Skip to content

Fix Ingress network policy to work with cilium (#3987) #128

Fix Ingress network policy to work with cilium (#3987)

Fix Ingress network policy to work with cilium (#3987) #128

name: Create new experimental release
on:
# run when pushed to main is published,
# which creates a new tag
push:
branches:
- main
paths:
- 'v2/**'
# no content, allows manual triggering
workflow_dispatch:
env:
ARTIFACT_VERSION: experimental
jobs:
build-and-push:
runs-on: [self-hosted, 1ES.Pool=aso-1es-pool]
permissions:
contents: write # Required to write a release
steps:
- name: Checkout code
uses: actions/checkout@v3
with:
fetch-depth: 0 # required to access tags
submodules: "true"
- name: Force docker to SSD
run: sudo scripts/v2/linux-docker-use-ssd.sh --containerd true
- name: Build & run devcontainer image
# this always builds a new image from scratch rather than from the build-devcontainer-image workflow output
# so that we pick up the latest versions of everything
# NB: if you update this also update live-validation.yml, pre-release-tests.yaml and create-release-official.yaml
id: devcontainer
run: |
docker build --tag devcontainer:latest .devcontainer
mkdir -p $HOME/.docker # in case it doesn't exist
container_id=$(docker create -w /workspace -v $GITHUB_WORKSPACE:/workspace -v /var/run/docker.sock:/var/run/docker.sock devcontainer:latest)
docker start "$container_id"
echo "container_id=$container_id" >> $GITHUB_ENV
- name: Build required release files
run: |
container_id=${{env.container_id}}
docker exec "$container_id" task VERSION=${{ env.ARTIFACT_VERSION }} LATEST_VERSION_TAG=${{ env.ARTIFACT_VERSION }} make-release-artifacts
# We delete the old release and re-create it because if we just use the overwrite argument to
# upload-release-action it updates the release files but doesn't change the "date" of the release.
# Over time this means that the release date diverges from the date the files were uploaded in a way that is
# likely to confuse users.
- name: Delete Release
run: gh release delete "experimental" --cleanup-tag -y
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# See https://github.com/svenstaro/upload-release-action/issues/99, which describes a bug where (for some reason)
# releases that are deleted and then immediately recreated can sometimes show up as draft rather than an official
# release. This is a hack, but we don't have a better workaround at the moment. See https://github.com/cli/cli/issues/8458
# as well.
- name: Wait 60s
run: sleep 60s
- name: Upload release assets
uses: svenstaro/upload-release-action@1beeb572c19a9242f4361f4cee78f8e0d9aec5df # this is v2.7.0, but pinned
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
tag: refs/tags/${{ env.ARTIFACT_VERSION }}
file: "v2/out/release/*"
file_glob: true
prerelease: true
release_name: "Experimental"
body: |
This is an experimental release which containing the most recent commits from the main branch as of commit: ${{ github.sha }}.
**This release might not be stable. Use at your own risk.**
> ⚠️ The provided YAML manifest does not configure any CRDs to install by default, but is required.
> You must specify the CRDs that you want to use as part of `crdPattern`, for example `'resources.azure.com/*;containerservice.azure.com/*;keyvault.azure.com/*;managedidentity.azure.com/*;apimanagement.azure.com/*'`.
The recommended way to supply `crdPattern` is using [asoctl template](https://azure.github.io/azure-service-operator/tools/asoctl/#template):
```bash
asoctl template https://github.com/Azure/azure-service-operator/releases/download/experimental/azureserviceoperator_experimental.yaml --crd-pattern "<pattern>" | kubectl apply -f -`
```
This release is only intended for developers wishing to try out the latest features, some of which may not be fully implemented.
It is not recommended to run the experimental release for a long period of time, as the docker image referenced by the deployment is
`mcr.microsoft.com/k8s/azureserviceoperator:experimental`, which is always being updated. Test what you want to test and then uninstall the operator.
Running the operator for long periods of time on the `experimental` tag is not supported and will likely cause problems eventually.
- name: Docker login
run: |
container_id=${{env.container_id}}
docker exec -e AZURE_CLIENT_ID -e AZURE_CLIENT_SECRET -e DOCKER_REGISTRY "$container_id" task VERSION=${{ env.ARTIFACT_VERSION }} LATEST_VERSION_TAG=${{ env.ARTIFACT_VERSION }} docker-login
env:
DOCKER_REGISTRY: ${{ secrets.REGISTRY_LOGIN }}
AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
- name: Build, tag and push docker image
run: |
container_id=${{env.container_id}}
docker exec -e DOCKER_PUSH_TARGET "$container_id" task VERSION=${{ env.ARTIFACT_VERSION }} LATEST_VERSION_TAG=${{ env.ARTIFACT_VERSION }} controller:docker-push-multiarch
env:
DOCKER_PUSH_TARGET: ${{ secrets.REGISTRY_PUBLIC }}