm64-${VERSION}.tar.zst ${TARGET_REPO}/bundles --no-progress
+          uds publish bundles/k3d-standard/uds-bundle-k3d-*-amd64-${VERSION}.tar.zst oci://${TARGET_REPO}/bundles --no-progress
+          uds publish bundles/k3d-standard/uds-bundle-k3d-*-arm64-${VERSION}.tar.zst oci://${TARGET_REPO}/bundles --no-progress
 
-          uds publish bundles/k3d-slim-dev/uds-bundle-k3d-*-arm64-${VERSION}.tar.zst ${TARGET_REPO}/bundles --no-progress
-          uds publish bundles/k3d-slim-dev/uds-bundle-k3d-*-amd64-${VERSION}.tar.zst ${TARGET_REPO}/bundles --no-progress
+          uds publish bundles/k3d-slim-dev/uds-bundle-k3d-*-arm64-${VERSION}.tar.zst oci://${TARGET_REPO}/bundles --no-progress
+          uds publish bundles/k3d-slim-dev/uds-bundle-k3d-*-amd64-${VERSION}.tar.zst oci://${TARGET_REPO}/bundles --no-progress
 
       - description: "Tag the latest bundles"
         cmd: |
-          pkgPath="ghcr.io/defenseunicorns/packages/uds/bundles/k3d-core-demo"
+          pkgPath="${TARGET_REPO}/bundles/k3d-core-demo"
+          uds zarf tools registry copy ${pkgPath}:${VERSION} ${pkgPath}:latest
+          pkgPath="${TARGET_REPO}/bundles/k3d-core-slim-dev"
           uds zarf tools registry copy ${pkgPath}:${VERSION} ${pkgPath}:latest