chore: Redesign release workflow

niallthomson · Mar 7, 2025 · e93923f · e93923f
1 parent 595540d
commit e93923f
Show file tree

Hide file tree

Showing 12 changed files with 169 additions and 107 deletions.
diff --git a/.github/actions/publish-artifacts/action.yml b/.github/actions/publish-artifacts/action.yml
diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
@@ -0,0 +1,107 @@
+name: Publish Artifacts
+
+on:
+  workflow_call:
+    inputs:
+      version:
+        type: string
+        default: "-"
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  build:
+    name: Build Images
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-22.04
+            arch: amd64
+          - os: ubuntu-22.04-arm
+            arch: arm64
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.version }}
+      - name: "Setup Docker"
+        uses: ./.github/actions/setup-docker
+      - name: "Setup Env"
+        uses: ./.github/actions/setup-env
+      - name: "Get AWS credentials"
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-1
+          role-session-name: GithubActionsSession
+
+      - name: "Login to Amazon ECR Public"
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - name: Build
+        shell: devenv shell bash -- -e {0}
+        env:
+          TAG_NAME: ${{ inputs.version }}
+          TARGET_ARCH: ${{ matrix.arch }}
+          AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }}
+        run: |
+          export IMAGE_TAG=${TAG_NAME#v}
+
+          # Build first to prevent partial container set push
+          yarn nx run-many -t container --projects=tag:service --tags ${AWS_ECR_REPOSITORY}/retail-store-sample-{projectName}:${IMAGE_TAG}-${TARGET_ARCH}
+          yarn nx container load-generator --tags ${AWS_ECR_REPOSITORY}/retail-store-sample-utils:load-gen.${IMAGE_TAG}-${TARGET_ARCH}
+
+          # Then push
+          yarn nx run-many -t container --push true --projects=tag:service --tags ${AWS_ECR_REPOSITORY}/retail-store-sample-{projectName}:${IMAGE_TAG}-${TARGET_ARCH}
+          yarn nx container load-generator --push true --tags ${AWS_ECR_REPOSITORY}/retail-store-sample-utils:load-gen.${IMAGE_TAG}-${TARGET_ARCH}
+
+  publish:
+    name: Publish
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.version }}
+      - name: "Setup Env"
+        uses: ./.github/actions/setup-env
+      - name: "Get AWS credentials"
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: us-east-1
+          role-session-name: GithubActionsSession
+
+      - name: "Login to Amazon ECR Public"
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v2
+        with:
+          registry-type: public
+
+      - name: Push manifests
+        shell: devenv shell bash -- -e {0}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAG_NAME: ${{ inputs.version }}
+          AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPOSITORY }}
+        run: |
+          export IMAGE_TAG=${TAG_NAME#v}
+
+          yarn nx run-many -t manifest --projects=tag:service --args="--repository=${AWS_ECR_REPOSITORY}/retail-store-sample-{projectName},--tag=${IMAGE_TAG}"
+          yarn nx manifest load-generator --args="--repository=${AWS_ECR_REPOSITORY}/retail-store-sample-utils,--tag=load-gen.${IMAGE_TAG}"
+
+          yarn nx run-many -t helm --projects=tag:service --remote oci://${AWS_ECR_REPOSITORY} --push
+
+          bash scripts/compose-dist.sh
+
+          gh release upload ${TAG_NAME} ./dist/docker-compose/docker-compose.yaml --clobber
+
+          bash scripts/kubernetes-dist.sh
+
+          gh release upload ${TAG_NAME} ./dist/kubernetes/kubernetes.yaml --clobber
diff --git a/.github/workflows/publish-build.yml b/.github/workflows/publish-build.yml
@@ -1,41 +1,19 @@
-name: Publish Artifacts
+name: Publish Build
 
 on:
   workflow_dispatch:
     inputs:
-      tag:
-        description: "Tag"
+      version:
+        description: "Version"
         required: true
 
 permissions:
   id-token: write
   contents: write
-  pull-requests: write
 
 jobs:
-  publish:
-    runs-on: ubuntu-latest
-    steps:
-      - name: "Get AWS credentials"
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
-          aws-region: us-east-1
-          role-session-name: GithubActionsSession
-
-      - name: "Login to Amazon ECR Public"
-        id: login-ecr-public
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registry-type: public
-
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ inputs.tag }}
-
-      - name: "Publish artifacts"
-        uses: ./.github/actions/publish-artifacts
-        with:
-          tag: ${{ inputs.tag }}
-          ecr-repository: ${{ secrets.AWS_ECR_REPOSITORY }}
-          gh-token: ${{ secrets.GITHUB_TOKEN }}
+  artifacts:
+    uses: ./.github/workflows/artifacts.yaml
+    with:
+      version: ${{ inputs.version }}
+    secrets: inherit
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
@@ -13,34 +13,17 @@ name: Release
 jobs:
   release-please:
     runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
     steps:
       - uses: googleapis/release-please-action@v4
         id: release
 
-      - name: "Get AWS credentials"
-        if: ${{ steps.release.outputs.release_created }}
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
-          aws-region: us-east-1
-          role-session-name: GithubActionsSession
-
-      - name: "Login to Amazon ECR Public"
-        id: login-ecr-public
-        if: ${{ steps.release.outputs.release_created }}
-        uses: aws-actions/amazon-ecr-login@v2
-        with:
-          registry-type: public
-
-      - uses: actions/checkout@v4
-        if: ${{ steps.release.outputs.release_created }}
-        with:
-          ref: ${{ steps.release.outputs.tag_name }}
-
-      - name: "Publish artifacts"
-        if: ${{ steps.release.outputs.release_created }}
-        uses: ./.github/actions/publish-artifacts
-        with:
-          tag: ${{ steps.release.outputs.tag_name }}
-          ecr-repository: ${{ secrets.AWS_ECR_REPOSITORY }}
-          gh-token: ${{ secrets.GITHUB_TOKEN }}
+  artifacts:
+    uses: ./.github/workflows/artifacts.yaml
+    needs: release-please
+    if: needs.release-please.outputs.release_created
+    with:
+      version: ${{ needs.release-please.outputs.tag_name }}
+    secrets: inherit
diff --git a/nx.json b/nx.json
@@ -45,6 +45,7 @@
     "container": {
       "executor": "@nx-tools/nx-container:build",
       "cache": true,
+      "dependsOn": [],
       "options": {
         "context": "{projectRoot}",
         "tags": ["aws-containers/retail-store-sample-{projectName}"]
@@ -56,6 +57,12 @@
         }
       }
     },
+    "manifest": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "bash scripts/create-manifest.sh {args.repository} {args.tag}"
+      }
+    },
     "helm": {
       "executor": "@nx-extensions/helm:package",
       "outputs": ["{options.outputFolder}"],

diff --git a/scripts/create-manifest.sh b/scripts/create-manifest.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+repository=$1
+tag=$2
+
+if [ -z "$repository" ]; then
+  echo "Error: First argument must be repository"
+  exit 1
+fi
+
+if [ -z "$tag" ]; then
+  echo "Error: Second argument must be tag"
+  exit 1
+fi
+
+set -euo pipefail
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+amd64_manifest=$(docker manifest inspect $repository:$tag-amd64)
+amd64_digest=$(echo $amd64_manifest | jq -r '.manifests[] | select(.platform.architecture == "amd64") | .digest')
+
+arm64_manifest=$(docker manifest inspect $repository:$tag-arm64)
+arm64_digest=$(echo $arm64_manifest | jq -r '.manifests[] | select(.platform.architecture == "arm64") | .digest')
+
+target_manifest="$repository:$tag"
+
+docker manifest create $target_manifest $repository@${amd64_digest} $repository@${arm64_digest}
+
+docker manifest push $target_manifest
diff --git a/src/cart/project.json b/src/cart/project.json
@@ -44,6 +44,7 @@
         "command": "./mvnw spring-boot:run"
       }
     },
+    "manifest": {},
     "helm": {}
   },
   "tags": ["service", "chart"]

diff --git a/src/catalog/project.json b/src/catalog/project.json
@@ -41,6 +41,7 @@
         "command": "go run main.go"
       }
     },
+    "manifest": {},
     "helm": {},
     "update-samples": {
       "executor": "nx:run-commands",

diff --git a/src/checkout/project.json b/src/checkout/project.json
@@ -27,6 +27,7 @@
         "command": "yarn lint"
       }
     },
+    "manifest": {},
     "helm": {}
   },
   "tags": ["service", "chart"]

diff --git a/src/load-generator/project.json b/src/load-generator/project.json
@@ -11,7 +11,8 @@
     },
     "execute": {
       "dependsOn": ["install"]
-    }
+    },
+    "manifest": {}
   },
   "tags": ["tool"]
 }
diff --git a/src/orders/project.json b/src/orders/project.json
@@ -46,6 +46,7 @@
         "command": "./mvnw spring-boot:run"
       }
     },
+    "manifest": {},
     "helm": {}
   },
   "tags": ["service", "chart"]

diff --git a/src/ui/project.json b/src/ui/project.json
@@ -46,6 +46,7 @@
         "command": "./mvnw spring-boot:run"
       }
     },
+    "manifest": {},
     "helm": {},
     "compose:up": {
       "executor": "nx:run-commands",