Release #226
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Release | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "The RC/Release version, format: X.Y.Z-rcN for RC, X.Y.Z for releases" | |
| required: true | |
| permissions: | |
| contents: write | |
| packages: write | |
| checks: write | |
| pull-requests: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| env: | |
| TOOLS_PATH: "/opt/tools/bin" | |
| VERSION: ${{ github.event.inputs.version }} | |
| # version in format "X.Y" which is going to be updated with each patch release | |
| FLOATING_TAG: '' | |
| # branch name in format "release-X.Y" | |
| BRANCH_NAME: '' | |
| # GitHub tag name to use for the RC/Release | |
| GH_TAG: '' | |
| # Shows if this workflow is triggered for RC or Release | |
| IS_RC: 0 | |
| ARCH: '' | |
| OS: '' | |
| steps: | |
| - name: Validate input | |
| run: | | |
| if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+(-rc[1-9][0-9]*)?$ ]]; then | |
| echo "Wrong version format provided, please use "X.Y.Z-rcN" format for an RC or "X.Y.Z" format for a release" | |
| exit 1 | |
| fi | |
| - name: Set environment variables | |
| run: | | |
| floating_tag=${VERSION%.*} | |
| echo "FLOATING_TAG=$floating_tag" >> $GITHUB_ENV | |
| echo "BRANCH_NAME=release-$floating_tag" >> $GITHUB_ENV | |
| echo "GH_TAG=v$VERSION" >> $GITHUB_ENV | |
| if [[ ! $VERSION =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |
| echo "IS_RC=1" >> $GITHUB_ENV | |
| fi | |
| echo "ARCH=$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/')" >> $GITHUB_ENV | |
| echo "OS=$(uname | awk '{print tolower($0)}')" >> $GITHUB_ENV | |
| - name: Operator - check out | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: percona/everest-operator | |
| path: everest-operator | |
| token: ${{ secrets.ROBOT_TOKEN }} | |
| - name: Operator - create release branch | |
| run: | | |
| cd everest-operator | |
| # Check if the branch already exists | |
| git fetch | |
| check_branch=$(git ls-remote --heads origin ${BRANCH_NAME}) | |
| if [[ -z ${check_branch} ]]; then | |
| git checkout -b $BRANCH_NAME | |
| git push origin $BRANCH_NAME | |
| fi | |
| git checkout $BRANCH_NAME | |
| # update version in the Makefile | |
| sed -i "s/^VERSION ?=.*/VERSION ?= $VERSION/g" Makefile | |
| # if there is something to commit, commit it and add the tag | |
| if [[ -n $(git status --porcelain) ]]; then | |
| if git tag --list | grep -q "^$GH_TAG$"; then | |
| echo "The tag is already present in github. Please create a different RC/Release" | |
| exit 1 | |
| fi | |
| # update IMAGE_TAG_OWNER in the Makefile to point to a correct org | |
| if [[ $IS_RC == 1 ]]; then | |
| # if the RC build is being run over a Release build, there will be the "percona" org mentioned in the quickstart file, | |
| # so we should replace the org | |
| sed -i "s/IMAGE_TAG_OWNER ?= docker.io\/percona\$/IMAGE_TAG_OWNER ?= docker.io\/perconalab/g" Makefile | |
| else | |
| sed -i "s/IMAGE_TAG_OWNER ?= docker.io\/perconalab/IMAGE_TAG_OWNER ?= docker.io\/percona/g" Makefile | |
| fi | |
| make init | |
| make release | |
| # configure userdata for commits | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Everest RC CI triggered by ${{ github.actor }}" | |
| # commit and push the updated files | |
| git commit -a -m "update version tag" | |
| git push origin $BRANCH_NAME | |
| git tag $GH_TAG | |
| git push origin $GH_TAG | |
| else | |
| echo "No need for a new build" | |
| fi | |
| - name: Operator - install operator-sdk | |
| run: | | |
| mkdir -p $TOOLS_PATH | |
| echo $TOOLS_PATH >> $GITHUB_PATH | |
| export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/v1.25.2 | |
| curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} | |
| gpg --keyserver keyserver.ubuntu.com --recv-keys 052996E2A20B5C7E | |
| curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt | |
| curl -LO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc | |
| gpg -u "Operator SDK (release) <[email protected]>" --verify checksums.txt.asc | |
| grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c - | |
| chmod +x operator-sdk_${OS}_${ARCH} | |
| mv operator-sdk_${OS}_${ARCH} $TOOLS_PATH/operator-sdk | |
| - name: Operator - build and bundle | |
| run: | | |
| cd everest-operator | |
| make build manifests bundle | |
| - name: Operator - setup Docker meta for everest-operator | |
| id: operator_meta | |
| uses: docker/metadata-action@v5 | |
| # docker/metadata-action action looks more elegant when being triggered by a GH tag, | |
| # however this workflow can't be triggered by a GH tag since there are some changes need to be done | |
| # in the codebase prior putting the tag, so the action uses the raw tags | |
| with: | |
| images: | | |
| percona/everest-operator,enable=${{ env.IS_RC == 0 }} | |
| perconalab/everest-operator | |
| tags: | | |
| type=raw,value=${{ env.VERSION }} | |
| type=raw,value=latest | |
| type=raw,value=${{ env.FLOATING_TAG }},enable=${{ env.IS_RC == 0 }} | |
| - name: Operator - setup Docker meta for everest-operator-bundle | |
| id: bundle_meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| percona/everest-operator-bundle,enable=${{ env.IS_RC == 0 }} | |
| perconalab/everest-operator-bundle | |
| tags: | | |
| type=raw,value=${{ env.VERSION }} | |
| type=raw,value=${{ env.FLOATING_TAG }},enable=${{ env.IS_RC == 0 }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Operator - build everest-operator image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: everest-operator | |
| push: false | |
| tags: ${{ steps.operator_meta.outputs.tags }} | |
| - name: Operator - set everest-operator image to scan | |
| id: set_operator_image | |
| run: | | |
| # taking the first tag to check with trivy. Since the build is the same, no need to check the rest of them | |
| echo "::set-output name=image_to_check::$(echo "${{ steps.operator_meta.outputs.tags }}" | head -n 1)" | |
| - name: Operator - run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ${{ steps.set_operator_image.outputs.image_to_check }} | |
| format: 'table' | |
| exit-code: '1' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Operator - push everest-operator image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: everest-operator | |
| push: true | |
| tags: ${{ steps.operator_meta.outputs.tags }} | |
| - name: Operator - build everest-operator-bundle image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: everest-operator | |
| push: false | |
| tags: ${{ steps.bundle_meta.outputs.tags }} | |
| file: everest-operator/bundle.Dockerfile | |
| - name: Operator - set everest-operator-bundle image to scan | |
| id: set_operator_bundle_image | |
| run: | | |
| # taking the first tag to check with trivy. Since the build is the same, no need to check the rest of them | |
| echo "::set-output name=image_to_check::$(echo "${{ steps.bundle_meta.outputs.tags }}" | head -n 1)" | |
| - name: Operator - Run Trivy vulnerability scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: ${{ steps.set_operator_bundle_image.outputs.image_to_check }} | |
| format: 'table' | |
| exit-code: '1' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Operator - push everest-operator-bundle image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: everest-operator | |
| push: true | |
| tags: ${{ steps.bundle_meta.outputs.tags }} | |
| file: everest-operator/bundle.Dockerfile | |
| - name: Catalog - checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: percona/everest-catalog | |
| path: everest-catalog | |
| token: ${{ secrets.ROBOT_TOKEN }} | |
| - name: Catalog - create release branch | |
| run: | | |
| cd everest-catalog | |
| # Check if the branch already exists | |
| git fetch | |
| check_branch=$(git ls-remote --heads origin ${BRANCH_NAME}) | |
| if [[ -z ${check_branch} ]]; then | |
| git checkout -b $BRANCH_NAME | |
| git push origin $BRANCH_NAME | |
| fi | |
| git checkout $BRANCH_NAME | |
| # if the tag doesn't exist yet, create it | |
| if git tag --list | grep -q "^$GH_TAG$"; then | |
| echo "The tag is already present in github. Please create a different RC/Release" | |
| exit 1 | |
| fi | |
| - name: Catalog - update veneer file | |
| run: | | |
| cd everest-catalog/tools | |
| # configure userdata for commits | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Everest RC CI triggered by ${{ github.actor }}" | |
| if [[ $IS_RC == 1 ]]; then | |
| go run . \ | |
| --veneer-file ../veneer/everest-operator.yaml \ | |
| --channel fast-v0 \ | |
| --new-version ${{ env.VERSION }} | |
| else | |
| go run . \ | |
| --veneer-file ../veneer/everest-operator.yaml \ | |
| --channel stable-v0 \ | |
| --new-version ${{ env.VERSION }} | |
| go run . \ | |
| --veneer-file ../veneer/everest-operator.yaml \ | |
| --channel fast-v0 \ | |
| --new-version ${{ env.VERSION }} | |
| fi | |
| cd .. | |
| curl -Lo /tmp/opm https://github.com/operator-framework/operator-registry/releases/download/v1.44.0/${OS}-${ARCH}-opm | |
| chmod +x /tmp/opm | |
| /tmp/opm alpha render-template basic -o yaml < veneer/everest-operator.yaml > catalog/everest-operator/catalog.yaml | |
| # Check if veneer has the new version listed | |
| if ! grep -q "$VERSION$" catalog/everest-operator/catalog.yaml; then | |
| echo "catalog/everest-operator/catalog.yaml does not include the version $VERSION" | |
| exit 1 | |
| fi | |
| git commit -am "CI: add version ${{ env.VERSION }}" | |
| git push origin $BRANCH_NAME | |
| git tag $GH_TAG | |
| git push origin $GH_TAG | |
| - name: Catalog - docker meta | |
| id: catalog_meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| percona/everest-catalog,enable=${{ env.IS_RC == 0 }} | |
| perconalab/everest-catalog | |
| tags: | | |
| type=raw,value=${{ env.VERSION }} | |
| type=raw,value=${{ env.FLOATING_TAG }},enable=${{ env.IS_RC == 0 }} | |
| - name: Catalog - build image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: everest-catalog | |
| push: false | |
| tags: ${{ steps.catalog_meta.outputs.tags }} | |
| file: everest-catalog/everest-catalog.Dockerfile | |
| - name: Catalog - set catalog image to scan | |
| id: set_catalog_image | |
| run: | | |
| # taking the first tag to check with trivy. Since the build is the same, no need to check the rest of them | |
| echo "::set-output name=image_to_check::$(echo "${{ steps.catalog_meta.outputs.tags }}" | head -n 1)" | |
| # TODO: fix the vulnerabilities in main and enable this check | |
| # - name: Catalog - run Trivy vulnerability scanner | |
| # uses: aquasecurity/[email protected] | |
| # with: | |
| # image-ref: ${{ steps.set_catalog_image.outputs.image_to_check }} | |
| # format: 'table' | |
| # exit-code: '1' | |
| # severity: 'CRITICAL,HIGH' | |
| - name: Catalog - push image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: everest-catalog | |
| push: true | |
| tags: ${{ steps.catalog_meta.outputs.tags }} | |
| file: everest-catalog/everest-catalog.Dockerfile | |
| - name: Everest - check out | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.ROBOT_TOKEN }} | |
| - name: Everest - setup golang | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version-file: './go.mod' | |
| - name: Everest - create and update release branch | |
| run: | | |
| # Check if the branch already exists | |
| git fetch | |
| check_branch=$(git ls-remote --heads origin ${BRANCH_NAME}) | |
| if [[ -z ${check_branch} ]]; then | |
| git checkout -b $BRANCH_NAME | |
| git push origin $BRANCH_NAME | |
| fi | |
| git checkout $BRANCH_NAME | |
| # Update deploy manifest | |
| if [[ $IS_RC == 1 ]]; then | |
| # if the build is being run over dev/RC build, there will be the "perconalab" org mentioned in the quickstart file, | |
| # so we should replace only the version | |
| sed -i "s/perconalab\/everest.*/perconalab\/everest:$VERSION/g" deploy/quickstart-k8s.yaml | |
| # if the build is being run over a Release build, there will be the "percona" org mentioned in the quickstart file, | |
| # so we should replace both the org and the version | |
| sed -i "s/percona\/everest.*/perconalab\/everest:$VERSION/g" deploy/quickstart-k8s.yaml | |
| else | |
| sed -i "s/perconalab\/everest.*/percona\/everest:$VERSION/g" deploy/quickstart-k8s.yaml | |
| sed -i "s/percona\/everest.*/percona\/everest:$VERSION/g" deploy/quickstart-k8s.yaml | |
| fi | |
| # Update the operator go module to reference the version tag | |
| go get github.com/percona/everest-operator@$GH_TAG | |
| go mod tidy | |
| # Change version in Makefile | |
| sed -i "s/RELEASE_VERSION ?=.*/RELEASE_VERSION ?= v$VERSION/g" Makefile | |
| # if there is something to commit, commit it and add the tag | |
| if [[ -n $(git status --porcelain) ]]; then | |
| if git tag --list | grep -q "^$GH_TAG$"; then | |
| echo "The tag is already present in github. Please create a different RC/Release" | |
| exit 1 | |
| fi | |
| # configure userdata for commits | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Everest RC CI triggered by ${{ github.actor }}" | |
| # commit and push the updated files | |
| git commit -a -m "update version tag" | |
| git push origin $BRANCH_NAME | |
| git tag $GH_TAG | |
| git push origin $GH_TAG | |
| fi | |
| - name: Everest UI - setup pnpm | |
| uses: pnpm/action-setup@v3 | |
| with: | |
| version: 8 | |
| - name: Everest UI - run with Node 20 | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20.x | |
| cache: 'pnpm' | |
| cache-dependency-path: ui/pnpm-lock.yaml | |
| - name: Everest UI - build | |
| run: | | |
| cd ui | |
| pnpm install | |
| EVEREST_OUT_DIR=${GITHUB_WORKSPACE}/public/dist/ pnpm build | |
| - name: Everest - build binary | |
| run: | | |
| if [[ $IS_RC == 1 ]]; then | |
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make rc | |
| else | |
| CGO_ENABLED=0 GOOS=linux GOARCH=amd64 make release | |
| fi | |
| - name: Everest - setup docker build metadata | |
| uses: docker/metadata-action@v5 | |
| id: everest_meta | |
| with: | |
| images: | | |
| percona/everest,enable=${{ env.IS_RC == 0 }} | |
| perconalab/everest | |
| tags: | | |
| type=raw,value=${{ env.VERSION }} | |
| type=raw,value=latest | |
| type=raw,value=${{ env.FLOATING_TAG }},enable=${{ env.IS_RC == 0 }} | |
| - name: Everest - build Everest image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: false | |
| tags: ${{ steps.everest_meta.outputs.tags }} | |
| - name: Everest - set everest image to scan | |
| id: set_everest_image | |
| run: | | |
| # taking the first tag to check with trivy. Since the build is the same, no need to check the rest of them | |
| echo "::set-output name=image_to_check::$(echo "${{ steps.everest_meta.outputs.tags }}" | head -n 1)" | |
| # TODO: fix the vulnerabilities in main and enable this check | |
| # - name: Everest - run Trivy vulnerability scanner | |
| # uses: aquasecurity/[email protected] | |
| # with: | |
| # image-ref: ${{ steps.set_everest_image.outputs.image_to_check }} | |
| # format: 'table' | |
| # exit-code: '1' | |
| # severity: 'CRITICAL,HIGH' | |
| - name: Everest - push Everest image | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.everest_meta.outputs.tags }} | |
| - name: CLI - build binaries | |
| run: | | |
| make release-cli | |
| - name: CLI - create release with binaries | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| draft: true | |
| files: | | |
| dist/* | |