Skip to content

Commit 1db3e73

Browse files
tomlebtomleb
authored
[v0.4] Migrate release GHA to be per branch (#862)
* Migrate release GHA to be per branch * Change defaults
1 parent 28e95e6 commit 1db3e73

File tree

5 files changed

+485
-0
lines changed

5 files changed

+485
-0
lines changed

.github/workflows/release-charts.yaml

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
name: Bump webhook in rancher/charts
2+
on:
3+
workflow_dispatch:
4+
inputs:
5+
charts_ref:
6+
description: "Submit PR against the following rancher/charts branch (eg: dev-v2.8)"
7+
required: true
8+
default: "dev-v2.8"
9+
prev_webhook:
10+
description: "Previous Webhook version (eg: v0.4.0-rc.13)"
11+
required: true
12+
default: ""
13+
new_webhook:
14+
description: "New Webhook version (eg: v0.4.0-rc.14)"
15+
required: true
16+
default: ""
17+
18+
env:
19+
CHARTS_REF: ${{ github.event.inputs.charts_ref }}
20+
WEBHOOK_REF: "${{ github.ref_name }}"
21+
PREV_WEBHOOK: ${{ github.event.inputs.prev_webhook }}
22+
NEW_WEBHOOK: ${{ github.event.inputs.new_webhook }}
23+
24+
jobs:
25+
create-charts-pr:
26+
runs-on: ubuntu-latest
27+
permissions:
28+
contents: read
29+
# Required for vault
30+
id-token: write
31+
steps:
32+
- uses: actions/checkout@v4
33+
with:
34+
ref: "${{ env.WEBHOOK_REF }}"
35+
path: webhook
36+
37+
- uses: rancher-eio/read-vault-secrets@main
38+
with:
39+
secrets: |
40+
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
41+
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
42+
43+
# Fetch github token just for the charts repository
44+
- uses: actions/create-github-app-token@v1
45+
id: app-token
46+
with:
47+
app-id: ${{ env.APP_ID }}
48+
private-key: ${{ env.PRIVATE_KEY }}
49+
repositories: |
50+
charts
51+
52+
- name: Checkout charts repository
53+
uses: actions/checkout@v4
54+
with:
55+
repository: ${{ github.repository_owner }}/charts
56+
ref: "${{ env.CHARTS_REF }}"
57+
token: ${{ steps.app-token.outputs.token }}
58+
path: charts
59+
# Allow making git push request later on
60+
persist-credentials: true
61+
62+
- name: Configure the committer
63+
run: |
64+
cd charts
65+
user_id=$(gh api "/users/$APP_USER" --jq .id)
66+
git config --global user.name "$APP_USER"
67+
git config --global user.email "${user_id}+${APP_USER}@users.noreply.github.com"
68+
env:
69+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
70+
APP_USER: "${{ steps.app-token.outputs.app-slug }}[bot]"
71+
72+
- name: Install dependencies
73+
run: sudo snap install yq --channel=v4/stable
74+
75+
- name: Run release script
76+
run: |
77+
cd charts
78+
BRANCH="bump-webhook-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
79+
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
80+
git checkout -b "$BRANCH" "$CHARTS_REF"
81+
../webhook/.github/workflows/scripts/release-against-charts.sh . "$PREV_WEBHOOK" "$NEW_WEBHOOK"
82+
83+
- name: Push and create pull request
84+
env:
85+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
86+
run: |
87+
cd charts
88+
git push origin "$BRANCH"
89+
90+
body=$(../webhook/.github/workflows/scripts/release-message.sh "$PREV_WEBHOOK" "$NEW_WEBHOOK")
91+
92+
gh pr create \
93+
--title "[$CHARTS_REF] Bump rancher-webhook to $NEW_WEBHOOK" \
94+
--body "$body" \
95+
--repo ${{ github.repository_owner }}/charts \
96+
--head "${{ github.repository_owner }}:$BRANCH" \
97+
--base "$CHARTS_REF"

.github/workflows/release-rancher.yaml

Lines changed: 127 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,127 @@
1+
name: Bump webhook in rancher/rancher
2+
on:
3+
workflow_dispatch:
4+
inputs:
5+
rancher_ref:
6+
description: "Submit PR against the following rancher/rancher branch (eg: release/v2.8)"
7+
required: true
8+
default: "release/v2.8"
9+
prev_webhook:
10+
description: "Previous Webhook version (eg: v0.4.0-rc.13)"
11+
required: true
12+
default: ""
13+
new_webhook:
14+
description: "New Webhook version (eg: v0.4.0-rc.14)"
15+
required: true
16+
default: ""
17+
18+
env:
19+
RANCHER_REF: ${{ github.event.inputs.rancher_ref }}
20+
WEBHOOK_REF: "${{ github.ref_name }}"
21+
PREV_WEBHOOK: ${{ github.event.inputs.prev_webhook }}
22+
NEW_WEBHOOK: ${{ github.event.inputs.new_webhook }}
23+
24+
jobs:
25+
create-rancher-pr:
26+
runs-on: ubuntu-latest
27+
permissions:
28+
contents: read
29+
# Required for vault
30+
id-token: write
31+
steps:
32+
- name: Install dependencies
33+
run: sudo snap install yq --channel=v4/stable
34+
35+
- uses: actions/checkout@v4
36+
with:
37+
ref: "${{ env.WEBHOOK_REF }}"
38+
path: webhook
39+
40+
- uses: rancher-eio/read-vault-secrets@main
41+
with:
42+
secrets: |
43+
secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
44+
secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
45+
46+
# Fetch github token just for the rancher repository
47+
- uses: actions/create-github-app-token@v1
48+
id: app-token
49+
with:
50+
app-id: ${{ env.APP_ID }}
51+
private-key: ${{ env.PRIVATE_KEY }}
52+
repositories: |
53+
rancher
54+
55+
- name: Checkout rancher repository
56+
uses: actions/checkout@v4
57+
with:
58+
repository: ${{ github.repository_owner }}/rancher
59+
ref: "${{ env.RANCHER_REF }}"
60+
token: ${{ steps.app-token.outputs.token }}
61+
path: rancher
62+
# Allow making git push request later on
63+
persist-credentials: true
64+
65+
- name: Find charts branch
66+
id: find_charts_branch
67+
run: |
68+
cd rancher
69+
# Extract dev-v2.8 out of the following line:
70+
# ChartDefaultBranch = NewSetting("chart-default-branch", "dev-v2.8")
71+
charts_branch=$(grep '"chart-default-branch"' pkg/settings/setting.go | cut -d'"' -f4)
72+
echo "charts_branch=$charts_branch" >> $GITHUB_OUTPUT
73+
74+
- uses: actions/checkout@v4
75+
with:
76+
repository: ${{ github.repository_owner }}/charts
77+
ref: "${{ steps.find_charts_branch.outputs.charts_branch }}"
78+
path: charts
79+
80+
# Prevents the Rancher CI to continuously fail while the webhook RC is not
81+
# yet added to charts' index.yaml file due to caching.
82+
- name: Verify RC exists
83+
env:
84+
CHARTS_BRANCH: "${{ steps.find_charts_branch.outputs.charts_branch }}"
85+
run: |
86+
cd charts
87+
new_webhook_short=$(echo "$NEW_WEBHOOK" | sed 's|^v||') # e.g. 0.5.2-rc.3
88+
# Empty output if the version is not found, otherwise the version will be outputed.
89+
found=$(yq ".entries.rancher-webhook[].version | select(. == \"*$new_webhook_short\")" index.yaml)
90+
if [ -z "$found" ]; then
91+
echo "rancher-webhook RC version $NEW_WEBHOOK not found in charts (branch=$CHARTS_BRANCH). Aborting."
92+
exit 1
93+
fi
94+
95+
- name: Configure the committer
96+
run: |
97+
cd rancher
98+
user_id=$(gh api "/users/$APP_USER" --jq .id)
99+
git config --global user.name "$APP_USER"
100+
git config --global user.email "${user_id}+${APP_USER}@users.noreply.github.com"
101+
env:
102+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
103+
APP_USER: "${{ steps.app-token.outputs.app-slug }}[bot]"
104+
105+
- name: Run release script
106+
run: |
107+
cd rancher
108+
BRANCH="bump-webhook-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
109+
echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
110+
git checkout -b "$BRANCH" "$RANCHER_REF"
111+
../webhook/.github/workflows/scripts/release-against-rancher.sh . "$NEW_WEBHOOK"
112+
113+
- name: Push and create pull request
114+
env:
115+
GH_TOKEN: ${{ steps.app-token.outputs.token }}
116+
run: |
117+
cd rancher
118+
git push origin $BRANCH
119+
120+
body=$(../webhook/.github/workflows/scripts/release-message.sh "$PREV_WEBHOOK" "$NEW_WEBHOOK")
121+
122+
gh pr create \
123+
--title "[$RANCHER_REF] Bump rancher-webhook to $NEW_WEBHOOK" \
124+
--body "$body" \
125+
--repo ${{ github.repository_owner }}/rancher \
126+
--head "${{ github.repository_owner }}:$BRANCH" \
127+
--base "$RANCHER_REF"

.github/workflows/scripts/release-against-charts.sh

Lines changed: 110 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,110 @@
1+
#!/bin/sh
2+
#
3+
# Bumps Webhook version in a locally checked out rancher/charts repository
4+
#
5+
# Usage:
6+
# ./release-against-charts.sh <path to charts repo> <prev webhook release> <new webhook release>
7+
#
8+
# Example:
9+
# ./release-against-charts.sh "${GITHUB_WORKSPACE}" "v0.5.0-rc.13" "v0.5.0-rc.14"
10+
11+
CHARTS_DIR=$1
12+
PREV_WEBHOOK_VERSION=$2 # e.g. v0.5.2-rc.3
13+
NEW_WEBHOOK_VERSION=$3 # e.g. v0.5.2-rc.4
14+
15+
usage() {
16+
cat <<EOF
17+
Usage:
18+
$0 <path to charts repo> <prev webhook release> <new webhook release>
19+
EOF
20+
}
21+
22+
bump_patch() {
23+
version=$1
24+
major=$(echo "$version" | cut -d. -f1)
25+
minor=$(echo "$version" | cut -d. -f2)
26+
patch=$(echo "$version" | cut -d. -f3)
27+
new_patch=$((patch + 1))
28+
echo "${major}.${minor}.${new_patch}"
29+
}
30+
31+
validate_version_format() {
32+
version=$1
33+
if ! echo "$version" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+(-rc\.[0-9]+)?$'; then
34+
echo "Error: Version $version must be in the format v<major>.<minor>.<patch> or v<major>.<minor>.<patch>-rc.<number>"
35+
exit 1
36+
fi
37+
}
38+
39+
if [ -z "$CHARTS_DIR" ] || [ -z "$PREV_WEBHOOK_VERSION" ] || [ -z "$NEW_WEBHOOK_VERSION" ]; then
40+
usage
41+
exit 1
42+
fi
43+
44+
validate_version_format "$PREV_WEBHOOK_VERSION"
45+
validate_version_format "$NEW_WEBHOOK_VERSION"
46+
47+
if echo "$PREV_WEBHOOK_VERSION" | grep -q '\-rc'; then
48+
is_prev_rc=true
49+
else
50+
is_prev_rc=false
51+
fi
52+
53+
if [ "$PREV_WEBHOOK_VERSION" = "$NEW_WEBHOOK_VERSION" ]; then
54+
echo "Previous and new webhook version are the same: $NEW_WEBHOOK_VERSION, but must be different"
55+
exit 1
56+
fi
57+
58+
# Remove the prefix v because the chart version doesn't contain it
59+
PREV_WEBHOOK_VERSION_SHORT=$(echo "$PREV_WEBHOOK_VERSION" | sed 's|^v||') # e.g. 0.5.2-rc.3
60+
NEW_WEBHOOK_VERSION_SHORT=$(echo "$NEW_WEBHOOK_VERSION" | sed 's|^v||') # e.g. 0.5.2-rc.4
61+
62+
set -ue
63+
64+
cd "${CHARTS_DIR}"
65+
66+
# Validate the given webhook version (eg: 0.5.0-rc.13)
67+
if ! grep -q "${PREV_WEBHOOK_VERSION_SHORT}" ./packages/rancher-webhook/package.yaml; then
68+
echo "Previous Webhook version references do not exist in ./packages/rancher-webhook/. The content of the file is:"
69+
cat ./packages/rancher-webhook/package.yaml
70+
exit 1
71+
fi
72+
73+
# Get the chart version (eg: 104.0.0)
74+
if ! PREV_CHART_VERSION=$(yq '.version' ./packages/rancher-webhook/package.yaml); then
75+
echo "Unable to get chart version from ./packages/rancher-webhook/package.yaml. The content of the file is:"
76+
cat ./packages/rancher-webhook/package.yaml
77+
exit 1
78+
fi
79+
80+
if [ "$is_prev_rc" = "false" ]; then
81+
NEW_CHART_VERSION=$(bump_patch "$PREV_CHART_VERSION")
82+
else
83+
NEW_CHART_VERSION=$PREV_CHART_VERSION
84+
fi
85+
86+
sed -i "s/${PREV_WEBHOOK_VERSION_SHORT}/${NEW_WEBHOOK_VERSION_SHORT}/g" ./packages/rancher-webhook/package.yaml
87+
sed -i "s/${PREV_CHART_VERSION}/${NEW_CHART_VERSION}/g" ./packages/rancher-webhook/package.yaml
88+
89+
git add packages/rancher-webhook
90+
git commit -m "Bump rancher-webhook to $NEW_WEBHOOK_VERSION"
91+
92+
PACKAGE=rancher-webhook make charts
93+
git add ./assets/rancher-webhook ./charts/rancher-webhook index.yaml
94+
git commit -m "make charts"
95+
96+
# When previous webhook version is an RC, then we want to remove that RC. We keep
97+
# non-RC version.
98+
if [ "$is_prev_rc" = "true" ]; then
99+
CHART=rancher-webhook VERSION=${PREV_CHART_VERSION}+up${PREV_WEBHOOK_VERSION_SHORT} make remove
100+
git add ./assets/rancher-webhook ./charts/rancher-webhook ./index.yaml
101+
git commit -m "make remove"
102+
103+
yq --inplace "del(.rancher-webhook.[] | select(. == \"${PREV_CHART_VERSION}+up${PREV_WEBHOOK_VERSION_SHORT}\"))" release.yaml
104+
fi
105+
106+
# Prepends to list
107+
yq --inplace ".rancher-webhook = [\"${NEW_CHART_VERSION}+up${NEW_WEBHOOK_VERSION_SHORT}\"] + .rancher-webhook" release.yaml
108+
109+
git add release.yaml
110+
git commit -m "Add rancher-webhook ${NEW_CHART_VERSION}+up${NEW_WEBHOOK_VERSION_SHORT} to release.yaml"

0 commit comments

Comments
 (0)