promote to release channel #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: promote to release channel | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| new_warden_tag: | |
| description: 'New warden tag (`x.x.x`)' | |
| default: "" | |
| required: true | |
| warden_skr_config_version: | |
| description: 'Warden SKR config version (`y.y`)' | |
| default: "" | |
| required: true | |
| channel: | |
| description: 'Module channel' | |
| default: "regular" | |
| required: true | |
| env: | |
| MODULE_VERSION: ${{ github.event.inputs.new_warden_tag }} | |
| CHANNEL: ${{ github.event.inputs.channel }} | |
| # needed by gh cli for GitHub enterprise | |
| GH_ENTERPRISE_TOKEN: ${{ secrets.GH_BOT_TOKEN }} | |
| WARDEN_SKR_OVERRIDES_REPO_URL: ${{ secrets.WARDEN_SKR_OVERRIDES_REPO_URL }} | |
| BOT_USERNAME: kyma-otter-serviceuser | |
| BOT_EMAIL: [email protected] | |
| GH_TOOLS_REPO_URL: ${{ secrets.GH_TOOLS_REPO_URL }} | |
| jobs: | |
| create-tag: | |
| name: Create tag | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref_name }} # fetching the latest changes (incl. the commit from previous job) from branch name | |
| - name: Create lightweight tag | |
| run: | | |
| git tag ${{ github.event.inputs.new_warden_tag }} | |
| git push origin ${{ github.event.inputs.new_warden_tag }} | |
| - name: Verify job status | |
| run: ./.github/scripts/verify-release-builds.sh ${{ github.ref_name }} | |
| upgrade-images: | |
| name: Bump warden images references | |
| needs: create-tag | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ secrets.BOT_TOKEN }} | |
| - name: Bump sec-scanners-config.yaml | |
| run: ./.github/scripts/upgrade-sec-scanners-config.sh | |
| env: | |
| IMG_VERSION: ${{ github.event.inputs.new_warden_tag }} | |
| - name: Bump values.yaml | |
| run: | | |
| make replace-chart-images | |
| env: | |
| IMG_DIRECTORY: "prod" | |
| IMG_VERSION: ${{ github.event.inputs.new_warden_tag }} | |
| - name: Bump chart version | |
| run: ./.github/scripts/upgrade-chart-version.sh | |
| env: | |
| CHART_VERSION: ${{ github.event.inputs.new_warden_tag }} | |
| - name: Commit&Push | |
| run: | | |
| git config --local user.email "[email protected]" | |
| git config --local user.name "otter-releaser" | |
| git add . | |
| git commit --allow-empty -m "upgrade dependencies" | |
| git push origin ${{ github.ref_name }} | |
| - name: Verify job status | |
| run: ./.github/scripts/verify-release-builds.sh ${{ github.ref_name }} | |
| promote-warden: | |
| name: Render warden with skr config | |
| needs: upgrade-images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.inputs.new_warden_tag }} # fetching tag that was created in previous job | |
| - name: Download warden-SKR-config | |
| run: | | |
| gh release download ${{ github.event.inputs.warden_skr_config_version }} -R "${WARDEN_SKR_OVERRIDES_REPO_URL}" --pattern '*.yaml' --output values.yaml | |
| - name: Render warden manifest for values | |
| run: | | |
| make render-manifest-for-values | |
| echo "==== warden manifest ===" | |
| cat warden.yaml | |
| - name: Render module-config | |
| run: | | |
| make module-config | |
| echo "==== module-config ===" | |
| cat module-config.yaml | |
| - name: Set up module-manifests repo | |
| run: | | |
| git config --global user.email "${BOT_EMAIL}" | |
| git config --global user.name "${BOT_USERNAME}" | |
| git clone "https://${BOT_USERNAME}:${GH_ENTERPRISE_TOKEN}@${GH_TOOLS_REPO_URL}/${BOT_USERNAME}/module-manifests.git" | |
| git -C module-manifests remote add upstream "https://${BOT_USERNAME}:${GH_ENTERPRISE_TOKEN}@${GH_TOOLS_REPO_URL}/kyma/module-manifests.git" | |
| - name: Commit manifest | |
| working-directory: module-manifests | |
| run: | | |
| git fetch upstream | |
| git checkout -B "${MODULE_VERSION}-${CHANNEL}" upstream/main | |
| mkdir -p modules/warden/${CHANNEL} | |
| cp ../warden.yaml modules/warden/${CHANNEL}/warden.yaml | |
| cp ../module-config.yaml modules/warden/${CHANNEL}/module-config.yaml | |
| git add . | |
| git commit -m "promote warden ${MODULE_VERSION} to ${CHANNEL} channel" | |
| git push origin "${MODULE_VERSION}-${CHANNEL}" -f | |
| - name: Create PullRequest to module-manifests | |
| working-directory: module-manifests | |
| run: | | |
| prs=$(gh pr list -R "https://${GH_TOOLS_REPO_URL}/kyma/module-manifests" -A "${BOT_USERNAME}" --state open --json headRefName) | |
| if echo $prs | jq -e ".[] | select(.headRefName==\"${MODULE_VERSION}-${CHANNEL}\")"; then | |
| echo "opened PR already exists, no need to create new one, PR will be updated by push from previous step" | |
| exit 0 | |
| fi | |
| gh pr create -B main --fill \ | |
| -H "${BOT_USERNAME}:${MODULE_VERSION}-${CHANNEL}" \ | |
| -R "https://${GH_TOOLS_REPO_URL}/kyma/module-manifests/" \ | |
| --title "Promote Warden ${MODULE_VERSION} to ${CHANNEL} channel" \ | |
| --body "https://github.com/kyma-project/warden/actions/${{github.run_id}}" |