Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate makefiles and CI/CD #306

Merged
merged 1 commit into from
Dec 18, 2023
Merged

Migrate makefiles and CI/CD #306

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions .dockerignore
View file
Open in desktop

This file was deleted.

86 changes: 86 additions & 0 deletions .github/workflows/make-self-upgrade.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead.

name: make-self-upgrade
concurrency: make-self-upgrade
on:
workflow_dispatch: {}
schedule:
- cron: '0 0 * * *'

jobs:
build_images:
runs-on: ubuntu-latest

permissions:
contents: write
pull-requests: write

steps:
- name: Fail if branch is not main
if: github.ref != 'refs/heads/main'
run: |
echo "This workflow should not be run on a branch other than main."
exit 1

- uses: actions/checkout@v4

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"

- uses: actions/setup-go@v4
with:
go-version: ${{ steps.go-version.outputs.result }}

- run: |
git checkout -B "self-upgrade"

- run: |
make -j upgrade-klone
make -j generate

- id: is-up-to-date
shell: bash
run: |
git_status=$(git status -s)
is_up_to_date="true"
if [ -n "$git_status" ]; then
is_up_to_date="false"
echo "The following changes will be committed:"
echo "$git_status"
fi
echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT"

- if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
run: |
git config --global user.name "jetstack-bot"
git config --global user.email "[email protected]"
git commit -a -m "BOT: run 'make upgrade-klone' and 'make generate'"
git push -f origin self-upgrade

- if: ${{ steps.is-up-to-date.outputs.result != 'true' }}
uses: actions/github-script@v7
with:
script: |
const { repo, owner } = context.repo;
const pulls = await github.rest.pulls.list({
owner: owner,
repo: repo,
head: 'self-upgrade',
base: 'main',
state: 'open',
});

if (pulls.data.length < 1) {
await github.rest.pulls.create({
title: '[CI] Merge self-upgrade into main',
owner: owner,
repo: repo,
head: 'self-upgrade',
base: 'main',
body: [
'This PR is auto-generated to bump the Makefile modules.',
].join('\n'),
});
}
105 changes: 65 additions & 40 deletions .github/workflows/release.yaml
View file
Open in desktop
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do a test release by pushing an alpha tag linked to a commit in this branch to demonstrate that this still works.

Update the README.md file with updated release process documentation, if necessary.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/cert-manager/approver-policy/actions/runs/7220836055
https://github.com/cert-manager/approver-policy/releases/tag/untagged-442b7c6d0c2988dd8ca6

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, that looks good.
The release title isn't right
image

But I did a test install which worked well and the diff between the current release and this alpha release contained mostly only version label changes:

diff -u <(helm template cert-manager-approver-policy-v0.11.0.tgz) <(helm template cert-manager-approver-policy-v0.12.0-alpha.0.tgz) 
...
-# Source: cert-manager-approver-policy/templates/crds/policy.cert-manager.io_certificaterequestpolicies.yaml
+# Source: cert-manager-approver-policy/templates/crd-policy.cert-manager.io_certificaterequestpolicies.yaml

Original file line number Diff line number Diff line change
Expand Up @@ -3,58 +3,83 @@ on:
push:
tags:
- "v*"

env:
VERSION: ${{ github.ref_name }}
IMAGE: quay.io/jetstack/cert-manager-approver-policy:${{ github.ref_name }}

jobs:
docker-image:
build_images:
runs-on: ubuntu-latest

permissions:
contents: write
id-token: write
runs-on: ubuntu-22.04
contents: read # needed for checkout
packages: write # needed for push images
id-token: write # needed for keyless signing

steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3

- id: go-version
run: |
make print-go-version >> "$GITHUB_OUTPUT"

- uses: docker/login-action@v3
with:
registry: quay.io
username: ${{ secrets.QUAY_USERNAME }}
password: ${{ secrets.QUAY_PASSWORD }}
- uses: docker/build-push-action@v5

- uses: actions/setup-go@v4
with:
context: .
file: ./Dockerfile
platforms: linux/amd64,linux/arm/v7,linux/arm64,linux/ppc64le
push: true
tags: ${{ env.IMAGE }}
build-args: |
VERSION=${{ env.VERSION }}

github-release:
runs-on: ubuntu-22.04
needs:
- docker-image
go-version: ${{ steps.go-version.outputs.result }}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't you prefer to point to the go.mod file here to automatically build using the latest patch version?
I do.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The problem is that the go version is not linked to the source code. Instead, it is linked to the latest version of go at that time.
I think for reproducibility and as a way to properly keep track of versions, we should explicitly version go instead.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out that setup-go doesn't necessarily pick up latest version of Go:


- id: release
run: make release

- uses: actions/upload-artifact@v3
with:
name: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}-${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}.tgz
path: ${{ steps.release.outputs.RELEASE_HELM_CHART_TAR }}
if-no-files-found: error

outputs:
RELEASE_OCI_MANAGER_IMAGE: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_IMAGE }}
RELEASE_OCI_MANAGER_TAG: ${{ steps.release.outputs.RELEASE_OCI_MANAGER_TAG }}
RELEASE_HELM_CHART_NAME: ${{ steps.release.outputs.RELEASE_HELM_CHART_NAME }}
RELEASE_HELM_CHART_VERSION: ${{ steps.release.outputs.RELEASE_HELM_CHART_VERSION }}

github_release:
runs-on: ubuntu-latest

needs: build_images

permissions:
contents: write # needed for creating a PR
pull-requests: write # needed for creating a PR

steps:
- uses: actions/checkout@v4
- id: create_helm_archive
run: make helm-chart
- id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
touch .notes-file
echo "OCI_MANAGER_IMAGE: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_IMAGE }}" >> .notes-file
echo "OCI_MANAGER_TAG: ${{ needs.build_images.outputs.RELEASE_OCI_MANAGER_TAG }}" >> .notes-file
echo "HELM_CHART_NAME: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}" >> .notes-file
echo "HELM_CHART_VERSION: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}" >> .notes-file

- id: chart_download
uses: actions/download-artifact@v3
with:
tag_name: ${{ env.VERSION }}
release_name: ${{ env.VERSION }}
draft: true
prerelease: true
body: |
Docker Image: `${{ env.IMAGE }}`
- uses: actions/upload-release-asset@v1
env:
name: ${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz

- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ${{ steps.create_helm_archive.outputs.path }}
asset_name: cert-manager-approver-policy.helm-chart.tgz
asset_content_type: application/gzip
run: |
gh release create "$VERSION" \
--repo="$GITHUB_REPOSITORY" \
--title="${VERSION}" \
inteon marked this conversation as resolved.
Show resolved Hide resolved
--draft \
--verify-tag \
--notes-file .notes-file

gh release upload "$VERSION" \
--repo="$GITHUB_REPOSITORY" \
"${{ steps.chart_download.outputs.download-path }}/${{ needs.build_images.outputs.RELEASE_HELM_CHART_NAME }}-${{ needs.build_images.outputs.RELEASE_HELM_CHART_VERSION }}.tgz"
44 changes: 0 additions & 44 deletions Dockerfile
View file
Open in desktop

This file was deleted.

Loading