Skip to content

Commit

Permalink
promote downstreams when a published release is marked "latest"
Browse files Browse the repository at this point in the history
  • Loading branch information
@qrkourier
qrkourier committed May 22, 2024
1 parent 1587a09 commit 156f776
Show file tree
Hide file tree
Showing 4 changed files with 166 additions and 56 deletions.
47 changes: 31 additions & 16 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ env:
CONSUL_ENDPOINT: ${{ secrets.CONSUL_ENDPOINT }}
CONSUL_AGENT_CERT: ${{ secrets.CONSUL_AGENT_CERT }}
BUILD_NUMBER: ${{ format('{0}-{1}-{2}', github.run_id, github.run_number, github.run_attempt) }}
ZITI_BASE_VERSION: ${{ vars.ZITI_BASE_VERSION || null }}


jobs:
Expand Down Expand Up @@ -122,7 +123,7 @@ jobs:
sudo apt-get update
sudo apt-get -yq install gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf gcc-aarch64-linux-gnu
$(go env GOPATH)/bin/ziti-ci configure-git
$(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version
$(go env GOPATH)/bin/ziti-ci generate-build-info common/version/info_generated.go version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
go install github.com/mitchellh/gox@latest
$(go env GOPATH)/bin/gox -cgo -os=linux -arch=amd64 -output=$GOX_OUTPUT ./...
CC=arm-linux-gnueabihf-gcc $(go env GOPATH)/bin/gox -cgo -os=linux -arch=arm -output=$GOX_OUTPUT ./...
Expand Down Expand Up @@ -472,34 +473,48 @@ jobs:
shell: bash
run: |
$(go env GOPATH)/bin/ziti-ci configure-git
$(go env GOPATH)/bin/ziti-ci tag -v -f version
$(go env GOPATH)/bin/ziti-ci tag -v -f version ${ZITI_BASE_VERSION:+--base-version $ZITI_BASE_VERSION}
$(go env GOPATH)/bin/ziti-ci publish-to-github --prerelease --archive-base ""
# only ziti-ci computed version for release branches and {version}-{run_id} for non-release branches
- name: Compute the Ziti Version String for CI Jobs
- name: Compute the Ziti Version String used for Linux Packages and Container Image Tags
id: get_version
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REF: ${{ github.ref }}
GITHUB_RUN_ID: ${{ github.run_id }}
shell: bash
run: |
ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
# drop the leading 'v', if any
ZITI_VERSION=${ZITI_VERSION#v}
if ! [[ "${ZITI_VERSION}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
# fail the job because we could not obtain the current version from ziti-ci
echo "ERROR: ZITI_VERSION=${ZITI_VERSION} is not a semver"
exit 1
elif [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
# Set output parameters for release branches
echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
function validateSemver() {
if ! [[ "${1}" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "ERROR: ${1} is not a release semver" >&2
return 1
fi
}
echo "DEBUG: GITHUB_REPOSITORY=${GITHUB_REPOSITORY} GITHUB_REF=${GITHUB_REF} GITHUB_RUN_ID=${GITHUB_RUN_ID}"
(set -x; git remote -v show;)
if [[ "${GITHUB_REF}" =~ ^refs/heads/(release-v|main$) ]]; then
# Set current tag as semver for release branches
ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-current-version)"
validateSemver "${ZITI_VERSION}"
# drop the leading 'v', if any
ZITI_VERSION=${ZITI_VERSION#v}
else
# Append build / run number for non-release refs
ZITI_VERSION="${ZITI_VERSION}-${GITHUB_RUN_ID}"
echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
# compute next patch level for non-release branches
ZITI_VERSION="$($(go env GOPATH)/bin/ziti-ci -q get-next-version)"
validateSemver "${ZITI_VERSION}"
# drop the leading 'v', if any, and append run id
ZITI_VERSION=${ZITI_VERSION#v}-${GITHUB_RUN_ID}
fi
echo ZITI_VERSION="${ZITI_VERSION}" | tee -a $GITHUB_OUTPUT
call-publish-prerelease-docker-images:
# - !cancelled() allows evaluating further conditional expressions even if
# needed jobs were skipped
Expand Down
132 changes: 132 additions & 0 deletions .github/workflows/promote-downstreams.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,132 @@
name: Promote Downstream Releases

on:
# may be triggered manually on a release tag that represents a prerelease to promote it to a release in the downstream package repositories and Docker Hub
workflow_dispatch:
# automatically trigger if an existing GitHub release is marked "latest"
release:
types: [released] # this release event activity type excludes prereleases

# cancel older, redundant runs of same workflow on same branch
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref_name }}
cancel-in-progress: true

env:
RELEASE_REF: ${{ github.ref}}

jobs:
wait_for_release:
name: Wait for Release Builds to Succeed
runs-on: ubuntu-latest
steps:
- name: Debug action
uses: hmarr/debug-action@v3

- name: Wait for all checks on this ref
uses: lewagon/[email protected]
with:
ref: ${{ env.RELEASE_REF }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
# seconds between polling the checks api for job statuses
wait-interval: 20
# confusingly, this means "pause this step until all jobs from all workflows in same run have completed"
running-workflow-name: Wait for Release Builds to Succeed

parse_version:
needs: wait_for_release
name: Parse Release Version
runs-on: ubuntu-latest
outputs:
version: ${{ steps.parse.outputs.version }}
steps:
- name: Parse Release Version
id: parse
shell: bash
run: |
if [[ "${RELEASE_REF}" =~ ^refs\/tags\/v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "RELEASE_REF=${RELEASE_REF} is a semver release ref"
echo "version=${RELEASE_REF#refs/tags/v}" | tee -a $GITHUB_OUTPUT
else
echo "RELEASE_REF=${RELEASE_REF} is not a semver release ref" >&2
exit 1
fi
promote_docker:
name: Promote Container Images to Latest in Docker Hub
needs: parse_version
runs-on: ubuntu-latest
strategy:
fail-fast: true
matrix:
image:
- repo: ${{ vars.ZITI_CLI_IMAGE || 'docker.io/openziti/ziti-cli' }}
- repo: ${{ vars.ZITI_CONTROLLER_IMAGE || 'docker.io/openziti/ziti-controller' }}
- repo: ${{ vars.ZITI_ROUTER_IMAGE || 'docker.io/openziti/ziti-router' }}
- repo: ${{ vars.ZITI_TUNNEL_IMAGE || 'docker.io/openziti/ziti-tunnel' }}
steps:
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ vars.DOCKER_HUB_API_USER || secrets.DOCKER_HUB_API_USER }}
password: ${{ secrets.DOCKER_HUB_API_TOKEN }}

- name: Tag Latest
shell: bash
run: >
docker buildx imagetools create --tag
${{ matrix.image.repo }}:latest
${{ matrix.image.repo }}:${{ needs.parse_version.outputs.version }}
promote_artifactory:
name: Promote Linux Packages to Stable Repositories in Artifactory
needs: parse_version
strategy:
fail-fast: true
matrix:
package_name:
- openziti
- openziti-controller
- openziti-router
arch:
- deb: amd64
rpm: x86_64
- deb: arm64
rpm: aarch64
- deb: armv7
rpm: armv7
nfpm_packager:
- rpm
- deb
name: ${{ matrix.package_name }} ${{ matrix.arch.rpm }} ${{ matrix.nfpm_packager }}
runs-on: ubuntu-latest
env:
ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }}
ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }}
ZITI_DEB_PROD_REPO: ${{ vars.ZITI_DEB_PROD_REPO || 'zitipax-openziti-deb-stable' }}
ZITI_RPM_PROD_REPO: ${{ vars.ZITI_RPM_PROD_REPO || 'zitipax-openziti-rpm-stable' }}
steps:
- name: Configure jFrog CLI
uses: jfrog/setup-jfrog-cli@v4
env:
JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }}

- name: Copy RPM from test repo to stable repo with jFrog CLI
if: matrix.package_name == 'rpm'
shell: bash
run: >
jf rt copy
--recursive=false
--flat=true
${{ env.ZITI_RPM_TEST_REPO }}/redhat/${{ matrix.arch.rpm }}/${{ matrix.package_name }}-${{ needs.parse_version.outputs.version }}.${{ matrix.arch.rpm }}.rpm
${{ env.ZITI_RPM_PROD_REPO }}/redhat/${{ matrix.arch.rpm }}/
- name: Copy DEB from test repo to stable repo with jFrog CLI
if: matrix.package_name == 'deb'
shell: bash
run: >
jf rt copy
--recursive=false
--flat=true
${{ env.ZITI_DEB_TEST_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/${{ matrix.package_name }}_${{ needs.parse_version.outputs.version }}_*.deb
${{ env.ZITI_DEB_PROD_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/
12 changes: 0 additions & 12 deletions .github/workflows/publish-docker-images.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,6 @@ jobs:
run: |
DOCKER_TAGS=""
DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
DOCKER_TAGS+=",${IMAGE_REPO}:latest"
fi
echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -83,9 +80,6 @@ jobs:
run: |
DOCKER_TAGS=""
DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
DOCKER_TAGS+=",${IMAGE_REPO}:latest"
fi
echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
echo DOCKER_TAGS="${DOCKER_TAGS}" >> $GITHUB_OUTPUT
Expand Down Expand Up @@ -115,9 +109,6 @@ jobs:
run: |
DOCKER_TAGS=""
DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
DOCKER_TAGS+=",${IMAGE_REPO}:latest"
fi
echo DOCKER_TAGS="${DOCKER_TAGS}" | tee -a $GITHUB_OUTPUT
- name: Build & Push Multi-Platform Router Container Image to Hub
Expand Down Expand Up @@ -145,9 +136,6 @@ jobs:
DOCKER_TAGS=""
for REPO in ${LEGACY_REPO} ${IMAGE_REPO}; do
DOCKER_TAGS="${IMAGE_REPO}:${IMAGE_TAG}"
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
DOCKER_TAGS+=",${IMAGE_REPO}:latest"
fi
done
DOCKER_TAGS=${DOCKER_TAGS#,} # drop leading comma char
echo "DEBUG: DOCKER_TAGS=${DOCKER_TAGS}"
Expand Down
31 changes: 3 additions & 28 deletions .github/workflows/publish-linux-packages.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_call:
inputs:
ziti-version:
description: generated by 'ziti-ci get-current-version'
description: generated by ziti-ci
type: string
required: true

Expand Down Expand Up @@ -44,9 +44,7 @@ jobs:
GOARCH: ${{ matrix.arch.goreleaser }}
MINIMUM_SYSTEMD_VERSION: 232
ZITI_DEB_TEST_REPO: ${{ vars.ZITI_DEB_TEST_REPO || 'zitipax-openziti-deb-test' }}
ZITI_DEB_PROD_REPO: ${{ vars.ZITI_DEB_PROD_REPO || 'zitipax-openziti-deb-stable' }}
ZITI_RPM_TEST_REPO: ${{ vars.ZITI_RPM_TEST_REPO || 'zitipax-openziti-rpm-test' }}
ZITI_RPM_PROD_REPO: ${{ vars.ZITI_RPM_PROD_REPO || 'zitipax-openziti-rpm-stable' }}
steps:
- name: Checkout Workspace
uses: actions/checkout@v4
Expand Down Expand Up @@ -93,7 +91,7 @@ jobs:
JF_ENV_1: ${{ secrets.ZITI_ARTIFACTORY_CLI_CONFIG_PACKAGE_UPLOAD }}

- name: Upload RPM to Artifactory testing repo
if: github.ref == 'refs/heads/release-next' && matrix.nfpm_packager == 'rpm'
if: matrix.nfpm_packager == 'rpm'
shell: bash
run: >
jf rt upload
Expand All @@ -102,19 +100,8 @@ jobs:
--recursive=false
--flat=true
- name: Upload RPM to Artifactory release repo
if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v'))
&& matrix.nfpm_packager == 'rpm'
shell: bash
run: >
jf rt upload
./release/${{ matrix.package_name }}*.rpm
${{ env.ZITI_RPM_PROD_REPO }}/redhat/${{ matrix.arch.rpm }}/
--recursive=false
--flat=true
- name: Upload DEB to Artifactory testing repo
if: github.ref == 'refs/heads/release-next' && matrix.nfpm_packager == 'deb'
if: matrix.nfpm_packager == 'deb'
shell: bash
run: >
jf rt upload
Expand All @@ -123,15 +110,3 @@ jobs:
--deb=debian/main/${{ matrix.arch.deb }}
--recursive=false
--flat=true
- name: Upload DEB to Artifactory release repo
if: (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-v'))
&& matrix.nfpm_packager == 'deb'
shell: bash
run: >
jf rt upload
./release/${{ matrix.package_name }}*.deb
${{ env.ZITI_DEB_PROD_REPO }}/pool/${{ matrix.package_name }}/${{ matrix.arch.deb }}/
--deb=debian/main/${{ matrix.arch.deb }}
--recursive=false
--flat=true

0 comments on commit 156f776

Please sign in to comment.