Skip to content

Rollout to channel via module-manifests #37

Rollout to channel via module-manifests

Rollout to channel via module-manifests #37

name: Rollout to channel via module-manifests
# Workflow requires the following variables to be defined
# GIT_USER_NAME - user creating head branch and PR
# GIT_USER_EMAIL - this user email
# GH_TOOLS_HOST - tools host
# MODULE_MANIFESTS_REPO_NAME - repository of modules manifests
env:
FULL_MODULE_NAME: kyma-project.io/module/istio
# GitHub repositories
MODULE_MANIFESTS_WITH_USER: "https://${{ vars.GIT_USER_NAME }}:${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}@${{ vars.GH_TOOLS_HOST }}/kyma/${{ vars.MODULE_MANIFESTS_REPO_NAME }}.git"
ISTIO_API_URL: "https://api.github.com/repos/kyma-project/istio"
ISTIO_RELEASES_URL: "https://github.com/kyma-project/istio/releases"
DOC_URL: "https://kyma-project.io/#/istio/user/README"
# File names
DEFAULT_CR_FILENAME: istio-default-cr.yaml
MANIFEST_FILENAME: istio-manager.yaml
EXPERIMENTAL_MANIFEST_FILENAME: istio-manager-experimental.yaml
SCAN_CONFIG_FILENAME: sec-scanners-config.yaml
# needed by gh cli for GitHub enterprise
GH_ENTERPRISE_TOKEN: ${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}
on:
workflow_dispatch:
inputs:
label:
description: "Pull Request label"
required: true
type: choice
default: "patch"
options:
- patch
- minor
- major
releaseTag:
description: "Release Tag"
required: true
channel:
description: "Channel"
type: choice
options:
- fast
- regular
- experimental
required: true
jobs:
promote:
runs-on: ubuntu-latest
steps:
- name: Validate required environment variables
shell: bash
run: |
[ -z "${{ vars.GIT_USER_EMAIL }}" ] && echo "GIT_USER_EMAIL is required" && exit 1
[ -z "${{ vars.GIT_USER_NAME }}" ] && echo "GIT_USER_NAME is required" && exit 1
[ -z "${{ vars.GH_TOOLS_HOST }}" ] && echo "GH_TOOLS_HOST is required" && exit 1
[ -z "${{ vars.MODULE_MANIFESTS_REPO_NAME }}" ] && echo "MODULE_MANIFESTS_REPO_NAME is required" && exit 1
echo "Validated"
- name: Use default (latest) Release Tag
if: inputs.releaseTag == 'use latest release'
shell: bash
run: |
latest=$(curl -s -H "Accept: application/vnd.github+json" ${ISTIO_API_URL}/releases/latest | jq -r '.tag_name')
echo "TAG=${latest}" >> $GITHUB_ENV
- name: Validate given release tag
if: inputs.releaseTag != 'use latest release'
shell: bash
run: |
tags=$(curl -s -H "Accept: application/vnd.github+json" ${ISTIO_API_URL}/tags | jq -r '.[] | .name')
if echo $tags | tr " " '\n' | grep -F -q -x ${{ inputs.releaseTag }}; then
echo "TAG=${{ inputs.releaseTag }}" >> $GITHUB_ENV
echo "tag found"
else
echo "tag not found: ${{ inputs.releaseTag }}"
exit 1
fi
- name: Set branch name
shell: bash
run: echo "BRANCH_NAME=istio-${TAG}-${{ inputs.channel }}" >> $GITHUB_ENV
- name: Setup git and clone repo
shell: bash
run: |
git config --global http.https://github.tools.sap.version "HTTP/1.1"
git config --global user.email ${{ vars.GIT_USER_EMAIL }}
git config --global user.name ${{ vars.GIT_USER_NAME }}
git clone ${MODULE_MANIFESTS_WITH_USER}
env:
GH_TOKEN: ${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}
- name: Sync Repo and create branch
working-directory: module-manifests
shell: bash
run: |
git remote add upstream ${MODULE_MANIFESTS_WITH_USER}
git fetch upstream
git merge upstream/main
git checkout -B ${BRANCH_NAME}
mkdir -p modules/istio/${{ inputs.channel }}
- name: Download artifacts
working-directory: module-manifests/modules/istio/${{ inputs.channel }}
shell: bash
env:
CHANNEL: ${{ inputs.channel }}
run: |
if [[ "${CHANNEL}" == "experimental" ]]; then
curl -JL ${ISTIO_RELEASES_URL}/download/${TAG}/${EXPERIMENTAL_MANIFEST_FILENAME} >${EXPERIMENTAL_MANIFEST_FILENAME}
else
curl -JL ${ISTIO_RELEASES_URL}/download/${TAG}/${MANIFEST_FILENAME} >${MANIFEST_FILENAME}
fi
curl -JL ${ISTIO_RELEASES_URL}/download/${TAG}/${DEFAULT_CR_FILENAME} >${DEFAULT_CR_FILENAME}
- name: Create module configuration
env:
CHANNEL: ${{ inputs.channel }}
working-directory: module-manifests/modules/istio/${{ inputs.channel }}
shell: bash
run: |
echo "Creating module configuration file:"
if [[ "${CHANNEL}" == "experimental" ]]; then
MODULE_VERSION="${TAG}-experimental"
FILE_NAME="${EXPERIMENTAL_MANIFEST_FILENAME}"
else
MODULE_VERSION="${TAG}"
FILE_NAME="${MANIFEST_FILENAME}"
fi
cat <<EOF | tee module-config.yaml
name: ${FULL_MODULE_NAME}
channel: ${CHANNEL}
version: "${MODULE_VERSION}"
manifest: ${FILE_NAME}
defaultCR: ${DEFAULT_CR_FILENAME}
labels:
"operator.kyma-project.io/managed-by": "lifecycle-manager"
annotations:
"operator.kyma-project.io/doc-url": "${DOC_URL}"
moduleRepo: https://github.com/kyma-project/istio.git
EOF
- name: Commit and push changes
shell: bash
working-directory: module-manifests
env:
FORK_ORIGIN: "https://${{ vars.GIT_USER_NAME }}:${{ secrets.BOT_TOKEN_GITHUB_TOOLS }}@${{ vars.GH_TOOLS_HOST }}/${{ vars.GIT_USER_NAME }}/${{ vars.MODULE_MANIFESTS_REPO_NAME }}.git"
run: |
git add .
git commit -m "Configuration files update"
git remote set-url origin ${FORK_ORIGIN}
git push --set-upstream origin ${BRANCH_NAME} -f
- name: Create PR if needed
working-directory: module-manifests
shell: bash
env:
CHANNEL: ${{ inputs.channel }}
MODULE_MANIFESTS_REPO_URL: "https://${{ vars.GH_TOOLS_HOST }}/kyma/${{ vars.MODULE_MANIFESTS_REPO_NAME }}"
run: |
prs=$(gh pr list -R "${MODULE_MANIFESTS_REPO_URL}" -A ${{ vars.GIT_USER_NAME }} --state open --json headRefName | jq -r '.[] | .headRefName')
if echo $prs | tr " " '\n' | grep -F -q -x ${BRANCH_NAME}; then
echo "opened PR already exists, no need to create new one, PR will be updated by push from previous step"
exit 0
fi
gh pr create -B main -H ${{ vars.GIT_USER_NAME }}:${BRANCH_NAME} -R ${MODULE_MANIFESTS_REPO_URL} --title "Promote Istio ${TAG} to ${CHANNEL} channel" --fill --body "${ISTIO_RELEASES_URL}/${TAG}"
- name: Label the PR with patch/minor label
working-directory: module-manifests
shell: bash
env:
CHANNEL: ${{ inputs.channel }}
MODULE_MANIFESTS_REPO_URL: "https://${{ vars.GH_TOOLS_HOST }}/kyma/${{ vars.MODULE_MANIFESTS_REPO_NAME }}"
LABEL: ${{ inputs.label }}
run: |
gh pr edit ${{ vars.GIT_USER_NAME }}:${BRANCH_NAME} -R "${MODULE_MANIFESTS_REPO_URL}" --add-label "${LABEL}"