-
Notifications
You must be signed in to change notification settings - Fork 258
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This workflow does an automatic tag, build and push images for a custom release when the note of that release is merged into the main branch. Signed-off-by: Huy Mai <[email protected]>
- Loading branch information
Showing
3 changed files
with
185 additions
and
82 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,39 +1,152 @@ | ||
name: release | ||
# This code is borrowed from https://github.com/kubernetes-sigs/cluster-api/blob/main/.github/workflows/release.yaml | ||
name: Create Release | ||
|
||
on: | ||
push: | ||
# Sequence of patterns matched against refs/tags | ||
tags: | ||
- "v*" | ||
branches: | ||
- main | ||
paths: | ||
- 'releasenotes/*.md' | ||
|
||
permissions: {} | ||
|
||
jobs: | ||
build: | ||
name: tag release | ||
runs-on: ubuntu-latest | ||
|
||
push_release_tags: | ||
permissions: | ||
contents: write | ||
|
||
runs-on: ubuntu-latest | ||
outputs: | ||
release_tag: ${{ steps.release-version.outputs.release_version }} | ||
if: github.repository == 'metal3-io/baremetal-operator' | ||
steps: | ||
- name: Export RELEASE_TAG var | ||
run: echo "RELEASE_TAG=${GITHUB_REF:10}" >> $GITHUB_ENV | ||
- name: Checkout code | ||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
with: | ||
fetch-depth: 0 | ||
- name: Get changed files | ||
id: changed-files | ||
uses: tj-actions/changed-files@bab30c2299617f6615ec02a68b9a40d10bd21366 # tag=v45.0.5 | ||
- name: Get release version | ||
id: release-version | ||
run: | | ||
if [[ ${{ steps.changed-files.outputs.all_changed_files_count }} != 1 ]]; then | ||
echo "1 release notes file should be changed to create a release tag, found ${{ steps.changed-files.outputs.all_changed_files_count }}" | ||
exit 1 | ||
fi | ||
for changed_file in ${{ steps.changed-files.outputs.all_changed_files }}; do | ||
export RELEASE_VERSION=$(echo "${changed_file}" | grep -oP '(?<=/)[^/]+(?=\.md)') | ||
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> ${GITHUB_ENV} | ||
echo "RELEASE_VERSION=${RELEASE_VERSION}" >> ${GITHUB_OUTPUT} | ||
if [[ "${RELEASE_VERSION}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+(-[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?$ ]]; then | ||
echo "Valid semver: ${RELEASE_VERSION}" | ||
else | ||
echo "Invalid semver: ${RELEASE_VERSION}" | ||
exit 1 | ||
fi | ||
done | ||
- name: Determine the release branch to use | ||
run: | | ||
if [[ ${RELEASE_VERSION} =~ beta ]] || [[ ${RELEASE_VERSION} =~ alpha ]]; then | ||
export RELEASE_BRANCH=main | ||
echo "RELEASE_BRANCH=${RELEASE_BRANCH}" >> ${GITHUB_ENV} | ||
echo "This is a beta or alpha release, will use release branch ${RELEASE_BRANCH}" | ||
else | ||
export RELEASE_BRANCH=release-$(echo ${RELEASE_VERSION} | sed -E 's/^v([0-9]+)\.([0-9]+)\..*$/\1.\2/') | ||
echo "RELEASE_BRANCH=${RELEASE_BRANCH}" >> ${GITHUB_ENV} | ||
echo "This is not a beta or alpha release, will use release branch ${RELEASE_BRANCH}" | ||
fi | ||
- name: Create or checkout release branch | ||
run: | | ||
if git show-ref --verify --quiet "refs/remotes/origin/${RELEASE_BRANCH}"; then | ||
echo "Branch ${RELEASE_BRANCH} already exists" | ||
git checkout "${RELEASE_BRANCH}" | ||
else | ||
git checkout -b "${RELEASE_BRANCH}" | ||
git push origin "${RELEASE_BRANCH}" | ||
echo "Created branch ${RELEASE_BRANCH}" | ||
fi | ||
- name: Validate tag does not already exist | ||
run: | | ||
if [[ -n "$(git tag -l "${RELEASE_VERSION}")" ]]; then | ||
echo "Tag ${RELEASE_VERSION} already exists, exiting" | ||
exit 1 | ||
fi | ||
- name: Create Release Tag | ||
run: | | ||
git config user.name "${GITHUB_ACTOR}" | ||
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | ||
git tag -a ${RELEASE_VERSION} -m ${RELEASE_VERSION} | ||
git tag apis/${RELEASE_VERSION} | ||
git tag test/${RELEASE_VERSION} | ||
git tag pkg/hardwareutils/${RELEASE_VERSION} | ||
git push origin ${RELEASE_VERSION} | ||
git push origin apis/${RELEASE_VERSION} | ||
git push origin test/${RELEASE_VERSION} | ||
git push origin pkg/hardwareutils/${RELEASE_VERSION} | ||
echo "Created tags ${RELEASE_VERSION}, apis/${RELEASE_VERSION}, pkg/hardwareutils/${RELEASE_VERSION}, and test/${RELEASE_VERSION}" | ||
release: | ||
name: create draft release | ||
runs-on: ubuntu-latest | ||
needs: push_release_tags | ||
permissions: | ||
contents: write | ||
steps: | ||
- name: Set env | ||
run: echo "RELEASE_TAG=${RELEASE_TAG}" >> ${GITHUB_ENV} | ||
env: | ||
RELEASE_TAG: ${{needs.push_release_tags.outputs.release_tag}} | ||
- name: checkout code | ||
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
with: | ||
fetch-depth: 0 | ||
- name: Install go | ||
ref: ${{ env.RELEASE_TAG }} | ||
- name: Calculate go version | ||
run: echo "go_version=$(make go-version)" >> ${GITHUB_ENV} | ||
- name: Set up Go | ||
uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 | ||
with: | ||
go-version: '1.22' | ||
- name: Generate release notes | ||
go-version: ${{ env.go_version }} | ||
- name: generate release artifacts | ||
run: | | ||
make release-notes | ||
make release | ||
- name: get release notes | ||
run: | | ||
curl -L "https://raw.githubusercontent.com/${{ github.repository }}/main/releasenotes/${{ env.RELEASE_TAG }}.md" \ | ||
-o "${{ env.RELEASE_TAG }}.md" | ||
- name: Release | ||
uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 | ||
with: | ||
draft: true | ||
files: out/* | ||
body_path: releasenotes/${{ env.RELEASE_TAG }}.md | ||
body_path: ${{ env.RELEASE_TAG }}.md | ||
tag_name: ${{ env.RELEASE_TAG }} | ||
build_bmo: | ||
permissions: | ||
contents: read | ||
needs: push_release_tags | ||
name: Build BMO container image | ||
if: github.repository == 'metal3-io/baremetal-operator' | ||
uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main | ||
with: | ||
image-name: 'baremetal-operator' | ||
pushImage: true | ||
secrets: | ||
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} | ||
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} | ||
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | ||
build_keepalived: | ||
permissions: | ||
contents: read | ||
needs: push_release_tags | ||
name: Build keepalived container image | ||
if: github.repository == 'metal3-io/baremetal-operator' | ||
uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main | ||
with: | ||
image-name: 'keepalived' | ||
dockerfile-directory: resources/keepalived-docker | ||
pushImage: true | ||
ref: ${{ needs.push_release_tags.outputs.release_tag }} | ||
secrets: | ||
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} | ||
QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} | ||
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -56,6 +56,3 @@ config/overlays/temp | |
.devcontainer | ||
# Python venv | ||
.venv | ||
|
||
# release-notes | ||
/releasenotes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -48,73 +48,66 @@ BMO uses [semantic versioning](https://semver.org). | |
|
||
Clone the repository: `git clone [email protected]:metal3-io/baremetal-operator` | ||
|
||
or if using existing repository, verify your intended remote is set to | ||
`metal3-io`: `git remote -v`. For this document, we assume it is `origin`. | ||
|
||
- If creating a new minor branch, identify the commit you wish to create the | ||
branch from, and create a branch `release-0.x`: | ||
`git checkout <sha> -b release-0.x` and push it to remote: | ||
`git push origin release-0.x` to create it | ||
- If creating a new patch release, use existing branch `release-0.x`: | ||
`git checkout origin/release-0.x` | ||
|
||
### Tags | ||
|
||
First we create a primary release tag, that triggers release note creation and | ||
image building processes. | ||
|
||
- Create a signed, annotated tag with: `git tag -s -a v0.x.y -m v0.x.y` | ||
- Push the tags to the GitHub repository: `git push origin v0.x.y` | ||
|
||
This triggers two things: | ||
|
||
- GitHub action workflow for automated release process creates a draft release | ||
in GitHub repository with correct content, comparing the pushed tag to | ||
previous tag. Running actions are visible on the | ||
[Actions](https://github.com/metal3-io/baremetal-operator/actions) | ||
page, and draft release will be visible on top of the | ||
[Releases](https://github.com/metal3-io/baremetal-operator/releases) | ||
page. | ||
- GH action `build-images-action` starts building release image with the release | ||
tag in Jenkins, and it gets pushed to Quay. Make sure the release tag is | ||
visible in | ||
[Quay tags page](https://quay.io/repository/metal3-io/baremetal-operator?tab=tags). | ||
If the release tag build is not visible, check if the action has failed and | ||
retrigger as necessary. Also | ||
[keepalived](https://quay.io/repository/metal3-io/keepalived?tab=tags) is | ||
built and tagged. | ||
|
||
We also need to create one or more tags for the Go modules ecosystem: | ||
|
||
- For any subdirectory with `go.mod` in it (excluding `hack/tools`), create | ||
another Git tag with directory prefix, ie. `git tag apis/v0.x.y`, | ||
`git tag test/v0.x.y` and `git tag pkg/hardwareutils/v0.x.y`. This enables the | ||
tags to be used as a Gomodule version for any downstream users. **NOTE**: Do | ||
not create annotated tags (`-a`, or implicitly via `-m` or `-s`) for Go | ||
modules. Release notes expects only the main tag to be annotated, otherwise it | ||
might create incorrect release notes. | ||
|
||
### Release notes | ||
|
||
Next step is to clean up the release note manually. Release note has been | ||
generated by the `release` action, do not click the `Generate release notes` | ||
button. In case there is issue with release action, you may rerun it via | ||
`Actions` tab, or you can `make release-notes` to get a markdown file with | ||
the release content to be inserted. | ||
|
||
- If release is not a beta or release candidate, check for duplicates, reverts, | ||
and incorrect classifications of PRs, and whatever release creation tagged to | ||
be manually checked. | ||
or if using existing repository, make sure origin is set to the fork and | ||
upstream is set to `metal3-io`. Verify if your remote is set properly or not | ||
by using following command `git remote -v`. | ||
|
||
- Fetch the remote (`metal3-io`): `git fetch upstream` | ||
This makes sure that all the tags are accessible. | ||
|
||
### Creating Release Notes | ||
|
||
- Switch to the main branch: `git checkout main` | ||
|
||
- Create a new branch for the release notes**: | ||
`git checkout -b release-notes-1.x.x origin/main` | ||
|
||
- Generate the release notes: `RELEASE_TAG=v1.x.x make release-notes` | ||
- Replace `v1.x.x` with the new release tag you're creating. | ||
- This command generates the release notes here | ||
`releasenotes/<RELEASE_TAG>.md` . | ||
|
||
- Next step is to clean up the release note manually. | ||
- If release is not a beta or release candidate, check for duplicates, | ||
reverts, and incorrect classifications of PRs, and whatever release | ||
creation tagged to be manually checked. | ||
- For any superseded PRs (like same dependency uplifted multiple times, or | ||
commit revertions) that provide no value to the release, move them to | ||
commit reversions) that provide no value to the release, move them to | ||
Superseded section. This way the changes are acknowledged to be part of the | ||
release, but not overwhelming the important changes contained by the | ||
release. | ||
- If the release you're making is not a new major release, new minor release, | ||
or a new patch release from the latest release branch, uncheck the box for | ||
latest release. | ||
- If it is a release candidate (RC) or a beta release, tick pre-release box. | ||
- Save the release note as a draft, and have others review it. | ||
|
||
- Commit your changes, push the new branch and create a pull request: | ||
IMPORTANT_NOTE: | ||
- The commit and PR title should be 🚀 Release v1.x.y: | ||
-`git commit -S -s -m ":rocket: Release v1.x.x"` | ||
-`git push -u origin release-notes-1.x.x` | ||
- Important! The commit should only contain the release notes file, nothing | ||
else, otherwise automation will not work. | ||
|
||
- Ask maintainers and release team members to review your pull request. | ||
|
||
Once PR is merged following Github actions are triggered: | ||
|
||
- Github action `Create Release` runs following jobs: | ||
- Github job `push_release_tags` will create and push the tags. This action | ||
will also create release branch if its missing and release is `rc` or | ||
minor. | ||
- Github job `create draft release` creates draft release. Don't publish the | ||
release until release tag is visible in. Runningactions are visible on the | ||
[Actions](https://github.com/metal3-io/ip-address-manager/actions) | ||
page, and draft release will be visible on top of the | ||
[Releases](https://github.com/metal3-io/ip-address-manager/releases). If | ||
the release you're making is not a new major release, new minor release, | ||
or a new patch release from the latest release branch, uncheck the box for | ||
latest release. If it is a release candidate (RC) or a beta release, | ||
tick pre-release box. | ||
- Github action `build-images-action` is triggered once tags are pushed from | ||
above action. This action builds release image with the release tag in | ||
Jenkins, and it gets pushed to Quay. Make sure the release tag is visible in | ||
[Quay tags page](https://quay.io/repository/metal3-io/ip-address-manager?tab=tags). | ||
If the release tag build is not visible, check if the action has failed and | ||
retrigger as necessary. | ||
|
||
### Release artifacts | ||
|
||
|